TWINT is the leading Swiss mobile payment app used to make secure, cashless payments with a smartphone. It allows users to pay at checkout counters, online shops, farm shops, and to transfer money instantly between friends, with funds debited directly from bank accounts or pre-paid. Because TWINT is considered trustworthy, it has become an easy target of cyber criminals. They use various tricks to obtain money from unsuspecting users, and the effort required is minimal.

Fake Payment Requests

These scams normally come in the night or early in the morning to intentionally catch their victim in an unfocussed state. In this scam, the victim receives a payment request with an innocuous-sounding text such as “Thanks back” or “Debt from yesterday.” Many people think at this moment that someone wants to settle an outstanding debt and automatically tap on “Confirm.” In reality, they are authorising a payment—the money does not go to them, but to the fraudsters. The amounts involved are often relatively small—such as CHF 20, 50, or 80. As a result, the transactions hardly arouse any suspicion and many of those affected only realize hours later that they have been scammed. The requests often come from prepaid numbers or the prepaid TWINT app, which can also be used with German, Austrian, or Liechtenstein mobile numbers. In some cases, the perpetrators also use profile pictures to suggest more authenticity.

Tip: If someone sends you money via TWINT, it will simply be credited to your account without requiring acceptance or authorization. If someone legitimately requests money from you, it will clearly state “XY is requesting  money from you.” Any amount that is not in a 5-cent increment (e.g., CHF 19.99) is already suspicious, and fraudulent requests are most often sent in the middle of the night or early morning. If you have received any such suspicious activity, report it to TWINT support as soon as possible.

Classified Scam

Always be very aware when selling items from online sites such as Tutti or Facebook Marketplace. Here, the scammer (the buyer) sends a fake payment confirmation email and then tricks you into providing your personal bank details to “verify” the payment.

Tip: Never disclose your passcode or any other sensitive information.

Phishing SMS

You can also be scammed by cybercriminals sending fraudulent phishing SMS in the name of TWINT. The scammers contact potential victims via SMS and ask them to get in touch with them via a WhatsApp link. Some Phishing SMSs request information to verify your account, others threaten to immediately block your TWINT access, artificially building up pressure. However, the WhatsApp link does not lead to TWINT, but to a conversation with a fraudulent WhatsApp bot. There, potential victims are instructed to either chat with a supposed “customer service representative” or enter their personal information directly on a compromised TWINT website. When a potential victim clicks on the link, they are taken to a deceptively real-looking copy of the TWINT website. The fraudsters then first ask for the phone number and PIN. In the next step, the victim is asked to name the bank linked to the TWINT account so that the fraudsters can access further personal data and bank information in a later phase.

Tip: Never share your PIN or personal data, as TWINT never requests this, and always verify payment requests carefully. Forward suspicious emails to abuse@twint.ch and report them to antiphishing.ch. If you have fallen for such a scam, you should have the cards in question blocked and report the case to cybercrimepolice.ch.

QR Code Fraud

The latest scam is fake letters that pretend to be from TWINT. The fraudsters ask the recipients to scan a QR code and enter their personal login details on the linked website. Never do this!

Tip: Only ever scan TWINT QR codes with your TWINT app to make sure that you remain secure in the protected TWINT environment. TWINT operates only via its mobile app, never through a desktop website.

Advertisement