Week 48: Phishing impersonating SERAFE under the pretext of "residence verification"

Languages

Service navigation

Search

Navigation

Week 48: Phishing impersonating SERAFE under the pretext of "residence verification"

02.12.2025 - A current phishing campaign is misusing the name "SERAFE". Under the pretext of needing to "verify your current living situation", scammers are attempting to steal large amounts of personal information. In addition to data such as name, email address, date of birth and telephone number, scammers are also asking for AHV numbers, the date of any change of address and, ultimately, credit card details. This week's review explains why this specific combination of data is particularly useful to scammers and how you can protect yourself against them.

A phishing email is currently circulating in the name of the Swiss collection agency for the radio and television fee, SERAFE. Under the pretext of needing to verify the recipient's “current living situation”, scammers are attempting to obtain a wide range of information. Their aim is to harvest data in several stages, starting with AHV numbers and concluding with credit card details.

SERAFE not chosen at random

The fact that the scammers are misusing the name SERAFE is not a coincidence. It is a deliberate strategy. When scam emails are sent in the name of a company, their success rate usually depends on the recipient actually having a customer relationship with the company or authority, so the email therefore appears plausible. This is why scammers focus on companies or authorities with the widest possible reach. In Switzerland, every household must pay radio and television licence fees to SERAFE, which means that virtually every recipient feels that the email is genuine at first glance. A similar pattern can be seen in scams that misuse the name of the tax authorities. As all adults are liable for tax, it is highly likely that an email will reach an appropriate recipient. The rate of success is therefore almost 100 per cent.

Not just simple credit card phishing

In the current phishing scam, recipients are being asked via email to click on a link to 'confirm' their details. They are then asked to enter personal details on a fake website, including their telephone number, email address and date of birth.

Screenshot of the scam email.
Screenshot of the scam email.

In the next steps, recipients are asked for their AHV number and the 'date of any change of residence'. Only at the very end, after the recipient has already disclosed their identifying details, is credit card information requested. It is unusual for so much data to be requested and for the recipient not to be pressured into entering their credit card details straight away.

What the fraudulent website looks.
What the fraudulent website looks.

This raises the question of why the house moving date is being requested. It is entirely conceivable that this is merely being used as a diversionary tactic for credit card phishing. However, as reported in Weekly Review 43, scammers are increasingly obtaining data actively: through targeted information phishing, they trick people into voluntarily disclosing their personal data, which is then used for subsequent attacks. The moving date, for example, gives scammers the opportunity to launch coordinated follow-up attacks, for example, under the pretext of postal, banking or parcel services. The scammers then refer specifically to the home move and speculate that the recipients are going through a stressful period and will therefore be less attentive. As administrative problems or delays often occur during house moves, such emails appear particularly plausible. Scammers deliberately exploit this vulnerability to make their attempts at deception appear credible.

Credit card details are requested at the end.
Credit card details are requested at the end.

Recommendations

  • SERAFE will never ask you to verify your living situation, disclose your AHV number, or enter credit card details via email.
  • SERAFE receives all necessary data (e.g. when you move house) exclusively and automatically from your local commune's Residents Register Office. You never need to notify SERAFE separately of a change of address.
  •  Never enter personal data on websites that you have accessed via a link in an email.
  • SERAFE's official payment methods are eBill, direct debit and payment slip only.
  • Hover the mouse over the website link in the email (without clicking) to see the actual website address in preview mode.
  • Report suspicious emails to the NCSC.

What to do if you have already given your personal data

  • Contact your financial institution immediately and block your credit card. Check all transactions.
  • Report the incident to the cantonal police. This is essential in the event of identity theft and can often be done online. You can find your nearest police station on the Suisse ePolice website. Be prepared for follow-up attacks (i.e. calls, emails) that could use your stolen data (AHV number, date of house move)

Last modification 02.12.2025

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2025/wochenrueckblick_48.html