With over 62.000 reports, the Bundesamt für Cybersicherheit (BACS) once more reported a marked increase of cyber incidents compared to the previous period. Especially noteworthy is the fact that more phishing incidents by telephone (voice phishing / vishing) have been registered again.
The Bundesamt für Cybersicherheit (BACS) statistics show that phishing is still one of the core challenges faced by the Swiss economy and population. With 12.038 reports, phishing attempts have been the cyber incidents second most reported to BACS after fraud in the year 2024. Compared to last year, that is an increase by 2.623 reports. Next to common phishing attempts via e-mail, approaches by telephone (voice phishing / vishing) have seen a considerable increase. In the process, phishing attempts in the name of financial institutions remain very much in vogue. In 2024, fraudsters have mainly been using the “calls by purported bank employees” method so popular in the 2010s. The approach remains the same, although the scammers have adapted their pretexts.
For instance, fraudsters now get in touch purporting to be members of a financial institution’s security department and claiming that they want to help stop a fraudulent payment. Perfidiously, their victim is shown their financial institution’s correct telephone number, faked via “spoofing”. To stop an allegedly fraudulent withdrawal, fraudsters provide their victims with a fake telephone number to call a supposed police station. This call to the “police station” only ends up reconnecting victims to these fraudsters. They then attempt tricking their targets out of money and/or to obtain access to their accounts using fraudulent instructions and links.
This type of phishing, also known as voice phishing or vishing, enables fraudsters to act in real-time, so to enable them to obtain access to applications protected by multi-factor authentification (MFA), for instance e-banking. MFA reduces the risk of compromising accounts, although it can be circumvented using social engineering techniques.
Yet again, it helps to remain more sceptical and to consider that Swiss banks would never ask you for any security details like passwords, numbers or tokens obtained from MFA applications.
Further information on the subject of the human factor can be found here.
The semi-annual BACS report 2024/II (July to December) can be found here.
