Phishing attacks have been on the increase for years and scams are becoming ever more devious. The perpetrators often send fake messages in the name of well-known senders such as Swiss Post, banks or SBB. Card Security spoke to Michael Gerber, Senior System Architect at SBB, on the topic of phishing. Read the interview to see what the company is doing to combat the attacks and what might be the reasons for the increase.
30.11.2023 –Phishing e-mails are repeatedly circulating in the name of the railway company SBB. What actions are you taking to warn SBB customers about such messages?
We active promote awareness of our customers on the topic of phishing. We have set up a dedicated information page on SwissPass.ch, the industry portal for the SwissPass Alliance(www.swisspass.ch/phishing); for instance in the October 2023 newsletter we explicitly drew our customers' attention to this. You can also find useful tips at www.sbb.ch/phishing. We also use our social media channels to raise awareness amongst customers. The background to these ongoing educational initiatives is the increase in phishing attempts in recent months, where hackers have sent e-mails ostensibly from the SwissPass or SBB brand.
Have phishing attacks increased recently? If so what do you think are the reasons for this?
The opportunities for phishing attacks have increased as digitalisation and the use of online services have also increased. Cyber criminals often adapt their techniques to current trends, so as to maximise their chances of success. Attackers are constantly developing more sophisticated phishing techniques. Fraudsters use fake websites or malicious emails that appear very similar to the original emails and contain well-disguised malicious links in an attempt to obtain customer data such as passwords or credit card information. Cyber criminals capture customer data and make a financial profit from it.
Successful phishing attacks are often the consequence of human error. A lack of security awareness in organisations and amongst individuals can increase the chances that the phishing attack will be successful.
What are you doing to reduce such attacks?
In order to detect attacks as quickly as possible, we continuously analyse access to our systems. As soon as phishing activities are detected we take extensive measures to contain them, such as blocking the servers from which the attacks originate. Our top priority is always the protection of our customers' data.
swisspass.ch offers the option of two-factor authentication (2FA), so our customers can choose to activate an additional layer of security. This makes it more difficult for attackers to access accounts, even if they already have access data such as the password.
We are currently examining how we can offer customers even more solutions that are easy to use and resistant to phishing.
The ongoing awareness campaigns can also help to raise awareness of phishing attacks.
What advice do you have for cardholders to protect themselves against phishing attacks?
Carefully check the address from which the e-mail was sent. Be particularly suspicious if the email has come from an unknown sender or from a suspicious address. Be alert to spelling mistakes, unusual formatting, missing or generalised greetings. Unexpected requests such as credit card details for the alleged refund of tickets that you never bought are particularly suspicious.
If you are unsure whether an e-mail is legitimate or a phishing attempt: Never click directly on the link in the e-mail, instead type the website mentioned manually into the browser. Do not open any attachments from unknown sources unless you have checked the authenticity of the e-mail.
Activate two-factor authentication on swisspass.ch. This provides an additional layer of security and prevents the attacker accessing your account, even if they have obtained your password by breaking into other systems.
Check specialised websites such as www.haveibeenpwned.com to see if your access data are listed as stolen. If you find that is the case, change your access data immediately.
Report suspicious emails or fake websites to www.antiphishing.ch or via the National Cyber Security Centre (NCSC) reporting form www.report.ncsc.admin.ch.
See the police prevention platform: www.card-security.ch for further information on how to protect yourself against card fraud.
Read more News
Card fraudsters are maintaining their data collections
That might sound funny, but the reality is no joke. Fraudsters send out large numbers of messages… Read more
Attention: Google has a new design
At the beginning of March Google modified the design of its identification logo and is gradually… Read more
Card fraudsters are making use of ChatGPT & Co.
Artificial intelligence has already revolutionised our everyday lives in many areas. Card… Read more
Holiday time: Beware of phishing when making online bookings
Spring is here and many last-minute travellers are using online booking platforms to book a few… Read more