How to recognise
scams!

Types of fraud

Since the Coronavirus pandemic, card transactions have increased massively. This attracts fraudsters who try to steal money from their victims with constantly evolving scams. We present the most common ones. Further information on important terms related to card fraud or on current fraud issues can be found in the glossary.

Phishing

Pharming

Carding

Scamming

Account Takeover

Stolen or lost card

Card or PIN interception

1. Phishing

In most fraud attempts, potential victims are lured to so-called phishing sites. To do this, scammers send text messages or emails to their victims, who are asked to follow a link in the message. Clicking on the link takes you to a fake page. There, the fraudsters try to obtain as much personal information as possible, including: Name, date of birth, credit card number, expiry date. With this data, the perpetrators are later able to steal victims’ money.

Of course I know what phishing is!

Video: What is Phishing?

Was tut die Polizei gegen Kartenbetrug?

One and the same scam

Phishing attacks often differ in terms of presentation and tone. However, the principle behind them is always the same. Three affected people report on what happened to them.

Tip

If you are unsure whether a message is phishing, check the sender’s email address.

Sarah M.

Sarah M. fell for a tempting offer while shopping online and, in her excitement, did not check the trustworthiness of the trader. She sent the details and security numbers of her card, opening the door to fraudsters. The ordered goods never arrived – but the money was gone.

The “Trusted Shops” certificate helps consumers to distinguish trustworthy online retailers from dubious providers.

Sabina R.

Sabina R. supposedly received an email from her bank. In it, she is asked to provide personal card information under false pretences. She did so right away. This made it easy for the fraudsters to withdraw money from Sabrina’s account without her noticing.

So, remember this: Your financial institution or card issuer will never ask you to disclose your card information via email. In this case, it is a phishing email.

David L.

David L. has wanted this particular watch for a very long time and has finally found an attractive offer. He does not know the supplier and during the purchase process he also had a strange feeling: Something was not right. But the price was too tempting. So he completed the purchase anyway. The money was gone, but the goods never arrived.

Therefore, make sure you are on secure websites. You can recognise this by the URL abbreviation “https”. If there are any irregularities, you should stop the purchase process immediately.

What can I do?

Do not click on links or open attachments.
Pay attention to atypical sender addresses, spelling mistakes and logos.
Only visit trustworthy websites (https://).
Check the trader's general terms and conditions.
Always use 3-D Secure for payments
Check payment requests with the payee.
Do not release payment confirmations until the amount and retailer name have been verified.
Always remember: financial institutions never tell you about unusual account developments via email.
Keep your web browser and operating system up-to-date.

2. Pharming

This type of fraud is related to phishing. Users enter a correct web address but fail to notice they have been redirected to a fake page. This is achieved with the help of a virus or a Trojan horse. As with phishing, victims are then asked to enter personal data and card information. Once they have this information, the way is open for the fraudsters to steal money without any problems. The type of fraud is called "pharming" because the fraudsters often operate entire server farms with fake websites in the background.

Of course I know what pharming is!

What can I do?

Access only secure pages that begin with https://.
Watch out for untypical sender addresses, spelling mistakes and dodgy logos.
After you input the website (URL), check the web address again. Has access been diverted?

3. Carding

In carding, perpetrators use stolen or falsified card information to make online purchases or withdraw money from ATMs. When doing this they deliberately target cards with very weak security systems or they deliberately buy from online shops with weak security systems. The data were collected illegally beforehand through phishing fraud, data protection violations or skimming, and were sold on carding forums, mostly on the dark net. Victims often find out about the fraud only once the money has already been stolen from them. Months can often pass between the time the data were stolen and the actual fraud is committed.

Of course I know what carding is!

What can I do?

Use only cards with two-factor authentication
Use strong passwords
Use secure websites for online purchases (https://)
Only use online shops that have the "Trusted Shops" label
Check the trader's general terms and conditions
Keep your devices and software up to date at all times
Never give out personal data lightly or to strangers.
Avoid public Wi-Fi networks, or use a VPN connection to secure your transactions
Check movements on your account, and report any suspicious transactions

Scamming

In scamming, fraudsters try to lure their victims with particularly tempting offers: great romance, fast money, or the dream job. In essence, however, these advances are all aimed simply at one thing - taking money out of the victims' pockets. The scammers use pretexts and empty promises to get their victims to make advance payments. This fraudulent scam appears in various forms: Fraud with fake love (Romance Scam), fraud with false promises of money (Investment Scam), fraud with flat offers (Flatmate or Holiday Scam), fraud with the dream job (Employment Scam) or promises of lottery winnings (Lottery Scam).

Of course I know what scamming is!

What can I do?

