Current attempted frauds
Malware & Phishing
Fake e-mails and SMS
Here’s how to recognize the current fake e-mails:
Order confirmations on small advertisement portals
Retailers who offer their goods on small advertisement portals are sometimes contacted by fraudsters expressing an interest in the items for sale. The fraudsters pretend to the seller that they have problems which prevent them from picking up the goods themselves. They say a Swiss Post courier will take care of collection. In order to confirm the collection order, the seller will be directed to a webpage with a foreign domain which mimics the style of Swiss Post and which also displays the Swiss Post logo. The webpages have addresses such as https://swisspost-receive.com/buy. The seller is then asked to enter their credit card details and an authentication code which will be sent by SMS. Upon authentication, the fraudsters have unlimited access to the seller’s credit card.
post.ch.paysget.info is a fraudulent address
Currently, customers are receiving a message with a paysget link after purchasing items on the Internet (e.g.http://post.ch.paysget.info/cash 26424823, where the final digit may differ) for the transfer of the purchase amount. It is specified that the payment will be debited via Post CH Ltd. Recipients are being requested to enter their personal details including their account balance. We are expecting other similar addresses to post.ch.paysget.info to be registered soon.
Falsified e-mails with “Deadline: 24 hours” and “psc150”
The message tells customers to send “psc150” by SMS to 474 in order to receive their parcel. They will then receive a code, which they are instructed to send to the e-mail address given. These e-mail addresses belong to fraudsters and change constantly. If you follow the instructions you will order a PostFinance paysafecard for CHF 150. If you then send the code (which is a paysafecard voucher) to the fraudsters, you will lose your money. You can recognize falsified e-mail addresses because they do not end in @post.ch, @poste.ch, @posta.ch or @swisspost.ch. Swiss Post does not set tight pick-up deadlines or send e-mails demanding customers to send codes to telephone numbers or e-mails, or to enter codes via links in e-mails.
Fake Swiss Post websites and Swiss Post apps
Links to fake Swiss Post websites and an invitation to install a fake “Swiss Post App”. Anyone who erroneously installs the app will receive the fake “Swiss Post” App on their Android device, which aims to install itself directly as SMS Messenger. The messages always contain links to a website which does not belong to the Swiss Post portal. This can be recognized by the embedded link not ending with post.ch, poste.ch, posta.ch, swisspost.ch or swisspost.com.
Fraudulent SMS with title “Parcel held in terminal” or similar message
An increasing number of SMSs with titles such as “Parcel held in terminal” are being circulated. These messages request payment of a charge/fee. The link in the SMS points to a fraudulent website which uses the Swiss Post layout but is not part of the Swiss Post portal. Swiss Post does not send any SMSs containing payment requests.
Supposed parcel delivery
The poorly written e-mail refers to a supposed parcel delivery, and indicates a correct postal delivery address (street/No.) Although Swiss Post is given as the sender, the e-mail address is not an official Swiss Post address.
Fake e-mails and SMS containing requests to update personal information (password, credit card, etc.)
The sometimes deceptive, genuine-looking messages ask customers to update personal information such as their password or credit card details. Each of these messages contains a link to a website which does not belong to the Swiss Post portal. This can be recognized by the embedded link not ending with post.ch, poste.ch, posta.ch, swisspost.ch or swisspost.com.
Fake e-mails and SMS containing the message “Unread messages”
These messages suggest that the customer has received unread messages from Swiss Post. Swiss Post does not send such messages. Each of these messages contains a link to a website which does not belong to the Swiss Post portal. This can be recognized by the embedded link not ending with post.ch, poste.ch, posta.ch, swisspost.ch or swisspost.com.
Fake e-mails and SMS with “failed delivery attempt”
There are increasingly more e-mails and SMS circulating that claim to be a failed delivery attempt. Please be sure to check whether the sender’s e-mail address really originates from Swiss Post. Swiss Post never requires a clear to send (CTS) signal or a special barcode for further delivery.
Fake e-mails and SMS with an SMS code
The message indicates that a parcel is ready for the customer to collect from a post office and requests confirmation by SMS to the number 41414, followed by an e-mail to service-code@swisspost.ch.
Fake e-mail and SMS with 0901-... number
The message requests the recipient to call an 0901 number, which does not lead to Swiss Post. In addition, the sender address as well the e-mail address given in the mail and the other content have nothing to do with Swiss Post.
Sender “Swiss Post mg@...”
Certain mails with the subject “Track consignments” originating from the sender addresses mentioned above contain a link to an a supposed “shipping label”. The mails and links hide an infected server which infects PCs with malware in order to access data.
Sender “die-post@pakete-inland.info”
In these cases, the fraudsters use falsified sales advertisements on Swiss advertising platforms and demand that the desired items are paid for in advance using scanned gift certificates. The mails partially contain real data and invite the recipients to send personal payment data. Please note: Swiss Post never requests its customers to send personal payment data. In the e-mail itself, you will see a mix of various delivery organizations.
Invoice amount in the subject line
Other e-mails refer to an invoice or an outstanding payment, the amount of which is also usually mentioned in the subject line (e.g. Swisspost.ch invoice CHF 666). The mails also include a harmful attachment (a docx file) containing malware. You should never open such attachments and should delete the e-mail immediately.
The falsification of e-mail sender addresses is often used for the attempted dissemination of malware. In the short term, Swiss Post is unfortunately unable to do anything to prevent such e-mails being sent, apart from issuing warnings. Any recipients receiving such e-mails are requested to delete the messages and not to open the attachments under any circumstances. If the attachment has been opened, we recommend checking the affected system for any malware attacks with up-to-date antivirus software.