Security on the internet

Most fraud attempts involve criminals luring potential victims to what are known as phishing sites by sending them SMSs, letters and emails. The message invites them to follow a link or open a QR code. Clicking on the link takes you to a fraudulent website. Once you're there, the criminals will try to extract as much personal information as possible from you: name, date of birth, credit card number, expiry date, etc. They then use these data to steal money from their victims.

Tip: If you're not sure whether an email is a phishing message or not, don't click on the links and don't call the number. Check that the sender and email address displayed are correct (e.g. firstname.lastname@cic.ch rather than unusual combinations of numbers and characters like firstname.lastname@cic.xy3.ch). 

Here’s how to protect yourself:

• Don’t assume the name of the sender displayed is genuine – check that the email address is correct.

• Don’t click on links or open attachments.

• Look out for unusual sender addresses, spelling mistakes and logos.
• Only use secure websites, which start with https:// and have a padlock symbol.
• Always use 3-D secure for payments.
• Check requests for payment and match the recipient.
• Do not approve payment confirmations until the amount and retailer name have been verified.
• Remember: financial institutions never use email to notify clients about unusual account movements.
• Keep your browser and operating system up to date.

Tip: Bank CIC will never ask you for your e-banking access details by email or over the telephone.

The name of this method stands for voice phishing. Criminals ring you claiming to work for a bank, insurance company or IT firm and say a software update needs to be installed or a technical issue fixed. Victims are asked to disclose confidential information like e-banking access details or download programs from the internet.

Here’s how to protect yourself:

• Hang up on unsolicited calls like this at once. 

• Never rely on the name displayed on your device being correct.

• Never disclose confidential data like passwords or credit card details to another person.
• If you have a support query, always use the official phone numbers to contact the company, or if in doubt go into a branch.
• Never download programs if asked to do so by someone you do not know, even if they claim to work for a reputable firm.

Tip: Bank CIC will never ask you for your e-banking access details by email or over the telephone.

This is a type of fraud related to phishing. Users enter a correct website address and are surreptitiously diverted to a fake site, by means of a virus. As with phishing, victims are then asked to enter personal details and card information. Criminals can easily use this information to steal money. The fraud is called pharming because the criminals often operate entire server farms with fake websites.

Here’s how to protect yourself:

• Only use secure sites, which start with https:// and have a padlock symbol.

• Look out for unusual sender addresses, spelling mistakes and logos.

• When you have entered a website’s URL, check again to make sure you have not been diverted.

Carding is when criminals use stolen or fake card details to make purchases online or withdraw cash from an ATM. They target cards with very weak security systems or deliberately buy from online stores with weak security systems. The data are obtained illegally beforehand from phishing fraud, data protection breaches or skimming and sold on marketplaces, mostly on the dark web. Victims often don’t even notice the fraud until their money has already been stolen. It's quite common for the fraud to occur months after the theft of the data.

Here’s how to protect yourself:

• Only use cards with two-factor identification.

• Use strong passwords.

• Use secure websites when shopping online, i.e. those which start with https:// and have a padlock symbol.
• Only use online stores with the Trusted Shops label.
• Check the retailer’s General Terms and Conditions of Business.
• Keep your devices and software up to date.
• Never disclose personal data carelessly or to people you don't know.
• Avoid public wifi networks or use a VPN.
• Check the transactions on your account and report any suspicious transactions.

Fraudsters use pretexts and empty promises to entice victims into making advance payments. Scamming can take various forms: romance scams, investment scams, flatmate or holiday scams, employment scams and lottery scams.

Here’s how to protect yourself:

• Be wary of messages from senders you do not know.

• Messages in foreign languages or with spelling mistakes, impersonal forms of address and grandiose promises are particularly suspicious.

• Don't reply to suspicious emails – delete them at once.
• Never send money.
• Be cautious when someone contacts you on a dating site.

Account takeover is when criminals make purchases using the name of an unwitting victim and have the goods delivered to a different address. This is possible in many online stores because there are insufficient checks on the buyer’s identity. It is often enough just to provide a surname, first name and date of birth to place an order on account. Victims only notice the fraud when invoices and payment reminders come through their letterbox.

Here’s how to protect yourself:

• Only buy from retailers you can trust: Trusted Shops.

• Only pay on sites with SSL encryption, which start with https:// and have a padlock symbol.

• Quit making a payment if you notice anything unusual.
• Check your credit card bills.
• Report suspicious transactions immediately.
• Never disclose personal data carelessly or to people you do not know.
• Be very restrictive with the security settings on your social media accounts.
• Use a separate bank account for online shopping on sites like Facebook.
• Use strong passwords and activate two-factor authentication.
• Never disclose SMS codes to third parties.
• Check to see if telephone numbers or delivery addresses in your accounts have been changed.