Cyber Security: Zweifaktor-Authentifizierung mit Smartphone am Laptop

Phishing – beware of data theft

Beware of fake (phishing) emails that appear to be from CSS. The fraudsters’ aim is to steal personal data such as date of birth and account or credit card numbers.

Recognising & avoiding attempted fraud

Cybercriminals often use emails or text messages (e.g. SMS or WhatsApp) to try and trick you into visiting fake CSS websites. When users visit the fake site, they are asked to enter their data. 

NB: CSS will never send you an email asking you to reveal personal data or credit card information.

How to recognise phishing emails

Phishing attacks can take many different forms, but there are a number of typical features to look out for.


Do you know the sender? Does the email address match the displayed name?


Was the email also sent to other people? If yes, do you know any of them?


Is the salutation impersonal? Are you being asked to do something, e.g. to log in?


Does the email contain threats like “Otherwise your account will be blocked”?


Were you expecting an attachment? Is it a normal file type with a normal file name? Has your virus scanner displayed an alert message?


The link in the email doesn’t begin with https:// or is otherwise suspicious, e.g. or

How to prevent phishing

  • Always use the myCSS app to communicate with CSS.
  • Add to your favourites or open the login page via 
  • Do not disclose any personal data over an unsecured internet connection.
  • Always keep the antivirus software and firewall on your devices up to date.

myCSS – a secure solution

myCSS is the popular client portal for insured persons. myCSS has protected access – just like e-banking – and helps you take care of all your insurance matters securely and quickly.

At CSS, we attach the greatest importance to your privacy. That is why myCSS meets the very highest standards of security and data protection.

Suspicious email – what now?

  1. Report the suspicious e-mail to the National Cybersecurity Centre NCSC.
  2. Delete the email immediately if it doesn’t have a bona fide CSS sender address (,, and
  3. Don’t click on any links you don’t recognise or open any suspicious email attachments.
  4. Have you already disclosed data? Change your passwords and block your account or credit card.
  5. If malware is transmitted, disconnect network cables and turn off Wi-Fi immediately.

Phishing email sent in February and May 2024

CSS sends emails from the following addresses:,, and

Fake email regarding myCSS refund (CHF 376.00)

How to see the email’s sender:

  • Open the email and look at the top. You’ll see the name of the sender there.
  • Click on the sender’s name to reveal the full email address.
  • If you can’t see the email address, look for the “Show details” or “View headers” option.