Distrust messages from unknown senders
Foreign language messages or messages with spelling mistakes, impersonal salutations, pompous promises and the like are particularly suspicious
Do not reply to suspicious e-mails, just delete them immediately
Under no circumstances transfer any money
Beware of contact requests on dating platforms

5. Account takeover

In an account takeover, perpetrators make purchases in the name of unsuspecting victims and have the goods delivered to another address. With many online shops, this is possible because verification of purchaser identities is often insufficient. It is often enough to enter the surname, first name and date of birth to place an order on an account. Victims only notice the fraud when they receive payment requests and reminders.

Make sure that you only buy from trustworthy retailers. These will be marked with the “trusted shops” label.

Take your time
Fraudsters usually take advantage of the gullibility and carelessness of their victims. Read messages with payment requests or confirmations carefully and do not simply click “Continue” due to lack of time.

Video: What is an Account Takeover?

Tipp

Look out for the “trusted shops” label in online shops.

Steven R.

Steven R. usually does his banking via mobile phone. He is used to confirming payments of purchases made via mobile phone. Fraudsters take advantage of this and send fraudulent payment requests to unsuspecting cardholders. Often times, the personal data has been acquired in advance through so-called phishing attacks. Those who are not on their guard and do not check payment requests carefully may lose a lot of money.

It is therefore important that you always check payment requests carefully. This includes verifying the sender and the amount.

Paul A.

Paul A. previously found his monthly card statement to be a nuisance. He never checked the entries and amounts. Suddenly, his card issuer contacted him and, after detailed identification, told him that suspicious debits had come to their attention. Paul A. was shocked when he realised how much money the fraudsters had already stolen. The card issuer then blocked the card and issued Paul A. a new one.

Financial institutions and card issuers use intelligent software to monitor the transactions on your cards. In the event of irregularities or suspicious transactions, the cardholders are contacted. You too can help protect your cards. To do this, carefully check your monthly card statement and report any suspicious transactions to your financial institution or card issuer immediately.

Anna W.

Anna W. does her banking online or even buys her train tickets over the internet. As an experienced user, she has taken the precaution of activating two-factor authentication on her accounts. Nevertheless, she once imprudently passed on her confirmation code when she was supposedly contacted by one of her providers. Her money was gone immediately.

So, remember this: Never give your confirmation codes, which you receive via SMS or email, to third parties. Otherwise, fraudsters can gain access to personal accounts and can carry out transactions, orders or payments in your name.

Martina T.

Martina T. had been waiting quite some time for a package. Suddenly, she got an email from a parcel delivery service prompting her to make another payment before her package could be delivered. She didn’t notice this was a phishing email. She opened the link in the email and entered her card information. She then received an SMS with a confirmation code, which she also entered. She didn’t realize that this activated a new mobile payment system. She simply didn’t read the text message carefully. Then her money was gone.

So, make sure never to forward SMS codes to third parties and read your messages carefully. Be especially cautious in case of unsolicited contact and do not open any links or attachments in suspicious emails. Pay attention to atypical sender addresses or spelling mistakes. These may be indicators of phishing attacks.

What can I do?

Only buy from trustworthy retailers: “trusted shops”.
Only make payments on pages with SSL encryption.
Cancel payment transactions in the event of irregularities.
Check card statements.
Report suspicious transactions immediately.
Never give out personal data lightly or to strangers.
Keep security settings for social media accounts very restrictive.
Conduct e-commerce activities on sites such as Facebook via a separate bank account.
Choose strong passwords and turn on two-factor authentication.
Never pass on SMS codes to third parties.
Check whether telephone numbers or delivery addresses have been changed in your accounts.

6. Stolen or lost card

Unfortunately, debit or credit cards are often stolen. Once the perpetrators have the card, they can use the contactless function to make transactions of up to CHF 80 without entering a PIN.

Card issuers have therefore set a limit for protection. Once this is reached, a PIN request is made. This prevents perpetrators from carrying out multiple transactions in quick succession.

How to protect your card?

What can I do?

Set purchase limits.
If you are suspicious, inform the card issuer immediately.
Block the card immediately if it is lost, stolen or swiped at an ATM.
Check card statements carefully.
Keep the card safe.

7. Card or PIN interception

All credit and debit cards have an expiry date. Customers will receive new and replacement cards in the post. Brazen fraudsters do not hesitate to intercept such items in the post or in the letterbox. In addition, there have also been cases where fraudsters have made fraudulent card applications in the name of the victims and had the card sent to them.

What can I do?

Check card statements and bank statements carefully.
Inform the card issuer if an expected card or PIN does not arrive.

How to recognise scams!

Types of fraud

1. Phishing

Tip

Sarah M.

Sabina R.

David L.

2. Pharming

3. Carding

Scamming

5. Account takeover

Tipp

Steven R.

Paul A.

Anna W.

Martina T.

6. Stolen or lost card

7. Card or PIN interception

How to recognise
scams!