16.01.2025 - Last year, the NCSC received a total of 975,309 reports of phishing. Based on these reports, 20,872 were identified as actual phishing websites. This represents an increase of 108% compared to the previous year, in which a total of 10,007 phishing websites were identified. The latest anti-phishing report explains how the NCSC handles phishing reports, the figures that characterised 2024, and the types of phishing that were common last year. The report also contains recommendations on how to protect yourself against phishing.
Phishing attacks are aimed at capturing sensitive data such as login details and credit card information. To help identify phishing attempts, suspected phishing websites and emails can be reported to the NCSC. This can be done through various channels: via the platform antiphishing.ch or the email address reports@antiphishing.ch, or via the following online notification form if a response is required: https://www.report.ncsc.admin.ch
20,872 phishing websites identified
In 2024, a total of 975,309 reports were submitted to the antiphishing.ch platform. This is an increase of 79% compared to the previous year. The reports received are pre-checked by an automated machine and then assessed by analysts. In the case of confirmed phishing websites, a complaint about misuse is sent to web hosting providers and domain owners. Last year, 20,872 phishing websites were identified, which corresponds to an increase of 108%. March saw the highest number of phishing websites identified in 2024 (2,215 phishing websites), while July saw the highest number of suspicious activity reports submitted to the NCSC (235,310 reports).
338 brand names misused for phishing
Around 98% of the reports came from the general public and SMEs. One per cent of the reports came from operators of critical infrastructure or from the NCSC itself. A total of 338 different brand names were misused by phishing websites. Of the phishing websites reported, 63.9% misused Swiss brand names and 31.1% misused names of foreign brands. While the Swiss Post brand was still the focus of cybercriminals in 2023, the Alliance SwissPass brand name was the most frequently misused last year. Cybercriminals often used hacked websites or registered their own domain names. A significant number of these phishing websites were hosted on Cloudflare, which caches content and conceals the actual server.
Fake fine portals and OASI refunds
In 2024, two other types of phishing were particularly prevalent. Firstly, cybercriminals exploited the credibility of digital government portals to obtain credit card data. One particularly prominent example was Lucerne police's fake fines portal; the NCSC was notified of 30 phishing websites that were imitating this portal. Secondly, public awareness of the Old Age and Survivors’ Insurance (OASI) compensation office was misused for phishing. Cybercriminals registered fake domain names that created the impression of being the official OASI website, attempting to obtain credit card details under the pretext of refunding a CHF 370.72 contribution.
Last modification 16.01.2025
