According to the Federal Office for Cyber Security, a cyber incident is reported on average every 8.5 minutes in Switzerland.
The number of reported cyber incidents in Switzerland rose sharply in 2024 – almost twice as many reports were received by the Federal Office for Cybersecurity (FOCS) as in the previous year. Private individuals and companies are particularly frequently affected by attempted fraud and phishing attacks. New fraud methods such as deepfakes or fake calls in the name of authorities are also on the rise.
In 2024, the Federal Office for Cybersecurity (BACS) received a cyber incident report every 8.5 minutes until the end of October. Compared to the previous year, this is almost twice as many reports. This enormous increase is mainly due to the rise in the phenomena of “fake calls in the name of the police”, “fraudulent prize draws”, “subscription traps” and “phishing”. 90% of these reports were made by private individuals, 10% by companies.
The most frequently reported cyber incidents include fraud incidents and phishing attacks.
Phishing refers to a form of cyber attack in which the perpetrator uses fake websites, emails or messages to obtain sensitive personal data such as login details or payment information. Possible targets are orders placed in the victim’s name to third parties, identity theft or causing financial damage. Phishing typically involves impersonating a trustworthy person or institution and asking users to enter personal data into a form, for example. Cyber criminals often use emails to reach a large number of potential victims. Increasingly, however, they are also using techniques such as voice impersonation and text messages (smishing).
The most frequently abused brands in the area of phishing are in the financial sector, postal services, telecommunications and public transport.
To prevent phishing, the BACS advises multi-factor authentication. However, even after activating multi-factor authentication, users should remain cautious online, as this protective measure can also be undermined by social engineering techniques. Preventive advice or training on these topics can help to improve personal cyber security or the behaviour of employees in the company. Advice following a cyberattack is also beneficial to ensure that all legal requirements are met.
Fraud attempts are even more common than phishing attacks (around two thirds of all reports in the first half of 2024). Of these reports, 60% are due to fake calls to authorities. This method involves calling random numbers and playing a recorded message when the call is answered. In this tape message, the caller is told, for example, that they are involved in criminal proceedings. The victims are then connected to a fraudster who convinces them to download remote access software, which enables the fraudsters to gain access to the victim’s computer or mobile phone and, for example, trigger unwanted payments in e-banking.
Cybercriminals can also use deceptively real-looking photos and videos and real-sounding voices (deepfakes) to convince victims that they are speaking to a known person who is in urgent need of help or money. Due to the increasing use of such deepfakes for fraud purposes, increased risk awareness is essential. We will be happy to explain to you what you can look out for to avoid becoming one of the countless victims of these scams.
As fraudsters are extremely creative and convincing in the design of their scenarios, it is often difficult for those affected to distinguish between a legitimate enquiry and a fraud attempt. If in doubt, BACS recommends contacting the authorities directly to clarify any suspicious cases. In addition, our team recommends scrutinising and double-checking supposedly urgent requests that involve money payments or similar in any way.
The BACS press release makes it clear that cyber security remains a key issue. Fraudulent methods such as phishing, fake calls from authorities or the use of deepfakes are becoming increasingly sophisticated and pose major challenges for both private individuals and companies.
Technical protective measures such as multi-factor authentication are an important step in effectively protecting against such attacks. A high degree of vigilance and sensitisation in dealing with digital means of communication is equally crucial. Finally, legal expertise is also essential in many situations in order to provide companies and private individuals with the best possible protection. With our experience in the areas of cyber security, IT law and data protection law, we are happy to support you in taking preventive measures and responding appropriately to incidents.
Based on the average values, we have already received another cyber incident report since you accessed the article. In the last week alone, 1359 reports were received. Contact us to clarify your questions and get personalised advice. In a digitalised world where cybercrime is part of everyday life, it is crucial to be able to count on competent support.
Sources