In the first six months of 2025, the Bundesamt für Cybersicherheit (BACS) was notified of 35.727 cyber incidents. With a share of 58% of all notifications, phenomena involving fraud still make up the largest part of all cyber threats.
Although attempted fraud makes up the largest part of all notifications, they have decreased by 2.000 reports compared to the last period and have therefore seen a slight decline. The smaller number of scam telephone calls in the name of authorities in particular have influenced this decline.
Compared to the previous period, there were 5.981 reported phishing attempts; another decline in notifications by 662 cases. This reduction was also reflected in the antiphishing.ch reporting platform statistics. What is being reported though are sophisticated phishing attempts targeting Twing or e-banking facilities. Attackers usually use small ad platforms as a pretext, combining this method with voice phishing to gain their victims’ trust and increase their chances of succeeding.
Multi-factor authentification is also increasingly coming under attack. Once again, this involves real-time phishing, with banking apps being targeted. Attackers use Social Engineering and Real-Time Phishing to obtain access data in real time before they become invalid. To do so, they insert paid ads in search engines to appear before authentic banking log-in links. If victims select the fake banking log-in page, their access data complete with their multi-factor authentification details are captured in real time.
Just like the last semi-annual report, the present one demonstrates that humans are the key factor involved in cyber security and cyber threats once more.
The BACS semi-annual report 2025/I can be found here.
