Wölfe im Schafspelz: Wie du Phishing-Betrüger entlarvst

Wolves in sheep’s clothing: how to identify phishing scammers

Scam e-mails are not just annoying. In the worst-case scenario, they can cause serious damage. Follow these tips to stay protected.

The term ‘phishing’ is a combination of the words ‘password’ and ‘fishing’. Which is precisely what it is: like fishermen, scammers throw out bait in the hope that someone will bite. The aim is to steal passwords, logins and sensitive information. They can blackmail you, empty your bank account, shop at your expense or misuse your identity – in the worst case, to commit crimes.

Bogus e-mails are the most common phishing method. So as not to attract attention, these are typically disguised as messages from well-known, trusted sources, such as Swiss Post, Migros, Swisscom or news portals, online retailers, insurance companies or banks. There are few well-known companies that have not been imitated for scamming attempts.

At swisscom.ch/status you will find current phishing cases that we are aware of.

How to recognise phishing e-mails:

  • Company logo is not quite right (incorrect proportions, colours or font)
  • Impersonal or unusual salutation (“Good afternoon, Mr Markus”)
  • Unexpected content (e.g. reference to an order you never made)
  • Message is poorly written and/or contains spelling mistakes
  • Urgent action is requested (“Your contract is about to expire!” / “Your domain will be deleted!” / “Your parcel must be released!”)
  • Invoice/order/reference numbers are fictitious or missing altogether
  • Top tip: take a close look at the sender’s e-mail address. Is it long, cryptic and complicated before and/or after the @ sign? If so, then everything points to a scam.

Trustworthy companies or institutions never request sensitive information or personal data by sms or e-mail. Swisscom does not do that either. In case of doubt, contact the company that appears to have sent the message.

  • Always ignore/delete suspicious e-mails.
  • Never click on any links or buttons, and never open e-mail attachments.
  • Report all phishing attempts to the National Cybersecurity Centre (NCSC).

Useful links

Show original language (German)
Illustration of a man with a laptop

It should be noted, however, that some phishing emails are written in perfect German.

The fraudsters learn.

In rare cases, such an email even comes with the correct salutation.

However, this usually means that the information was stolen from a database, not just fished out.

For example, if you create an extra email address for each online shop, you can easily detect the data leak. In this case, contact the online shop in question and report your suspicions - to do this, change the email address for this online shop.

From my own experience - I was a customer:

[https://www.itmagazine.ch/artikel/66191/Gestohlene\_70000\_Logins\_stammen\_von\_DVD-Shop\_ch.html](https://www.itmagazine.ch/artikel/66191/Gestohlene_70000_Logins_stammen_von_DVD- Shop_ch.html)

They didn’t take my information seriously - even the changed email address received phishing emails with the correct salutation. So goodbye and goodbye.

There was then a second incident: However, that online shop took my advice seriously and fixed the data leak - so far there has been zero spam for the changed email address.

Most of the time, fraudsters use hacked email accounts to send those emails.

It should be noted that anyone who logs into a fake website to check their emails must expect that it will be blocked due to sending phishing emails.

Locking out the user by changing the password only happens in the rarest of cases, as the user then notices it and then has their email account reset - then becomes worthless for the fraudsters.

Then those fake websites are often hosted on hacked websites.

Here too, anyone who logs in to a fake website to have a domain “extended” must expect that fraudsters will then gain access and create a subdomain with a fake website from another web host. Or upload malware that recipients of such phishing emails should install.

Anyone who enters credit card details on a fake website must expect that it will end up on the dark web and be sold there.

The buyer of that data then uses it to make purchases until the user notices and has the credit card blocked.

Such emails ask you to log in to a fake website.

These are often subdomains, e.g.

swissonline.fakewebsite.xy

Or in rare cases, fraudsters register a domain with slightly different information, e.g.

suisseonline.ch

Glotzologist

Show original language (German)

@Glotzologe wrote:

For example, if you create an extra email address for each online shop, you can easily detect the data leak. In this case, contact the online shop in question and report your suspicions - to do this, change the email address for this online shop.

That’s exactly why I have my own domain with an unlimited number of alias addresses. This means I can use a different address everywhere and forward it to a collective address.

If a company falls victim to data theft, the new alias address can be set up with just a few clicks, changed at the company and the old alias deleted, making it worthless to the thieves.

If my bank suddenly writes to me at the alias address that I use at Digitec, I immediately know without even reading the email that aha, phishing.

Since I did that and stopped using Gmail, Hotmail and Yahoo, the spam has been at 0. I have no idea when I last had a spam email. That must have been years ago.

Show original language (German)

Thanks @LeaH and @CorinaS for these valuable safety tips!

This post is in English

“On apprend parfois plus d'une défaite que d'une victoire” — José Raúl Capablanca

16 days later

Unfortunately, the entire sender address can never be seen on the iPhone. That’s why I always look at suspicious emails on the iMac. And then it becomes clear very quickly whether it is spam.

Show original language (German)

Hello @Thiontegiott71, @Lielichie24, @Zeuruffug35, @Mauschioflap28,

As is customary on social networks and forums, and after carrying out a survey of our users, we use familiarity on these channels.

To inform users, we report it on our Netiquette for social networks and in Community Rules Swisscom where you you find.

If you would like to be included in the responses you receive on these channels, simply indicate so 😊.

Have a nice day

Show original language (French)

On the phone I only answer questions that come from friends. Anything that is somewhat suspicious will be deleted immediately. I do the same on the PC at home. There are too many idiots on the internet today.

Show original language (German)

Spammers and phishers are very grateful when an action takes place in response to their emails, such as reading emails. This action can be tracked without much effort and increases the commercial value of an email address enormously (“Aha, a managed and therefore confirmed address!”).

Therefore, my urgent request to the Swisscom Bluewin Webmail team:

The sender’s email address can only be viewed once the email is at least displayed in the preview window. Now you can move the pointer over the displayed blah sender name and the actual sender address will be displayed.

But just viewing the email in the preview window generates a read confirmation for the tracker. This should definitely be changed by moving over the sender’s blah name in the inbox list view and seeing the email address behind it, so you don’t have to send a read confirmation.

Greetings

Allyouneed_isIT

Show original language (German)

Your explanations and comments are very insightful.

It has happened several times to receive such E-Mail messages.

Without a shadow of hesitation, I automatically relied on my Bitdefender 2023 program.

The latter informing me that I should definitely not open the attached file, or even “click” on a proposed window.

Your advice allows me to understand even better what world of scams we live in!…

Thank you again for emphasizing through your comments…how careful we must be.

Kind regards

Show original language (French)