Image: Pia Bublies


“Unfortunately your package could not be delivered as the shipping costs have not been paid.” Sound familiar? If you spend time online, you have probably already received an email or SMS like this, together with a request to click on a link. Phishing (“password harvesting” + “fishing”) is a popular method for stealing sensitive data online. Phishing messages are hard to prevent, as email addresses and phone numbers are traded both legally and illegally. It is important that you stay alert and seek support, for example from the experts at UBS.

Scammers have a worldwide distribution network.
Marcel Drescher, Head Fraud Services, UBS Card Center

Phishing is a global problem. According to Marcel Drescher, Head Fraud Services at the UBS Card Center: “Scammers have a worldwide distribution network.” This makes criminal prosecution difficult, because the majority of phishing emails are sent from abroad. These criminals are also constantly changing their sender address and methods, and are highly organized. However, proven security measures make scamming impossible, at least in theory and provided you exercise the necessary caution.

1. Do not click on links

An email or SMS is the first step in a scam. A message purporting to be from a delivery service is a common ruse right now, but notifications about winning a prize, invoices to be signed or problems with your bank account are also popular subjects. And scammers keep coming up with new tricks.

Grounds for suspicion: Some phishing emails are easy to spot. They may be in the wrong language and may contain spelling errors or even foreign characters. The sender’s address can also be a giveaway, so check whether the email address is familiar and whether it matches the sender in the email.

Payment requests are not generally sent in an email with a link. You should also be suspicious if you cannot understand why you have received a given message.

What to do: Delete the message. Do not click on the link, because it could also be a computer virus. If you are not sure, even if the email appears to come from UBS, forward it to our phishing experts.

2. Be careful who you share your credit card data with

If you do click on a phishing link, it will usually take you to a fake web form that asks you to enter your credit card details.

Grounds for suspicion: Be very careful if you are prompted to enter your credit card data. Also make sure you know exactly which website you are on. Is it the same as the one mentioned in the message? Is the URL correct? Does the padlock symbol indicating a secure connection appear in the entry field for the Internet address?

What to do: Do not enter your credit card data. Only do it on trusted websites that you have accessed yourself by entering the URL address directly.

Secure online shopping with your card

For improved security, many online shops use the 3-D Secure confirmation method. When making online purchases, you’ll be asked to confirm card payments, which you can do easily and securely with the UBS Access App or with a single-use SMS code.

3. Do not confirm your entries

Even if you have entered your credit card data on a form that appeared after you clicked on a phishing message, it’s still not too late to stop being scammed.

Grounds for suspicion: After entering your credit card data on a form, you will either be taken to the UBS Access App or you will be asked to confirm the transaction via SMS code. Now look carefully at the amount and the recipient. Does an amount of CHF 199.00 appear, instead of the true package charge e.g. of CHF 1.99? Is the biller suddenly a mail order company or an unknown account rather than the parcel service? If so, your authorization would trigger a payment to the scammer, and it would be impossible to get your money back.

What to do: Be watchful and check all the transaction details carefully. UBS security measures will indicate possible dangers. Do not confirm the transaction in the UBS Access App and do not use the SMS code.

4. Block your card to prevent further losses

As soon as you confirm a transaction in the UBS Access App or enter the SMS code on the phishing website, your money will leave your account. A transaction authorized by you cannot be refunded, even if it is fraudulent. By activating a setting in the UBS Digital Banking, you will be informed immediately via push notification every time you make a transaction. You can then act immediately and prevent any further fraudulent payments. UBS recommends that you always activate notifications.

What to do: To prevent further losses, block your card as quickly as possible, either directly in UBS Digital Banking or by calling our hotline. This will also prevent further purchases being made if your credit card has been stolen. You will not be liable for any transactions made after the card has been blocked.

Secure digital banking

UBS Digital Banking is the secure way to do your banking. Find out about the four building blocks that ensure security and check how secure you are by taking the UBS Security Check.

Working together against fraud

To ensure that online payment transactions are as secure as their offline equivalent, UBS relies on a fourfold security approach: secure and unambiguous identification, advanced security settings with real-time notifications, prevention using artificial intelligence and an extended service.

Fraud specialist Marcel Drescher describes the fourth building block as follows: “UBS helps its clients to handle their sensitive data responsibly and correctly. With these four building blocks, we all work together to achieve maximum security.”

Learn more about this topic

Simple and secure payment with your smartphone