Week 36: Record number of reports received by the NCSC and fraudsters discover the payment app TWINT

13.09.2022 - Last week, the NCSC received 954 reports, which was the highest number received in a single week since the NCSC was created. This was caused by a large-scale wave of fake extortion attempts launched by fraudsters on Thursday afternoon. By the end of the week, more than 400 reports concerning fake threatening emails supposedly from the police had been processed. In addition, there were many reports about the payment app TWINT. This popular app was not on fraudsters' radars for a long time. In recent weeks, however, the NCSC has received a growing number of reports regarding scams carried out via TWINT. One particularly brazen attempt involves a fake webshop with the sole aim of triggering fraudulent TWINT payments.

TWINT is a simple payment method for fraudsters too

The possibility of making cashless payments with the payment app TWINT is becoming increasingly popular in Switzerland. It is now possible not only to transfer money quickly by mobile phone or to pay in farm shops, but also to use the app for online purchases. The TWINT payment system, originally intended as a cash substitute for small amounts, can now be used like a credit card for paying large amounts too. Since this payment app is widely used solely in Switzerland, fraudsters' interest was limited for a long time. But this has now changed, as they have discovered TWINT also for their own purposes.

In recent weeks, the NCSC has been receiving a growing number of reports concerning online fraud in which the fraudsters were paid via TWINT. For example, fraudsters are increasingly using TWINT on classified ads platforms to obtain money from buyers, without providing the promised goods or services in return.

The fraudsters went even further in one of the cases reported. Following the registration of a domain with TWINT in its name at the end of August, a supposed webshop went online at this address at the beginning of September. This webshop allegedly offered iPhone 13 smartphones and bicycles. Furthermore, a large discount (up to 40%) was promised if TWINT was the chosen payment method.

French seemed to be the original language of the website, and some content was not translated. The fantastic discounts are outlined in red.
French seemed to be the original language of the website, and some content was not translated. The fantastic discounts are outlined in red.

Interestingly, the payment process does not start automatically after placing the order; instead, the buyer has 2 hours to pay the amount due. A chat function ensures that users receive the appropriate support when paying with TWINT and thus also transfer the money.

The chat function ensures that TWINT payments can be made correctly
The chat function ensures that TWINT payments can be made correctly

It would appear that the profits hoped for with this scam are so high that it is even worthwhile for the fraudsters to interact individually with potential victims via the chat function.

This case is a perfect example of how new technologies are discovered by criminals and exploited for fraud attempts despite the fact that they are widely used only in a small geographical area.

The simplification of payment transactions using such payment apps also means that it takes longer to detect and correct a wrong click or a small mistake like a shifted decimal point or number mix-up.

  • Be vigilant every time you make a payment and check your details before you initiate the payment.
  • Set limits for all payment methods based on your budget and the security level of the payment method in question. This is especially true for payment methods that you use online (via the internet) or for contactless payments.
  • Use two-step approval for payments if this is available.
  • If possible, use different payment methods online and offline, e.g. different credit cards with a low limit for online use.
  • Use a secure payment method of your choice for payments that exceed a limit in line with your budget.
  • Be careful when interacting with unknown people on online platforms.
  • Only commercial traders who are officially registered with TWINT offer a QR code and only these QR codes are accepted for payment with TWINT. Therefore, exercise caution if a private individual proposes payment via QR code.
  • Do not allow yourself to be put under pressure.

Last modification 13.09.2022

Top of page