Cyber Security: Zweifaktor-Authentifizierung mit Smartphone am Laptop

Phishing – beware of data theft

Beware of fake (phishing) emails that appear to be from CSS. The fraudsters’ aim is to steal personal data such as date of birth and account or credit card numbers.

Recognising & avoiding attempted fraud

Cybercriminals often use emails or text messages (e.g. SMS or WhatsApp) to try and trick you into visiting fake CSS websites. When users visit the fake site, they are asked to enter their data. 

NB: CSS will never send you an email asking you to reveal personal data or credit card information.

How to recognise phishing emails

Phishing attacks can take many different forms, but there are a number of typical features to look out for.

Sender

Do you know the sender? Does the email address match the displayed name?

Recipient

Was the email also sent to other people? If yes, do you know any of them?

Content

Is the salutation impersonal? Are you being asked to do something, e.g. to log in?

Threat

Does the email contain threats like “Otherwise your account will be blocked”?

Attachment

Were you expecting an attachment? Is it a normal file type with a normal file name? Has your virus scanner displayed an alert message?

Hyperlink

The link in the email doesn’t begin with https:// or is otherwise suspicious, e.g. ccs.ch or css-versicherung.ch?

How to prevent phishing

  • Always use the myCSS app to communicate with CSS.
  • Add my.css.ch to your favourites or open the login page via css.ch. 
  • Do not disclose any personal data over an unsecured internet connection.
  • Always keep the antivirus software and firewall on your devices up to date.

myCSS – a secure solution

myCSS is the popular client portal for insured persons. myCSS has protected access – just like e-banking – and helps you take care of all your insurance matters securely and quickly.

At CSS, we attach the greatest importance to your privacy. That is why myCSS meets the very highest standards of security and data protection.

Open myCSS

Suspicious email – what now?

  1. Report the suspicious e-mail to the National Cybersecurity Centre NCSC.
  2. Delete the email immediately if it doesn’t have a bona fide CSS sender address (@css.ch, @mail.css.ch, @service.css.ch and @premium.css.ch).
  3. Don’t click on any links you don’t recognise or open any suspicious email attachments.
  4. Have you already disclosed data? Change your passwords and block your account or credit card.
  5. If malware is transmitted, disconnect network cables and turn off Wi-Fi immediately.

Phishing email sent in February and May 2024

CSS sends emails from the following addresses: @css.ch, @mail.css.ch, @service.css.ch and @premium.css.ch.

Fake email regarding myCSS refund (CHF 376.00)

Phishing email of 22/05/2024: Fake email regarding myCSS refund (CHF 376.00)
Phishing email of 22/05/2024: Fake email regarding myCSS refund (CHF 376.00)

Fake email from sender userinf@dblx.ch regarding myCSS refund.

Phishing email of 14/02/2024: Fake email regarding myCSS refund (CHF 376.00)
Phishing email of 14/02/2024: Fake email regarding myCSS refund (CHF 376.00)

Fake email from sender userinf@dblx.ch regarding myCSS refund.

1 | 2

How to see the email’s sender:

  • Open the email and look at the top. You’ll see the name of the sender there.
  • Click on the sender’s name to reveal the full email address.
  • If you can’t see the email address, look for the “Show details” or “View headers” option.

This might interest you