Reporting phishing attacks and fraud

Phishing is the practice of using fake emails or websites to get hold of personal data such as passwords or credit card numbers. Fraudsters often try to pass themselves off as trustworthy organisations such as tax offices, banks, the police or insurance companies. The apparently reputable credentials of the sender can allay suspicion, enabling them to obtain sensitive information.

Emails like these often include a link – clicking on this can produce various dangerous results, such as being redirected to fake websites or malware being installed on your device.

If you have entered data such as a password or credit card details on a phishing site, you need to act fast:

• Change your passwords: Change your passwords for all SWICA services immediately in the mySWICA customer portal. If you use the same password for any other online services, such as on social media, for online shopping or with financial services providers, you should immediately change it there as well.


• Block your credit/debit card: If you have entered your credit or debit card details, contact your card provider and ask them to block it. You will normally find a phone number for card blocking on the back of your card.


• Update your software: Protect your device against possible malware by installing all available antivirus software and operating system updates.


• Report the incident: Tell us about the phishing attack using our reporting form. That will enable us to identify fraudulent websites and attacks faster and take action.
  
  We also ask you to report the fraudulent email or suspicious website to the National Cyber Security Centre. Once you have done so, delete the message to avoid the risk of falling for it again later.


• Report a crime: If you are the victim of a cyber-crime, we recommend reporting it to your cantonal police authority.

By reporting attempted phishing attacks to SWICA, you are actively helping to protect every user. Your reports enable us to identify fraudulent campaigns and websites sooner and put a stop to them. Together, we reduce the risk for everyone insured with us and protect their personal data.

You can tell us about phishing attempts and incidents of fraud via our reporting form.

Important: Please note that when you report phishing attempts or other types of fraud and when you share personal data with us, you are doing so voluntarily. When you provide us with contact information, you can rest assured that we treat all the data we receive in confidence and follow the applicable data protection provisions as detailed in our Data Privacy Statement.

Here are some examples of the kinds of phishing attacks and types of fraud you can report to us:

• Fake emails: Emails that look as though they are from SWICA and that directly or indirectly ask for personal information such as your insurance number, date of birth, or bank or credit card details. They may also contain links to malware or dodgy attachments that could harm your device.
  SWICA article: «Phishing: Beware of fake emails»


• Phishing websites: Websites that look like the real SWICA site to trick you into sharing personal data.
  SWICA article: «Phishing: Fake SWICA customer portal put online» (available in French, German and Italian only)


• Fake apps: Apps that look like the genuine SWICA applications and seek to steal sensitive information or install malware on your device.


• SMS fraud: Fake text messages asking for information or containing a link to a fake SWICA website.


• Fake callers: Telephone calls from people posing as SWICA employees, seeking to obtain personal information, to deceive you or to get you to act unlawfully.

Please note that we will not be able to assist with any reports not directly relating to SWICA or our products and services, such as general spam communications or technical problems on third-party platforms.

We check every report carefully and use the information provided in our investigations. Where appropriate, we work closely with the National Cyber Security Centre and IT security providers. As far as legally possible, we work to have any fake websites that directly affect us taken down.

Please note that we do not conduct any criminal investigations ourselves. If you have suffered a loss as a result of a phishing attack or other form of fraud, such as malware, we recommend that you report this to your cantonal police authority.