The semi -annual report of the Federal Cybersecurity Office (OFCS) highlights the extent of the threat in the digital world. Last year, nearly 63,000 cybercidents were reported in Switzerland, an increase of 13,500 declarations compared to the previous year.
Cases of fraud, hammetering (phishing) and rotten (spam) remain the most frequently reported. The increase compared to 2023 is mainly based on the phenomenon of false calls on behalf of the authorities, with nearly 22,000 reports against around 7,000 in the previous year, the report underlines. On the other hand, email threats have decreased. For the past four years, crooks have been tending to use the phone more and more as a communication channel.
With regard to “fraudulent games”, the OFCS even observed a tripling of the number of messages received during the second half of 2024 (around 2400 new messages). In many cases, the names of food and retail business, electronics traders or known transport companies in Switzerland have been used abusive.
>> Read also: Crypto, video games, “sextrusions”, twint … the scams that trap young people the most in Switzerland
>> Review the subject of 7:30 p.m.:
Mail, SMS, iMessage…
Companies were strongly faced with the phenomenon of “fraud to the CEO”. These are allegedly urgent payment requests from the chief or the president. Telephone calls of so -called banking employees or the collage of QR codes on parkmeters are also part of the current scam diagrams. In addition to conventional emails or SMS, crooks also use the iMessage to bypass the SMS filters of large access providers.
Another method is to flood the messaging of spam, said director of OFCS Florian Schütz on Tuesday in front of the media. Then, technical support is offered via internet communication platforms, thanks to which victims can download malware, which allows criminals to access the desired IT environment.
>> Read also: Swiss SMEs and individuals have a false feeling of security in the face of cyber attacks
Attacks on critical infrastructure
Since April 1, 2025, cyber attacks against critical infrastructure have been subject to a notification obligation. During the first month since its launch, the OFCS recorded 25 notifications. Four of them provided indications on how hacking took place and two benefited from the support of the Confederation. “We expect the number of reports to increase,” said the director of the OFCS.
Critical infrastructure operators such as supplying energy or drinking water, transport companies as well as cantonal and municipal administrations must report cases to OFCS within 24 hours for certain cyber attacks. If this is not the case, sanctions of up to 100,000 francs are planned. However, these will only come into force from October 1, 2025.
The obligation to announce exists to better understand where the problems are located and what technologies are necessary to master attacks, according to Florian Schütz. If the cyber attacks are countered, it is not necessary to report them, because there has never been a real threat.
>> Listen to the WHEP TO TALK (January 2024):
Julie Liardet with ATS
