Phishing is a widespread scam, whereby cybercriminals send fake electronic messages to encourage recipients to reveal sensitive information such as passwords or personal data (e.g. PINs). The term ‘phishing’ is derived from ‘fishing’ and describes fishing for information. These fraudulent messages are not only annoying, but also dangerous. The amount of phishing attacks is constantly increasing and scammers are becoming more sophisticated and professional. They use advanced IT technologies to create deceptively ‘genuine’ messages or websites; it’s often difficult to distinguish between these and their real counterparts. What’s particularly dangerous is that phishing attacks frequently target human vulnerabilities. Cybercriminals deploy clever techniques to gain their victims’ trust and trick them into disclosing confidential information.

Be vigilant – especially given our busy routines. Anyone can fall victim to a phishing attack these days

In order to protect yourself effectively against phishing, it’s important to recognise suspicious messages and react to them correctly. Remain vigilant and sceptical about unexpected messages that:

  • Request personal information
  • Ask you to do unusual things
  • Include enticing sweepstakes or credit refunds
  • Threaten to suspend your account if you don’t respond within a certain deadline

Hallmarks of phishing messages

If you receive a message that appears suspicious, you should be wary. Look for the following signs of phishing to identify such emails:

Date and time

Was the email sent at an odd time (during the night, weekend, bank holiday)? This may mean that the person who sent the message is in a different time zone. Do you have any contacts in such regions?

Sender
  • Always compare the sender’s display name with the associated email address. Do these match or are they related to each other? Remember that fraudsters are able to recreate original email addresses.
  • Do you know the sender?
  • If so, have they used the same email address as with previous emails?
  • Has the email been sent by an acquaintance, partner or supplier, but contains unusual content?
  • Is the email address a fake domain that looks deceptively similar to a known brand? maxmuster@planzer.ch <> maxmuster@pianzer.co
Recipient
  • Has the email been sent to other people?
  • If so – do you know them?
  • Is there an unusually large number of recipients?
  • Are they addressed in a very generic manner?
Content

Does the message content make sense? Does the message content apply to you? For example, have you ordered a parcel that you are now supposed to confirm by clicking on the link in an email or have you opened an Amazon account that is now supposedly being suspended? 

Subject
  • Does the subject match the content of the email?
  • Does the subject make sense in relation to the sender?
  • Is it a response to an email you sent or requested?
Links
  • If the email contains a link, you can verify it by hovering over it without clicking on it. Compare the URL displayed with the link. Is the same target address displayed or does a different internet address suddenly appear?
  • Is the link unusually long?
  • Is the link also referred to in the message text?
  • Is the hyperlink target address correct? Is it https://planzer.ch or http://www.pianzer.co? Look carefully, because senders set up fake internet addresses to lure recipients to such websites, where they then obtain their identification data.
Attachments

File attachments can cause a lot of damage if they are downloaded. Never open/enable a file attachment if you are not 100% sure what it is! Always ask yourself:

  • Am I expecting this file?
  • Does the file name seem trustworthy?
  • Is it a common file type?
  • Has your virus scanner flagged the file?
  • Does the document contain macros (do not open!)?
QR code

Scan any QR codes with your smartphone before clicking on them. Check the URL provided before opening it. If the link is unfamiliar, don’t click on it. QR code phishing is frequently used by attackers attempting to distribute malicious links to their phishing websites. 

‘Soft’ characteristics

In addition to all the ‘verifiable’ elements of a message, there are also other ‘soft’ characteristics that can be used to recognise phishing messages.

  • Does the text contain typos/grammatical errors or unusual formatting?
  • Does the sender’s signature appear trustworthy? Are various font sizes, formats or colours used, and does the message make you feel uneasy?
  • Are well-known company logos/names used that don’t match the email address?

Is someone trying to exploit your vulnerabilities?

  • Does the message ask you to do something (click a link, download a file, open a previously announced email) or does the message content entice, pressure or require you to click on something in the message or even reveal information?

Are you being threatened with consequences, for example if you don’t respond (financial loss, criminal charges, account or card blocking?) Fraudsters often put pressure on recipients to make them take the desired action. To sum up, here are some general tips:

  • Listen to your gut instinct: If you’re unsure whether the message is genuine or fake, simply delete it.
  • If you’re unsure, never click on a link and never open an attached QR code or file!
  • If you open a supposedly secure attachment and a warning appears from your current antivirus software, take this seriously and follow the instructions!
  • If in doubt, call the person who sent the email to find out whether it came from them and whether they actually wrote the email.

Phishing – emergency or just unsafe?

Anyone can fall victim to a digital attack or attempted fraud. If you’ve been affected or even just suspect that you may have been affected, you should take immediate action.

Have you entered your data on a phishing site?

Then you should do the following as quickly as possible:

Change the relevant password

Log into the affected account (if possible on a different, secure device) as soon as possible and change the password.

Run a security scan

Run a complete malware scan of your system. You can do this either via your installed antivirus software or online using the security check provided by the Swiss Internet Security Alliance (SISA) at ibarry.ch.

Block your credit card

Block your credit card if you have already disclosed your credit card details. With most providers, there is a phone number on the back of your card that you can use to block the card.

Help protect others

Report suspicious messages or suspicious websites to the National Cyber Security Centre (NCSC) or forward the email as an attachment in a new email to reports@antiphishing.ch. Then delete the email and empty your trash folder.

Have you been the victim of digital fraud?

Report it to the relevant cantonal police.

Are you unsure whether a message is actually from Planzer?

We’ll tell you whether an email or SMS is really from Planzer.
Send the suspicious message as an attachment to security@planzer.ch and we’ll look into it.
+41 (0) 44 / 744 64 64 Contact form Customer portal Locations Jobs Online store