How to recognise scams!
Card transactions have become an integral part of everyday life. This also attracts fraudsters who are constantly trying to steal money from their potential victims with new scams. We present the most common types of fraud and show how you can protect yourself.
Phishing
Phishing is a widespread scam that comes in many forms and is often the first step in card fraud. Criminals trick their victims into disclosing their personal data such as their PINs, SMS codes, card data and CVC/CVV numbers or passwords. For example, to do this they use fake websites or QR codes, links in emails, phone calls or text messages (SMS, WhatsApp, Messenger, etc.). Armed this data, the fraudsters attempt to steal money from their victims.
How can I protect myself?
Think of LINDA! Each letter of LINDA's name stands for a mnemonic that can be used to prevent phishing:
- L = Links and attachments are not to be trusted
- I = Information must be carefully checked
- N = Neutral forms of address are suspect
- D = Deadlines and urgency are fishy
- A = Addresses must always be verified
What else can I do?
- Only visit trustworthy websites and those that are secure (starting with https://)
- Check the trader's terms and conditions of business
- Use 2-factor authentication or 3-D Secure
- Check payment requests with the payee
- Don’t approve payment confirmations until the amount and the retailer’s name have been verified
- Keep your web browser and operating system up to date
Good to know
Your bank or card provider will never contact you by e-mail or text message to ask for personal information or card details.
Fake shops/merchandise fraud
“Merchandise fraud” means that fraudsters offer products or services but do not deliver them or only deliver inferior goods. They often use fake online shops that look like genuine and reputable websites which usually show low-priced offers to attract victims.
How do I recognise fake shops?
The following features are typical of fake shops:
- Unusually low prices
- Time pressure using a countdown, for example “Today only” campaigns
- Payment in advance only
- Conspicuous, incorrect URL
- No legal notices or only incomplete ones and/or no general terms and conditions of business you can check
- Poor or no on-line reviews, or an unusually large number of excellent online reviews
How can I protect myself?
- Only visit trustworthy websites and those that are secure (starting with https://)
- Check carefully whether the seller's name, address, warranty, return and cancellation rights as well as delivery and payment conditions are easy to find
- Realistically assess prices and compare them with other shops
- Do not pay in advance
- Read reviews in Trustpilot or Google carefully
Good to know
If an offer sounds too good to be true, it usually is!
Account takeover
Account takeover is a scam in which criminals steal the login details of their victims and then take over their account - for example in an online shop, in e-banking or with a payment service. As soon as they have access, they make purchases using the victim’s name, trigger or approve payments, change limits or set new passwords. The perpetrators usually use fake messages, fraudulent links or manipulated QR codes to obtain access data, SMS codes or authorisations.
How do I recognise account takeover?
Typical signs that an account takeover is taking place are:
- Receiving SMS codes even though you have not triggered a payment yourself
- Requests to authorise “Security updates”, “Card verifications” or “Payback” / “Refunds” in the card app
- Reports that you have paid bills twice, for example to the tax office or healthcare insurance company, and are now about to receive a refund
How can I protect myself?
- Always read messages carefully
- Always be suspicious of unsolicited approaches
- Always check payment requests carefully, especially the sender and amount
- Discontinue each approval if the amount or recipient is unknown
- Only authorise orders in the card app if you have placed the orders yourself
- Never disclose access data, SMS and e-mail codes to third parties
- Do not copy activation links and do not enter them on unknown websites
- Do not scan or photograph QR codes that are sent via chat, SMS or WhatsApp
- Always keep your devices and apps up to date
- Check monthly card statements promptly and immediately report suspicious or unknown transactions to the financial institution or card issuer
- Never click on links and attachments from people you don’t know
Fraud on online marketplaces
In this scam, criminals contact users of platforms such as Tutti, Ricardo or Facebook Marketplace and pretend to be legitimate buyers. A quick agreement on the purchase is followed by a fake email, text or WhatsApp message that appears to come from the online marketplace. Sellers are redirected via a link or QR code to fake websites that look deceptively similar to the real post office, bank or TWINT websites. Anyone entering data into these sites transmits it directly to the fraudsters whose aim is to obtain payment and card data.
How do I recognise fraud on online marketplaces?
- Unusually urgent messages from potential purchasers responding immediately to the newly placed offer and want to buy the item straight away
- Requests for payment processing outside the platform, usually via a link sent by SMS, WhatsApp or email
- Claim that a payment has already been made
- Request to enter credit or debit card details or to log into an external platform or to return an SMS code received in order to collect the money
How can I protect myself?
