14 August 2020

Attention! Phishing emails circulating

Attention! Phishing emails circulating
The security of your personal data is our top priority at FAIRTIQ, this is why we always take feedback from our users very seriously. On Saturday 8th of August, an online scam used FAIRTIQ and SBB’s name. Understanding the worry of our users, we investigated immediately and confirmed that there is/was no data breach at FAIRTIQ.

What happened?

On Saturday the 8th of August 2020 a first wave of phishing emails were sent out claiming to be from “SBB EasyRide”. We detected the scam within a few hours based on customer feedback.

As a result, we immediately initiated various steps in parallel:

  • Contacted SBB (who is also provider for SwissPass) to make sure we can give our customers a quick answer on the matter
  • Analysed the reported cases to identify the phishing patterns
  • Reported the phishing website to
    • MELANI (Swiss National Cyber Security Centre)
    • Multiple Internet Providers

The reported phishing website no longer works 😎

Important note:

There is/was no data breach at SwissPass or FAIRTIQ. There were multiple customers that wrote us who are neither registered with SBB/Swisspass nor with FAIRTIQ.  

A Second wave of phishing emails has been sent out on 13th of August 2020.

Some awareness-raising measure are currently being worked on together with SBB/SwissPass:


What is phishing?

“Phishing” describes a maliciously intended attempt to trick people into entering valuable information like passwords or credit card data into a fake web interface. Oftentimes phishing messages try to gain the receiver’s trust by mentioning company names or events the user is used to. The, typically unsolicited, message itself usually states that some action by the user is needed (like a problem with an account, a claim for a refund, etc.). And not surprisingly, the action is only one click of a link and a login away. Note that FAIRTIQ will never do this.With the user’s trust, the urge to act and the simplicity to take that measure, fraudsters are unfortunately all too often successful.  

How to protect yourself

In the section below this one, we detail some of the things we have in place to help keep you safe — but you also have a role to play. Here are the most important things to remember.

  • FAIRTIQ staff will never ask for your SMS-PIN, credit card details or any passwords. If someone claiming to be from FAIRTIQ asks for any of these, take a screenshot and report them via the in-app “General Request” straight away
  • We will only communicate with you about the particulars of your account via our dedicated email support.
  • Always use the most recent version of the app (download via Apple App Store or Google Play Store)
  • Double check any links before clicking on them
  • Look for obvious mistakes like
  • Poor language (e.g. syntax in sentence)
  • Missing languages (Italian)