06.05.2025 - Criminals use voice phishing to steal money and sensitive information. They call people pretending to be from well-known institutions such as banks, PayPal, TWINT or crypto exchanges. Many such cases continue to be reported to the National Cyber Security Centre (NCSC).
Voice phishing, also known as vishing, is a form of social engineering. Scammers use the telephone to trick their victims into revealing personal details or financial information.
How does the scam work?
Scams vary, but most aim to create a sense of urgency and fear. Scam callers often claim that:
- there is a security issue with your account;
- they are investigating a suspicious transaction;
- a suspicious charge has been made to your account;
- an alleged buyer has sent you too much money;
- there has been a problem verifying your account;
- a new security procedure is being set up.
Scams involving crypto exchanges are similar. For example, scammers may claim that there are irregularities with your crypto assets and that your account needs to be verified, or that security updates are pending.
Scammers may try to trick you into installing remote maintenance software or confirming transactions. They do this in order to gain access to personal data, login credentials, credit card or bank account details, private keys, seed phrases used in crypto wallets, or even direct control of funds or crypto assets.
How can you tell it’s voice phishing?
- Signs you might be the target of a voice phishing scam:
- You receive an unsolicited call.
- The caller urges you to act immediately, leaving you no time to think or check anything.
- You are asked to provide sensitive information. Legitimate organisations such as banks, PayPal or TWINT will never ask for your password, full credit card number including security code or PIN over the phone.
- In many cases, the caller will insist that you download remote access software and give them access to your computer or mobile phone.
- You should also be suspicious of unknown or withheld numbers.
Voice phishing also via email and text messages
Even though it may be unexpected, voice phishing attempts are increasingly starting with a text message or an email. The message typically claims that you have made a payment or that a charge has been made in your name. A common example is a fake notification of a withdrawal supposedly from TWINT. The message then states that if you disagree with the charge, you can cancel it – but only if you act quickly. The message includes a phone number for a supposed helpline. In reality, this number connects directly to the scammers, and what follows is a typical voice phishing attempt like the one described above. The aim is to unsettle you and pressure you into reacting impulsively.
Recommendations
- End the call immediately if anything seems strange, if the caller is pressuring you or asking for sensitive information. Do not get involved in lengthy discussions.
- Never give out sensitive information such as passwords, PINs, full credit card details, verification codes (CVV/CVC) or confirmation codes (SMS TANs, app authorisations) over the phone. Your bank, PayPal, TWINT or other reputable financial institutions will never contact you unexpectedly by phone, email or text message and ask you to disclose such sensitive information.
- Don’t share any other information. Scammers often start by calling to ask which bank you use and how much money you have in your account. Later, they call again – this time pretending to be from your bank, for example – and use the details you gave them earlier to make their story more convincing.
- Don’t install any software or apps, and never grant remote access to your computer or smartphone – no matter what the caller claims, even if they say they’re from support.
- Don’t click on links or open attachments if they’re sent in connection with a suspicious call, or appear in a suspicious email or text message.
- Be wary of calls that put pressure on you, threaten consequences (such as freezing your account) or make unrealistic offers.
- If you’re unsure whether a request is genuine, hang up. Then contact call your bank, PayPal or TWINT using the official number (on their website or in your records), or log in to the official website or app to check for messages or transactions. Never use contact details or links from a suspicious caller.
- Enable two-factor authentication (2FA) for online accounts wherever possible.
Current statistics
Last week's reports by category:
Last modification 06.05.2025
