03.07.2025 - The National Cyber Security Centre (NCSC) is currently observing a wave of malicious ads on well-known search engines that lead users to phishing websites. On these phishing websites, scammers attempt to gain access to the login details of potential victims using a fake e-banking portal that looks like the real one.
Once the victim has disclosed their login details, the fraudsters use "real-time phishing" to intercept and then use the second factor required to log in to the e-banking system. NCSC is aware of several cases in which the fraudsters were able to issue fraudulent payments via e-banking because the victim disclosed their credentials on the fake site.
The NCSC has observed that the fraudsters use fake e-banking pages in the name of cantonal banks. The following example shows a search on Microsoft Bing for the e-banking service of Luzerner Kantonalbank (LUKB):
If the victim clicks on the malicious advertisement, they are taken to a website operated by the fraudsters. The domain name often ends in “.app”, “.digital” or “.help”:
Recommendations
- When accessing your e-banking, do not rely on search engine results. Instead, use your web browser's bookmarks or enter the web address of your e-banking manually in the address field.
- Be careful when clicking on advertisements on search engines.
- Your bank will never ask you for a copy of your e-banking activation letter. This letter is personal. Do not pass it on under any circumstances, even if you are asked for a copy by the bank. If in doubt, contact your customer advisor or the bank.
- Contact your bank immediately if you notice any suspicious behavior in your e-banking (display of a timer or hourglass) or suspicious payments.
- Report suspicious websites to the NCSC at https://antiphishing.ch.
Last modification 03.07.2025
