Week 45: Phishing targeting cryptocurrency investors

Languages

Service navigation

Search

Navigation

Week 45: Phishing targeting cryptocurrency investors

11.11.2025 - Fewer and fewer people are falling for mass phishing attempts, so scammers are constantly refining their tactics. Instead of sending out large numbers of identical emails, they now focus on current social and economic issues and adapt their scams accordingly. Their messages are more targeted and sophisticated, designed to appear credible to the specific people they want to reach.

Phishing campaigns that refer to official or trusted institutions, such as government authorities, banks or health insurers, tend to be especially effective. At first glance, such emails appear credible because they feature familiar logos, layouts and wording. The choice of topic is deliberate. Scammers focus on issues that official bodies might contact people about, such as cryptocurrency or changes to tax rules. As these subjects are complex, many people feel uncertain and are therefore more likely to follow any instructions they are given.

Last week, the NCSC received reports of two such scams.

Requests for information on cryptocurrency

In the first of the two reported scams, people received emails that appeared to be from the Canton of Zurich, asking them to update their information to comply with the new tax regulations on cryptocurrencies. As is typical of phishing attempts, the deadline given was extremely short. The email also threatened fines and legal action if the request was ignored.

Scam website claiming to be from the Canton of Zurich, requiring the declaration of cryptocurrencies.
Scam website claiming to be from the Canton of Zurich, requiring the declaration of cryptocurrencies.

The link in the email led to a website that was almost identical to the official website of the Canton of Zurich. After filling out the form, users were taken to a confirmation page informing them that their submission had been successful and that they would be contacted within a few days. They also had to confirm the application by email. In order to avoid arousing suspicion, victims were finally redirected to the official website of the Canton of Zurich. This was done to make them believe that everything was legitimate. At first glance, the requested data did not appear to be particularly sensitive. The phishing page asked for details such as address, date of birth, telephone number and IBAN – information that people are often asked to provide in many other legitimate situations.

The form asks for data such as telephone number, address, IBAN and date of birth.
The form asks for data such as telephone number, address, IBAN and date of birth.
After the data are submitted, a confirmation message appears.
After the data are submitted, a confirmation message appears.

The scammers cannot profit from this information immediately. As we explained in Weekly Review 43 two weeks ago, such data are likely to be used for follow-up scams. We assume that victims of this scam will later receive phone calls from scammers pretending to represent their bank. Armed with personal details such as the victim's date of birth and their bank name, the callers can sound convincing and gain their trust.

Emails targeting senior citizens

The second scam involved phishing emails that claimed to be from the Federal Tax Administration. These kinds of emails circulate regularly. In this instance, the emails referred to pension fund benefits, promising payouts and asking recipients to update their details.

What stands out in this case is the approach: the phishing emails specifically targeted senior citizens. The scammers tried to build trust by using personalised greetings; this makes you think that they know you. We have not yet been able to confirm whether the messages were sent exclusively to older people. However, even if the emails were distributed more widely and only a few reached the intended recipients, the targeted form of address is likely to have made the scam more effective.

Targeted phishing email aimed specifically at senior citizens
Targeted phishing email aimed specifically at senior citizens

Recommendations

Even when an email appears to come from a government agency, caution is advised. The same safety rules apply as for any other email:

  • Be especially careful if an email asks you to take any action, such as enter your password, credit card details or install software.
  • do not enter personal data on a form that you have opened via a link in an email or text message.
  • Look for suspicious signs: missing salutation, unofficial link (e.g. not admin.ch), missing language versions, etc.
  • If you are not sure, ask the relevant authorities.
  • Never enter sensitive data such as your credit card details or login data.
  • Report the phishing URL on http://www.antiphishing.ch. If you would like to receive a response to your report, please use the NCSC reporting form.
  • If you provided credit card details, contact your credit card company immediately to have the card blocked.
  • In the event of financial loss, the NCSC recommends filing a complaint with the police. You can find your nearest police station and its phone number on the Suisse ePolice website (available in German, French and Italian).

Last modification 11.11.2025

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2025/wochenrueckblick_45.html