How to recognize Phishing, Smishing, and Vishing scams

All it takes is a split second of inattention. Email, text, and phone scams have become shockingly convincing. What makes them especially dangerous? They don’t target your device – they target you. Learn how to spot the signs before it’s too late.

Phishing

Smishing

Vishing

10 tips

Scam response

Phishing

Smishing

Vishing

10 tips

Whether it's a delivery notification, a call from your «bank», or a fake support agent reaching out – cybercriminals are getting more sophisticated and more personal. Increasingly, their focus isn't on technical vulnerabilities, but on people themselves.

When trust becomes a weakness
Experts call this social engineering. This is a type of cyberattack where people are manipulated instead of systems being hacked. And that’s exactly what makes it so dangerous: it’s not about how secure your software is, but how alert you are in the moment.

The goal of these tactics is always the same: your active cooperation. You might unknowingly hand over sensitive data, for example by filling out a fake form or answering questions during a conversation. Or you might give attackers access to your device without realizing it, such as by clicking on a malicious link or installing an app. That’s what makes it so dangerous: the attackers don’t act quietly in the background. They turn you into the weak point yourself.

To pull this off, attackers often rely on spoofing by forging sender names in emails or phone numbers in calls to make them look legitimate, such as a Swiss mobile number or a well-known company name. These messages appear trustworthy but are anything but. That is why it is not enough to simply check who sent the message. Always question the content as well.

Phishing – Email scams

Phishing emails often look legit: logos, formatting, and language are polished and familiar. Attackers impersonate banks, brands, or online services.

Common tactics:

«Your account has been locked. Click here to reactivate.»
«Urgent security update. Log in now.»
«You’ve received a refund. Please confirm your details.»
«Unusual activity detected. Change your password immediately!»

What to look out for:

Slightly altered sender addresses (e.g., support@banke.ch instead of support@bank.ch)
Be aware that even authentic-looking addresses can be fake (spoofing).
Spelling or grammar mistakes
Generic or incorrect greetings
A sense of urgency or threats
Requests to share sensitive data or click on a form

Pro tip
Hover over a link before clicking to check the real URL.

Important
We will never ask you to share your passwords, codes, or credit card details by email. And neither will any reputable company, bank, or government agency. If you are unsure, do not click on any links and do not open suspicious attachments.

Smishing – Text messages scam

Smishing combines «SMS» and «phishing». You’ll receive a fake message that seems to be from a delivery service, your bank, or a trusted company. Messaging apps like WhatsApp or Telegram are also commonly used.

Typical examples:

«Your package couldn’t be delivered. Track it here: [link]»
«Payment issue detected. Call us now.»
«You’ve won a gift card! Click to claim.»
«Your account was deactivated. Please update your details.»

Be careful
Shortened URLs may seem harmless, but they’re often used in scams. On mobile devices, it's harder to verify links because you can't hover to preview them.

Vishing – Voice call scams

Scammers call you directly and pretend to be from your bank, the police, tech support, or a government agency. Through carefully crafted conversations and often under time pressure, they try to manipulate you into revealing confidential information, sharing a verification code, opening a website, installing software, granting remote access, or transferring money.

Common call scripts:

«Your account has been compromised. To verify your identity, please provide your credit card number and the SMS code.»
«This is your IT support. You need to install something urgently.»
«You have an outstanding fine. Make the payment now online or with a code, or legal action will be taken.»

Warning
Scammers often use spoofing to make voice phishing calls appear to come from trusted sources like Swiss mobile numbers, making them seem legitimate.

10 golden rules for your digital safety

Do not click on links in suspicious messages.
Never share confidential information (passwords, credit card numbers, verification codes), whether by email, text message, or phone call.
Never let anyone pressure you into acting quickly.
Carefully check sender addresses, phone numbers, and links. If in doubt, verify the information directly via the company’s official website or app.
Activate two-factor authentication (2FA) wherever possible.
Do not open attachments from unknown or untrusted sources.
Never install apps that you were prompted to download via message or phone call.
Stay skeptical during phone calls. If anything seems off, hang up immediately and block the number.
Keep your phone and apps up to date by installing regular updates.
Use a strong, unique password for every account.

What to do if you fall victim of a scam

Clicked a link and entered your details? Change your passwords immediately
Shared credit card data? Block your card right away
Sent money? Contact your bank immediately
Installed malware? Disconnect from the internet and call an IT expert
Report the incident to the National Cyber Security Centre (NCSC ) or your local police

Knowledge protects. For stronger digital security.

If in doubt, contact the sender using verified contact information from their official website or app. Never use the links or phone numbers provided in a suspicious message. If a phone call feels strange or threatening, hang up immediately.

Talk to your family, friends, and coworkers about these types of scams. Staying safe online means staying alert, thinking twice, and having the courage to say no.at the right moment.