As the volume and sophistication of cyber-attacks in general grow, it’s more important than ever to stay one step ahead of online criminals. The following tips can be paramount in protection your data, even in times of crisis:

1 – Be alert to phishing emails and bogus calls.

• Watch out for unusual or urgent requests you receive by email, phone or SMS (text message).
• Check the authenticity of a request before sharing any information with people you don’t know. Never click on links or download attachments if you have any doubts.
• Stay alert to bogus or spoofed calls. Never give information over the phone if you have any doubts about the authenticity of the caller.

2 – Stay secure while being online.

• Only visit trustworthy websites and bookmark them. A secure website starts with "https://" and the "s" stands for secure. The data exchanged with the website cannot be intercepted or modified.
• Use multifactor authentication where possible. Otherwise use unique, smart passwords and manage them in a password manager.
• Only consult known, reputable sources for updates on world events and donate through official channels.

3 – Be wary of public WiFi and downloads.

• Be wary of public WiFi hotspots. Avoid using them for online banking, emailing or updating social media, as hackers may be able to access your information.
• Only download software from trusted app stores and keep them up to date.

4 – Be careful what you share.

• Be mindful what you share and like on social media.
• Avoid posting (or including in your public profiles) personal information such as your date of birth, home address, contact details, holiday absences, and other details that may exploited by criminals.
• Only add people to your network that you know and use privacy controls to limit who can see what.

5 – Stop. Think. Act.

• Stop, if something doesn’t seem right.
• Think about the risks.
• Act securely in all your digital interactions.

Victims receive cold calls from fraudsters who promote shares, property or investment opportunities via phone, email or social media and later send a follow up email with a document attached or a DocuSign link.

Fraudsters are offering bogus financial documents such as fixed corporate bonds, purporting to originate from Credit Suisse. Such scams are sent via email or directly via social media, misusing Credit Suisse branding such as employee impersonation or fake websites or accounts.

Phishing is the simplest way for the cyber criminals to launch their attack. The criminals use fraudulent e-mails to convince you to click on a suspicious link or open an attachment to install malware or redirect you to a landing page to steal personal data and login details.

Hackers recreate well-known websites to capture your user credentials, such as passwords, Social Security numbers, credit card information, to name a few. They then use this stolen information to access your banking and other accounts.

Phishing materials often look genuine and may appear to originate from real people, organizations, institutions, and websites. While there is no guarantee to be 100% safe from cyber attacks, the following precautions are suggested to better protect you:

• Maintain a medium or higher level of security on your browser settings.
• Make sure the web address of any site you visit begins with "https://". Some browsers show a padlock icon next to the https:// to indicate that you have a secure connection
• Log out after using an Internet banking or e-commerce service to ensure your session has closed.
• Keep your cookies and browser cache clear so that hackers cannot access your history and obtain information.
• Remember that hackers increasingly target children on social media and gaming websites.
• Be mindful of the sites you visit: Do not visit sites that provide illegal downloads or illegal content (e.g., file sharing). Even if you do not download any files, you are vulnerable to viruses that can infect your computer.
• Keep pop-ups and ads blocked, and never respond to pop-ups asking you to submit or resubmit your log-in information.
• Beware of urgent emails requiring action (e.g., "Security Check", "Activation", "Verification" or any request to wire funds or make other payments).
• Do not provide sensitive personal information over email. A better practice is to call the sender directly.
• Change the password to your home router. With an increase in remote working and confidential work-related information passing through home networks, there is an elevated risk of hackers attempting to access and use default router passwords as attack points.

Please report all phishing emails and email headers related to Credit Suisse to security@credit-suisse.com.

While there is no guarantee to be 100% safe from cyber attacks, here are some tips on how to protect yourself while online shopping.  

• Regularly check your banking and credit card transaction histories and your statements for any suspicious transactions.
• Use two-step or multi-factor authentication when it's available – you confirm your ID in two steps each time you use an ATM – with a debit card and PIN. Do the same online.
• Enable private browsing whenever possible – prevent cookies and browsing history from being stored/saved to your device.
• Use trusted bookmarks for important sites – not email links or pop-ups
• Close windows containing pop-up ads or unexpected warnings using the X in the upper right-hand corner.
• Do not buy anything promoted in a spam message – even if it is a legitimate company, your purchase encourages spamming
• Remember every device carries a risk. Laptops, tablets and mobile phones are all susceptible to wireless security breaches. Do not connect to sites you don't know or recognize. Don't assume a Wi-Fi link is legitimate; hackers create fraudulent access points that appear to be identical to one that's legitimate. Instead, use a virtual private network (VPN), which allows only authorized users to access the network so data cannot be intercepted. Do not connect to sites you don't know or recognize.

As we become more connected through the use of our devices, below are tips to better protect yourself. Please note while these tips will reduce your risk against cyber attacks, these tips will not 100% guarantee your safety.

Best practice guidance for your personal devices

• Adjust your security settings to restrict access to your data via wireless and Bluetooth connections. Turn off Bluetooth when you don't need the connection – your device will be less vulnerable both to cyber-attacks and you will not drain the battery life. For Apple devices, your Bluetooth settings will reset daily.
• Keep your phone or computer locked – make sure it is password/PIN protected at all times.
• Turn off notification pop-ups for text messages that may show your two-factor authentication code on the screen.
• Update device's operating system software to ensure you have the latest security patches.
• Update the apps on your device when new versions become available, as these often include security patches.
• Avoid clicking on Internet ads: Ad-blocking apps exist for both Android and Apple devices, and browser settings can be adjusted to limit ad tracking.
• Install a security app to scan and remove malware-infected apps. 
• Encrypt sensitive information – if your mobile device or laptop has data encryption features, use them.
• Monitor how apps behave on your phone - keep track of permission access/requests from apps installed on your device. Use a reputable anti-malware/virus program and update regularly. Mobile devices are susceptible to the same risks as your home or office computers. If you think your device has been infected with malware, contact either the device maker or your mobile phone carrier for help.
• Choose a smartphone with anti-theft security features. If your phone is lost or stolen, set up remote access allowing you to lock it, wipe the data stored on it and identify its location.
• Regularly back up your devices to your home computer or cloud network so that you have access to information if your device is lost, stolen or corrupted.
• Do not try to bypass security controls in the device's operating system (i.e., don't jailbreak or root your phone).
• Erase all your personal data before selling or recycling your device 

For more information please visit the Vulnerability Disclosure Policy page

Please click the respective links below for further information:

Australia:

• Scams targeting ASIC customers | ASIC - Australian Securities and Investments Commission
• Companies you should not deal with - Moneysmart.gov.au
• Home | Scamwatch

Singapore:

• Singapore Cyber Security Awareness Alliance (formed by IDA & companies from public & private sectors)

Switzerland:

• Reporting and Analysis Centre for Information Assurance MELANI (Federal Administration of Switzerland)
• Swiss Bankers Association

United Kingdom:

• Prudential Regulation Authority (PRA)
• Financial Conduct Authority (FCA)
• UK Finance (formerly British Bankers' Association (BBA))

United States:

• Financial Industry Regulatory Authority (FINRA)
• Federal Trade Commission (FTC)
• U.S. Computer Emergency Readiness Team (US-CERT)