Warning: Malware and phishing e-mails with “SBB” as the sender.
There have been more malware and phishing e-mails going around. These aim to get hold of personal details such as your login for the SBB Ticket Shop or to infect your computer or smartphone using a link or attachment.
SBB never sends e-mails of this kind. The e-mails falsely use SBB’s name and e-mail addresses as the sender details when in actual fact, the e-mails come from scammers who have falsified this information. We advise you to be extremely cautious with suspicious e-mails with attachments or links.
- If you are unsure, delete these e-mails and do not click on the attachment or link under any circumstances.
- Do not trust unsolicited or unexpected e-mails. Scams like this tend to take advantage of trustworthy companies.
- Never divulge your personal details or login information. SBB never asks for security information such as your password by e-mail or telephone. Please do not reply to e-mails like this and do not follow the instructions they contain either – even if they tell you that your account will be blocked or deleted, or they make threatening demands.
- Do not install any software or apps if you are asked to do so in an e-mail or on the login page – even if the request appears to come from SBB.
Protect your computer with up-to-date antivirus software, a firewall and anti-spyware software. Install updates for these programs regularly. Keep your system up-to-date at all times and install the security updates provided for your operating system, browser, e-mail application or for any other programs or apps you use.
For more information about malware and phishing e-mails, dangers on the Internet and how to protect yourself, visit the following sites:
- Reporting and Analysis Centre for Information Assurance (MELANI)Link opens in new window.
- Cybercrime Coordination Unit Switzerland (CYCO)Link opens in new window.
- Anti-Phishing Working GroupLink opens in new window.
Example of a malware/phishing e-mail.
The sender address “firstname.lastname@example.org” is a fake. Sender details such as name, e-mail address and subject line may vary.
The attachment contains a fake invoice. The file is infected and may contain a Trojan horse or virus. The attachment must not be opened under any circumstances.