- Never disclose credit or debit card details to receive money
- Be suspicious if you are asked to switch from the platform's official chat to alternative channels such as WhatsApp or SMS
- Never divulge e-banking access data or scan QR codes to receive money
- Never reveal access data, SMS and e-mail codes to third parties - not even for alleged verification purposes
Good to know
You never have to enter credit or debit card details or e-banking access data to receive money!
Scamming
In scamming, fraudsters try to lure their victims with particularly tempting offers: a great romance, fast money, the perfect apartment or that dream job. In essence, however, these approaches are all aimed simply at one thing - taking money out of their victims' pockets. The scammers use pretexts and empty promises to get their victims to make advance payments.
How do I recognise scams?
- Offers that sound too good to be true
- Celebrities or well-known brands that are supposedly behind the offer
- Emotional manipulation or blackmail in the absence of a response to the approaches
- Requests for advance payments, for example in the form of money or voucher codes
- Messages in foreign languages or with spelling mistakes, impersonal salutations, exaggerated promises and similar are particularly suspicious
How can I protect myself?
- Distrust messages from unknown senders
- If in doubt, hang up on calls, delete, block and/or report messages and contact the alleged person/institution via known/official channels
- Under no circumstances transfer money
- Do not reply to suspicious e-mails
- Beware of contact requests on dating platforms
Shoulder surfing
Shoulder surfing is a scam in which criminals attempt to obtain PIN or access data surreptitiously. For example, when you enter your data into an ATM, payment terminal, laptop or your smartphone. The criminals often stand close behind their victims or record the data entry using a smartphone held inconspicuously or a mini camera mounted on the terminal. As soon as the fraudsters obtain the data, they try to steal the card or device so they can withdraw cash or make payments with the combination of a stolen card/device and a stolen PIN or access data.
How do I recognise shoulder surfing?
The following behaviour by criminals is typical of shoulder surfing:
- Inappropriate proximity, especially at ATMs, ticket machines or when paying at a terminal
- Strangers causing a diversion when you are entering PINs or passwords
- Observation of finger movements during PIN entry
- Looking over your shoulder at your laptop or smartphone screen in public
How can I protect myself?
- Always conceal your PIN number when entering it - use your free hand, wallet or body
- Memorise the PIN and do not write it down
- Distrust people who come unusually close, especially at ATMs or check-outs
- Be suspicious of someone causing a distraction such as jostling, questions or "accidental" touching
- Keep cards and smartphones safe, especially after entering your PIN
Vishing
Vishing, a combination of the words "voice" and "phishing", is an attempt by criminals to deceive their victims with a phone-call. The callers often pretend to be bank employees or police officers and come across as very convincing. They use real names, real logos in messages or fake telephone numbers that look like the financial institution's number on the display. Their goal: The intention is to induce victims to disclose personal data, access data, SMS codes or authorisations so that the card, account or banking app can be taken over and payments initiated.
How do I recognise vishing?
- Calls from alleged police officers, bank employees or card issuers
- Requests to make payments or to carry out “updates” in e-banking or “tests” in an online service
- References to alleged problems with payments or incorrectly executed transfers
- Information about alleged card misuse and the resultant need to protect your account
- Request to disclose SMS codes to approve, unblock or cancel transactions
How can I protect myself?
- Never divulge SMS codes, card data or app authorisations
- End unsolicited conversations with alleged police officers and employees of the bank or card issuer immediately
- Do not scan or photograph QR codes that are supposedly for "blocking" or "verification" purposes
- Check authorisations in banking or card apps carefully
- Always question supposed urgency
- If in doubt, contact the bank or card issuer or the police directly via official channels
- Never reveal personal data on the phone without being asked
Good to know
Banks, card issuers, payment service providers or the police never ask for passwords, SMS codes, app authorisations or QR codes over the phone.
Stolen or lost cards
A stolen or lost debit or credit card can be used by fraudsters for contactless transactions of up to CHF 80 without entering a PIN. Card issuers have therefore defined a limit to protect cardholders. Once this is reached, a PIN is requested. This prevents criminals from completing multiple transactions in quick succession.
How can I protect myself?
- Keep your card safe and block it immediately if it is lost, stolen or retained by an ATM
- Check monthly card statements promptly and report suspicious or unknown transactions to the financial institution or card immediately
- Activate geoblocking in your card or banking app to prevent fraudulent transactions from abroad
- Restrict purchase limits: as high as necessary - as low as possible