By means of phishing, the criminals lure victims into providing their passwords and other personal information.
Phishing
Scammers use phishing to try to obtain confidential information, for example login credentials or credit card details. Scammers often pretend to be well-known companies. They ask victims to click on a link or scan a QR code that takes them not to the website they think they are going to, but to a website set up by the scammers. Do not click on the link.
Specific measures
Preventive measures
How the NCSC can help
Further Information
- Do not click on any links or download any attachments.
- If you provided credit card details, contact your credit card company immediately to have the card blocked.
- If you have entered your password, change it immediately wherever you use the same password. Use a different, strong password for each online service.
- In the case of an email password, you should also change all passwords for web services that are linked to this email account.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website.
- If you do not require a response, you can forward any phishing emails you receive directly to reports@antiphishing.ch or report phishing links at www.antiphishing.ch.
- If you would like to receive a response, you can report phishing attempts using the NCSC's online form
- Never share personal data such as passwords or credit card details on a website that you accessed by clicking on a link in an email or text message.
- You should always enable two-factor authentication (2FA) for services that offer it. This will increase the security of your data considerably.
- Remember that it is easy to fake email and SMS senders.
- Be sceptical of phone calls that threaten you with consequences (e.g. loss of money, criminal charges, account/card blocking).
- No bank or credit card company will ever send you an email asking you to change your password or verify your credit card details.
- The NCSC reports phishing sites to the relevant web hosting providers and registrar so that they can block the site or domain. The NCSC also informs providers of block lists. If it is a .ch or .swiss domain, the NCSC can have the website blocked directly.
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
You will find further information on our website:
Vishing
Another way of obtaining sensitive data is so-called vishing (short for voice phishing). Vishing uses verbal scams, usually over the phone, to trick people into doing things they believe are in their best interests.
For example, the callers may claim to be from the bank and say that something has gone wrong with a payment, that a payment has been made incorrectly or that they are asking you to make a payment. They may also claim that they need to update an online service, such as their e-banking, and then need to test the update.
The attackers often speak perfect Swiss German, which increases their credibility. Callers often falsify ('spoof') their phone number or call as an unknown number, making it difficult to block or trace their calls.
End such phone calls immediately.
Specific measures
Preventive measures
How the NCSC can help
Further Information
- End such phone calls immediately.
- If you provided credit card details, contact your credit card company immediately to have the card blocked.
- If you have entered your password, change it immediately wherever you use the same password. Use a different, strong password for each online service.
- In the case of an email password, you should also change all passwords for web services that are linked to this email account.
- If you have been tricked into installing remote access software, uninstall it immediately and change all passwords that you use on the device affected.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website.
- Never share personal information such as passwords or credit card details over the phone.
- You should always enable two-factor authentication (2FA) for services that offer it. This will increase the security of your data considerably.
- Be sceptical of phone calls that threaten you with consequences (e.g. loss of money, criminal charges, account/card blocking).
Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
You will find further information on our website:
Smishing
Data can also be stolen via text message. Smishing is a form of phishing, also known as SMS phishing, that uses convincing phishing SMS/text messages to trick potential victims into clicking on a link and sending personal information to the fraudster.
Scammers use phishing to try to obtain confidential information, for example login credentials or credit card details. Scammers often pretend to be well-known companies. The sender number that appears on the screen is usually faked so that the scam messages appear in the same message thread that already contains genuine messages from the company.
The victims are asked to click on a link that takes them not to the website they think they are going to, but to a website set up by the scammers. Do not click on the link and ignore such text messages.
Specific measures
Preventive measures
How the NCSC can help
Further Information
- Do not click on any links in the message.
- If you provided credit card details, contact your credit card company immediately to have the card blocked.
- If you have entered your password, change it immediately wherever you use the same password. Use a different, strong password for each online service.
- In the case of an email password, you should also change all passwords for web services that are linked to this email account.
- If you have suffered a financial loss, we recommend that you report it to the police. You can find your nearest police station on the Suisse ePolice website.
- If you do not require a response, you can forward any phishing emails you receive directly to reports@antiphishing.ch or report phishing links at www.antiphishing.ch.
- If you would like to receive a response, you can report phishing attempts using the NCSC's online form.
- Be wary of unsolicited text messages.
- Never share personal data such as passwords or credit card details on a website that you accessed by clicking on a link in an email or text message.
- You should always enable two-factor authentication (2FA) for services that offer it. This will increase the security of your data considerably.
- Remember that it is easy to fake email and SMS senders.
- Be sceptical of emails or text messages that threaten you with consequences (e.g. loss of money, criminal charges, account/card blocking).
- The NCSC reports phishing sites to the relevant web hosting providers and registrar so that they can block the site or domain. The NCSC also informs providers of block lists. If it is a .ch or .swiss domain, the NCSC can have the website blocked directly.
- Your report via the online form helps the NCSC identify trends. This makes it possible for the NCSC to raise public awareness in a targeted way.
You will find further information on our website:
Last modification 09.10.2025
