Cybersecurity

Digitization is making our lives easier – and unfortunately also those of cyber criminals.

Cybersecurity: Strong against fraudsters

Digitization is making our lives easier – and unfortunately also those of cyber criminals. They use clever scams to exploit the potential for attacks on the Internet and target private individuals and companies. They target sensitive data and can cause considerable financial damage.

Where are the biggest dangers hiding? Raise your awareness – our tips can help. And if you have become a victim of fraud, lose no time and take action immediately.

Important notice
InCore Bank makes every effort from a regulatory, technical and procedural perspective to protect its clients from abuse. As a pure business-to-business transaction bank, InCore Bank AG maintains its business contacts with financial institutions such as banks and securities firms and with financial intermediaries such as fintech companies. It performs various tasks on their behalf and does not maintain a direct relationship with end customers. The information compiled here serves as initial guidance for end customers/individuals. In case of fraud, please contact your bank or customer advisor directly.

Important terms explained

Phishing

An attacker pretends (via e-mail, SMS, telephone) a false sender and tries to obtain payments or sensitive data. Don't be pressured to click on a link, provide personal information, forward something, or open an attachment.
Good to know: A bank will never ask for your data by e-mail or SMS, or ask you by phone to carry out a transaction together, or open any web pages via a link. If you receive an email or SMS from InCore Bank and are not sure if it is phishing, please contact us immediately at: information@incorebank.ch.

Ransomware

A harmful program that infiltrates a computer and with its help the attacker denies or restricts your access to personal data and systems. The attacker demands a ransom for decryption.

Spyware

A person's Internet activities are monitored and sensitive data (passwords, financial information, etc.) is intercepted. Spyware collects the information on a PC or network and sends it to the attacker.

Deepfakes

Artificially created fakes of videos, images or voice messages that appear deceptively real.

Malware

A generic term for software that aims to infiltrate computers or cell phones without your knowledge, thereby causing damage. Well-known examples of malware are Trojans, viruses, spyware or ransomware.

Trojaner

What looks like a useful application at first glance turns out to be a dangerous program that is abused for criminal purposes. When opening an unknown file attachment or unintentionally downloading manipulated software, the Trojan installs itself on the computer to destroy files, send spam emails or spread malware.

Protect from attacks

Here you will find further links to better protection against cyber fraudsters with a focus on digital banking and digital investments. As a general rule, never be pressured. Use trusted sources, check with a healthy dose of suspicion, and keep your devices, software, and passwords up to date.

Eidgenössische Finanzmarktaufsicht (FINMA)
One of the mandates of the Swiss Financial Market Supervisory Authority (FINMA) is to protect investors. A wide range of information can be found on its website:
Protection against investment fraud
Companies with FINMA authorization
FINMA public warning list
Reporting possible violations of financial market law
Nationales Zentrum für Cybersecurity (NCSC)
The National Cyber Security Center (NCSC) is the federal government's center of excellence for cyber security and the first point of contact for business, government, educational institutions, and the public on cyber issues:
Overview current incidents
Information for individuals
E-Banking malware
SecureE-Banking
Incident reporting
Hochschule Luzern
Interested parties can also find practical information for the secure use of e-banking applications at www.ebas.ch. The Lucerne School of Information Technology was commissioned to set up the portal, which is currently supported by over 90 financial institutions from Switzerland and the Principality of Liechtenstein.
Police
The local police help with detection and prevention. Europol also provides information on various forms of fraud, especially in connection with investment fraud. Local police helps with education and prevention.

In case of fraud: do not lose time

First contact your own bank from which the payment was made and the local authorities. They will contact InCore Bank.*

1. Collect information

– How did attacker contact?
– Time and number of contacts
– Content protocol of the contacts
– Description of the fraud
– Description environment (e.g. Call-Center)
– Approach/characterization of the perpetrators
– Information on affected accounts

2. File a complaint

Contact your bank/contractor and local authorities with the information collected.

