Anti-Phishing Report 2023

29.01.2024 - Last year, the NCSC received and analysed around 554,000 phishing reports. Of those, 10,007 websites were ultimately identified as phishing websites and the website operators informed. In the Anti-Phishing Report published today, the NCSC provides insight into that analysis and information on the most frequently misused brand names and domains. It also sets out the most important measures and recommendations to protect against phishing.

The NCSC accepts phishing reports via various channels: via the antiphishing.ch platform, where phishing websites or emails with phishing links can be reported, or, if the person submitting the report would like a response, via the reporting form at https://www.report.ncsc.admin.ch.

Attackers use phishing to try to obtain sensitive data such as credentials for emails, online banking, social media accounts or even credit card information.

In 2023, the NCSC received a total of 544,367 reports via the ‘antiphishing.ch’ platform. In addition, 9395 phishing reports were received via the reporting form in the same period.

As phishing websites are often reported to the NCSC more than once, they are first automatically pre-processed to remove duplicates. After this clean-up, 10,007 websites were ultimately identified as phishing websites last year. This corresponds to an increase of 10% compared to the previous year (2022). The NCSC informs website operators so that they can take the necessary measures as quickly as possible. In addition, it proactively shares information on active phishing websites with partners in Switzerland and abroad, including web browser and spam filter companies.

The phishing websites identified in 2023 misused 260 different brand names, of which 61.1% were Swiss brands and 33.1% were foreign brands. 5.8% of the phishing websites did not impersonate any particular brand.

Together with foreign providers, phishing websites that misuse the brand names of well-known letter and parcel delivery companies account for over 40%. At 21%, Swiss Post brand was the brand most misused by cybercriminals for phishing attacks in 2023.

A large number of phishing websites are operated on foreign top-level domains (TLDs). Almost half of all identified phishing websites were operated on the TLDs .com and .net.

Over the last year, the NCSC noticed an increase in 'smishing'. Unlike conventional phishing, this type of fraud uses SMS – or its successor RCS, now used by many messenger services. Last year, the brand names of letter and parcel courier companies were most frequently mis-used to lure recipients to a phishing website, which then tries to solicit credit card details from them.