The current semi-annual report by the Bundesamt für Cybersicherheit (BACS) shows: In Switzerland, the cyber threat situation remains at a consistently high level. The focus is still on fraud – and phishing above all other methods.
Phishing: From mass attack to targeted deceit
Phishing is still one of the most common and at the same time most effective methods of attack. Cyber criminals use deceptively real e-mails, texts or websites to obtain sensitive data such as credentials or credit card information.
While classic mass phishing campaigns are still widespread, there is a clear development towards evidently more refined methods:
- Targeted spear phishing: Attacks are tailored to specific individuals or organisations.
- Real-time phishing: Victims are actively manipulated while logging on.
- Voice phishing (Vishing): Scammers ring pretending to be bank or government employees.
It is this combination in particular which significantly increases the success rate, as it builds trust and manages to circumvent any existing security measures.
New phishing methods applied in Switzerland
The particular noticeable thing is the increasing adaptation of attacks to Swiss realities. Perpetrators for instance deliberately use well-known brands, loyalty schemes or services to make their attacks more credible.
So-called SMS blasters have been used in Switzerland for the first time. This is when attackers send phishing messages directly via counterfeit mobile antenna to smartphones surrounding them, circumventing classic network operator protection measures this way.
The aim: More than just credentials
The times when phishing attacks merely targeted passwords have long gone. Attackers increasingly attempt to create extensive data profiles. Amongst others, these contain:
- Personal data
- Financial data
- Telephone numbers
Such data are then used for further attacks, identity theft or selling them on the Darknet.
Companies under particular attack
Companies are also seriously affected. In addition to classic phishing attacks, an increasing number of variations have been found which could sometimes lead to substantial financial damage.
Recommended action
In view of the increasing professional nature of attacks, technical and organisational measures are crucial:
- Don’t open any links in messages unfamiliar to you.
- Never enter any sensitive data via linked websites.
- Activate multi-factor authentification (MFA).
- Critically examine senders and requests.
- Report suspicious incidents.
Particularly important: Phishing thrives on time pressure and emotions. Simply taking a bit of time to think and scrutinise requests might just nip attacks in the bud.
Conclusion
Phishing remains the central cyber threat in Switzerland and is continuously evolving. The increasing practice of combining several methods of attack and the stronger personalisation make it ever more difficult for users to recognise scamming attempts.
Raising awareness, clear processes and a conscious handling of digital information is therefore all the more important – both in a private and a business setting.
