Recognize fake emails and react correctly

Fake emails are messages from cyber criminals that come from a seemingly trustworthy sender – e.g. from the bank, a well-known company or someone close to you. The sender details, logos and content of these emails are so authentic that recipients are often easily tempted to click on links, enter personal details or download attachments. This makes them very similar to phishing emails. 

While phishing is mostly about stealing confidential information such as passwords or credit card details, fake emails can have even broader aims:

For example, they can spread malware, steal the identity of their victims or force them to transfer money.

Because they are so deceptively genuine, fake emails are often very difficult to recognize. However, there are some typical features that you should look out for:

• Anomalies in the sender's address, e.g. irregularities in the spelling
• The subject line conveys urgency and calls for immediate action.
• Conspicuous content, e.g. spelling mistakes, general form of address without a name ("Dear Customer") or request for personal data.
• On closer inspection, graphics and logos show irregularities in quality or placement.

Look out for these anomalies. If you are unsure whether an addressee is trustworthy, we recommend that you search the Internet for the official website and make inquiries. 

Please always be aware of this: Your bank or other reputable service providers will never ask you to enter sensitive data such as passwords or credit card details via a link.

Here you will find examples of fraudulent messages on various topics and a legitimate request for comparison:

Warning: This email is sent from a fake domain, requesting urgent action and leading to a suspicious link. Banks never request sensitive data by email.

Genuine email from a bank

• All in order: This email is sent from the bank's official domain, addresses the recipient by name, and refers to the login for online banking via the bank's official website.

Warning: This email uses an enticing subject line and asks for personal data. Reputable lotteries never ask for personal information by email to process winnings.

Genuine prize notification

• All in order: The real email uses a trustworthy domain, a personal salutation and refers to the official website – without direct links to enter personal data.

Warning: This email contains a forged sender address, a conspicuously generic subject and a suspicious attachment. Reputable companies do not hide relevant information exclusively in the attachment, but mention it directly in the message text.

Genuine invoice

• All in order: The real email uses the company's actual domain, a subject line with specific details and an attachment that is secure.

If you receive a conspicuous email, don’t allow yourself to be rushed into action. Check the message – without opening attachments, clicking on links or sending a reply.

Then you can:

• Contact email provider: Forward the suspicious message to the customer services department of your email provider. If it is a fake email, your provider can take measures, e.g. warn other users.
• Delete email or move it to spam folder: As soon as you have forwarded the email to your provider, delete it or move it to the spam folder. 
• Report fake emails to the National Cyber Security Centre (NCSC): You can report your case by email to incidents@ncsc.ch or via the official websites https://www.report.ncsc.admin.ch/en/ and https://www.antiphishing.ch/en/. This allows measures to be taken and other users to be warned.

In general, you should make sure that you always keep the software and antivirus protection for your devices up to date. You should also check your online accounts regularly so that you can act quickly in the event of anomalies.