If you decide to report to the Swiss Financial Market Supervisory Authority or the National Cyber Security Center NSCS, you also support prevention:

* Please note:As there is no contractual client relationship between you as an individual and InCore Bank AG, InCore Bank is not permitted to disclose information about any client relationships due to Swiss bank client confidentiality laws. Therefore, please contact your own bank and the local authorities first. They will contact InCore Bank. The following information can be sent to us in advance:

Transaction amount / transaction date
Currency
Client's bank
Reference number
Beneficiary name/account number
Description of the fraud
Supporting docutments (e.g., transaction receipts, confirmation of fraud report to law enforcement agency, police report)

Q+A

I have mistakenly entered an incorrect reference number or no reference number at all when entering a payment to be made via InCore Bank. How do I proceed?

Contact your bank respectively your contractual partner. At the same time, you can also inform InCore Bank by e-mail and send us the corresponding payment receipt.

Can I open a personal account or invest my money with InCore Bank?

No, not as a private individual. As a pure business-to-business bank, InCore Bank maintains its business contacts with financial institutions such as banks and securities firms and with financial intermediaries such as fintech companies. It performs various tasks on their behalf. InCore Bank does not maintain a direct relationship with end customers.

What is phishing?

This is the term used to describe attempts to obtain personal data from Internet users or to persuade them to commit harmful acts via fake web pages, e-mails or SMS (smishing). The persons contacted are asked to go to a web page as quickly as possible, enter data, send data, open links, call telephone numbers or view/fill out attachments.
Please note that we never ask our clients to open any web pages via a link from an e-mail or SMS for the purpose of identifying/activating a card account and to enter all credit card or personal access data there. In addition, we never request payments with bitcoins or other digital currencies to open an account with our bank. All emails sent to you by InCore Bank AG originate from the email address @incorebank.ch. All other domains are not from us and very likely phishing emails.

I became a victim of phishing – what can I do?

Contact your own bank from which the payments were made and the local authorities. They will contact InCore Bank. You can also send us the following information in advance:

Transaction amount
transaction date
currency
Bank of the ordering party
Reference number
Name and account number of the beneficiary
Exact description of the fraud
Supporting documents such as transaction receipts, confirmation of fraud report to law enforcement agency, police report

Please note: As there is no contractual customer relationship between you as an individual and us as InCore Bank AG, due to Swiss bank customer confidentiality InCore Bank AG is not permitted to disclose information about any customer relationships. Please first make the request to your bank and/or contractual partner.

I have received documents from InCore Bank, can I verify them?

If you receive an email or SMS from InCore Bank and are unsure if it is a phishing/smishing message, please contact us before replying to the message, clicking on a link or responding as prompted.

How long does it take for a request to be processed by InCore Bank?

Inquiries will be answered as soon as possible, within a maximum of two business days.
Please contact us by e-mail.

How do I protect myself from investment fraud?

Carefully examine supposedly lucrative financial investments from the internet. Never allow yourself to be pushed and inform yourself about the provider, for example by consulting the FINMA warning list. The attacker tries to persuade you to open an account - often via a reputable-looking website. You are then supposed to deposit money into this account, via credit card or in cryptocurrencies. After an initial profit, you are urged to make further investments. If you refuse, the contact is terminated - your money is gone. Do not make any further deposits in case of suspicion and file a complaint immediately.

Unexplained e-banking transactions – what should I do?

Inform your bank immediately, do not make any more transactions on the affected device and have your computer examined by a specialist.

What else can I do to increase my digital security?

Be attentive, surf the internet prudently, use secure passwords, do not carelessly pass on personal data, regularly check your account statements, ignore or delete e-mails from suspicious senders, back up your data regularly, activate a firewall, install virus protection and always keep your operating system and apps and programs up to date with software updates. And: Get support immediately if you are unsure or suspect a scam.