Protect Your Twint Account: How to Prevent Phone Scams in Switzerland

Cybercriminals are currently targeting residents by impersonating employees of the Elektrizitätswerk der Stadt Zürich (EWZ) to gain unauthorized access to Twint accounts. According to the Kantonspolizei Zürich, the perpetrators use “spoofing” technology to display legitimate phone numbers on victims’ devices to solicit sensitive information, including verification codes, which are then used to hijack accounts and transfer funds.

How the Fraudulent Process Works

The scam relies on a multi-stage deception that begins with a phone call. The Kantonspolizei Zürich reports that attackers use spoofing to make the call appear as if it is originating from a trusted source, sometimes even displaying the actual phone number of the EWZ. During the conversation, the callers claim to be addressing issues such as customer data updates, security checks, or refund processing.

How the Fraudulent Process Works

To facilitate the theft, the callers send an SMS containing a link. This link directs the victim to a fraudulent website designed to mimic the appearance of the EWZ and, subsequently, a Twint portal. By entering their bank details and a verification code into this fake interface, victims unknowingly grant the criminals full control over their financial accounts.

Did You Know?

Did You Know? The perpetrators utilize “spoofing” to manipulate caller ID displays, allowing them to mask their true identity by mimicking the verified phone numbers of legitimate institutions like the EWZ.

Expert Insight: The Escalation of Digital Impersonation

Expert Insight: This incident highlights the increasing sophistication of social engineering, where the primary vulnerability is no longer software, but human trust. By mimicking the digital infrastructure of trusted utility providers, criminals are effectively bypassing traditional security awareness. The reliance on verification codes as a “key” to the account creates a single point of failure that, once surrendered, allows for near-instantaneous financial loss.

Anubex: Eindeutig Krypto-Betrug, Warnung!

What Happens Next

If an individual falls victim to this scheme, the immediate consequence is the unauthorized transfer of funds from their linked bank account via Twint. Because the criminals obtain the necessary verification codes directly from the user, transactions can often be processed before the victim realizes the account has been compromised. Moving forward, authorities emphasize that anyone who believes they have been targeted should contact their bank or financial institution immediately to initiate an account freeze and file a formal police report.

Frequently Asked Questions

What should I do if I receive a suspicious call from the EWZ?

You should hang up immediately. Do not click on any links sent via SMS, email, or messenger services, and never provide sensitive data or verification codes over the phone. Contact the institution directly through their official, verified channels.

How do the criminals access my money?

By tricking you into entering your bank details and verification codes on a fake website, the attackers gain the necessary credentials to take over your Twint account and initiate unauthorized transactions.

What is the first step if my account is compromised?

You must contact your bank or financial institution immediately to have your Twint account blocked and then file a report with the police.

Have you reviewed the security settings on your mobile payment apps recently?

Leave a Comment