What is phishing?

The word phishing is a contraction of the words "Password", "Harvesting" and "Fishing". Fraudsters phish in order to gain confidential data from unsuspecting Internet users. This may, for example, be account information for e-banking, webmail or social media as well as credit card information. The fraudsters take advantage of their victim's good faith and helpfulness by sending them e-mails with (often) false sender addresses and company logos. The e-mails contain a more or less credible scenario according to which recipients are asked to follow a link to a website where they’re supposed to log in to a service or indicate personal information. The links are often “hidden” behind regular text or an unsuspicious address. Instead of leading to the official website of the respective service provider (e.g. the bank), the links direct users towards an imitation of this site that is controlled by the fraudsters. You can often recognize a fake webpage by the lack of the HTTPS padlock, a strange looking unusual URL, spelling mistakes or misleading questions about security updates or personal information.

Why should I report phishing attempts?

By reporting phishing attempts, you help protect other people. Your report enables us to take measures in order to prevent users to fall victim to phishing and reduce the chances of success of the fraudsters.

What happens after my report?

The NCSC reviews each submission, informs the responsible hosting provider and website owner and asks them to take down the phishing-webpage. In addition, the NCSC shares the URLs with IT security providers, web browser vendors and blacklist providers to achieve a maximum level of protection of the users. The NCSC is not a police unit and does not conduct criminal investigations regarding the submitted phishing attempts. The task of NCSC resides in averting imminent danger to information security, not the prosecution of criminals. If you have suffered financial loss or suffered other damage due to phishing, you may press charges at your local police station.

Can I report malware incidents to antiphishing.ch?

Yes. Submissions to antiphishing.ch related to malware will be analysed and reviewed too. Such submissions help us to spot and identify new malware campaigns.