Phishing and other attempts at fraud
Identifying risks and reacting correctly
Frequent attempts at fraud
Not everyone claiming to be Swiss Post actually is
For greater credibility, fraudsters like to misuse well-known and trustworthy brands online. Swiss Post is a very popular target. According to the Anti-Phishing Report 2023 by the Swiss National Cyber Security Centre (NCSC), the brand name Swiss Post was misused most frequently by cyber-criminals for phishing at 21 percent in 2023.
The most common attempts at fraud using the name of Swiss Post are:
Links to fake Swiss Post websites/apps
Messages with links to fake Swiss Post websites and requests to install a fake Swiss Post App. Anyone who does so downloads the fake Swiss Post App, which aims to install itself directly as SMS Messenger. The messages always contain links to a fake Swiss Post website. This can be recognized by the embedded link not ending with post.ch, poste.ch, posta.ch, swisspost.ch or swisspost.com.
Here you will find information on the official Post-App and where you can download it securely on your smartphone.
Fraudulent e-mails and SMS
Fraudulent e-mails/SMS sent in the name of Swiss Post sometimes look deceptively real. Especially in the age of tools like ChatGPT, it’s becoming easier for fraudsters to produce fake messages using language that’s absolutely correct.
Messages requesting customers to update their personal information (password, credit card details etc.). A link in the message always refers to a fake website in the Swiss Post layout. Swiss Post never requests personal information via e-mail or SMS.
E-mails informing customers about supposed parcel deliveries, often with a correct postal delivery address (street/no.). The sender’s e-mail address is fake and has nothing to do with Swiss Post.
E-mails and SMS informing customers of supposedly unsuccessful delivery attempts. The sender’s e-mail address is fake and has nothing to do with Swiss Post. Swiss Post never requires a clear to send (CTS) signal or a special barcode for further delivery.
E-mails and SMS messages implying the customer has unread messages from Swiss Post. A link in the message always refers to a fake website in the Swiss Post layout. Swiss Post does not send such messages.
Messages requesting customers to send an SMS with “psc150” within a 24-hour period to the number 474 in order to receive their parcel. Swiss Post does not set such tight pick-up deadlines or send e-mails demanding customers send codes to telephone numbers or e-mail addresses, or to enter codes via links in e-mails.
Messages indicating that a parcel is ready for the customer to collect from a Swiss Post branch and requesting confirmation by SMS to the number 41414, followed by an e-mail to service-code@post.ch.
SMS containing messages like “Parcel held at terminal,” requesting payment of postage/fees for receipt of a consignment. The link in the SMS leads to a fake website in the Swiss Post layout. Swiss Post does not send SMS messages containing payment requests.
Messages requesting the recipient to call an 0901 number, which does not lead to Swiss Post. The sender address as well the e-mail address given in the e-mail and the other content have nothing to do with Swiss Post.
Messages with a fake consignment number. The sender, the e-mail address indicated and other content have nothing to do with Swiss Post.
E-mails referring to an invoice or an outstanding payment, the amount of which is also usually mentioned in the subject line (e.g. swisspost.ch invoice CHF 666). They also include a harmful attachment (a .docx file) containing malware. You should never open such attachments and should delete the e-mail immediately.
E-mails from IncaMail stating that a parcel has been deposited at Swiss Post and that the order must be confirmed via a secure link. The message does not come from Swiss Post or from IncaMail. The link leads to a fraudulent website.
Fraudulent addresses/senders
Fraudsters are behind the following addresses/sender details:
Messages that customers sometimes receive after an online purchase. They contain a paysget link (e. g. https://post.ch.paysget.info/cash26424823 or with a different end number) in which the recipient is requested to pay the purchase amount, whereby the amount is supposedly transferred via Post CH Ltd. To complete the transfer, the recipient has to enter their personal details, including their account balance. Ignore these links and never reveal your information.
Certain e-mails with “Track consignments” in the subject and from the sender addresses mentioned above contain a link to a supposed shipping label. The e-mails and links hide an infected server which infects PCs with malware in order to access data.
The fraudsters use falsified sales advertisements on Swiss advertising platforms and demand that the desired items are paid for in advance using scanned gift certificates. The fraudulent e-mails contain some genuine data and may also request that the recipients send personal payment data. Swiss Post never asks its customers to send personal payment data. In the e-mail itself, you will see a mix of various delivery organizations.
Small ads websites: falsified order confirmations
A scam targeting people using small ad sites to sell their goods. The fraudsters pretend to be interested in buying the goods, but then tell the sellers they cannot collect the goods in person. Instead, the scammers claim that they’ll use a Swiss Post courier to collect the goods. To confirm the collection order, the seller is directed to a website with a foreign domain name designed in Swiss Post style (incl. Swiss Post logo), for example https://post-receive.com/buy. The seller is then asked to enter their credit card details and an authentication code sent by SMS. Upon authentication, the fraudsters have unlimited access to the seller’s credit card. Ignore such requests and never reveal your information.
Facebook: fake promotions and offers
A campaign on Facebook that appears to be from Swiss Post. It shows a pallet with parcels, combined with a time-limited offer to purchase the parcels for a small amount of money. A large Swiss Post logo is visible on the parcels, and below the fraudulent Facebook post, enthusiastic but equally fraudulent comments can be seen. Users are asked to fill in a form if they are interested. Through this form, the fraudsters gain access to data that they will presumably use for phishing purposes. Always approach offers of this kind with caution and check the link before opening it.