Fake Bank Employee Scam in Ticino: Police Alert (cross-border guide)

The Cantonal Police reports a surge in phone scams using "spoofing." Criminals pose as your bank to steal data and money. Here's how to protect yourself.

Context

TL;DR

  • Scam in Ticino: fake bank officials via spoofing calls.
  • Victims pressured to reveal sensitive data or authorize payments.
  • Scammers use WhatsApp, Telegram, and mobile spoofing.
  • Banks never ask for passwords or codes via phone or message.

Key facts

  • Cosa: Scam via spoofing calls impersonating bank officials.
  • Quando: Increase in attempts reported in early 2026.
  • Dove: Canton Ticino, Switzerland, affecting cross-border workers.
  • Chi: Criminals posing as bank officials using spoofing technology.
  • Dati rubati: Login credentials, OTP codes, and direct payment authorizations.
  • Tecnica: Spoofing on mobile networks, not possible on landlines since January 1st, 2026.
  • Consiglio: Never provide sensitive data over the phone or messages.
  • Fonte: Cantonal Police statement, February 20, 2026.

The Ticino Cantonal Police has issued an urgent statement that directly concerns the financial security of all residents and workers in the Canton, including thousands of cross-border workers (frontalieri). There is a worrying increase in attempted phone scams perpetrated by criminals posing as bank officials. The technique used, known as "spoofing", is particularly insidious: criminals manage to make their victim's bank's official phone number appear on the mobile phone display. This move immediately lowers defenses, leading people to believe they are genuinely speaking with a trusted operator.

Operational details

How the Scam Works and Why It's So Effective

Spoofing is a technological manipulation that allows masking one's phone identity. In practice, the software used by scammers intercepts the call and replaces their real number with that of the bank they intend to impersonate. This deception, unfortunately, is technically possible and exploits vulnerabilities in telephone networks. It's important to note, as the Cantonal Police specifies, that since January 1st, this technique is no longer possible on landlines in Switzerland, but it remains a concrete and widespread threat on the mobile network, which is the predominant communication channel today.

The data targeted by criminals are always the same, but the methods to obtain them are constantly evolving and becoming more refined.

  • Login credentials: e-banking username and password.
  • Authorization codes: the numerical codes (OTP - One Time Password) that banks send via SMS to confirm transactions.
  • Direct authorizations: requests to approve push notifications from the bank's app to validate fraudulent transactions.

Psychological pressure is the main weapon. Phrases like "They are trying to steal your money right now!" or "We need to block the transaction immediately, give me the code you just received" are designed to short-circuit rational thought. The victim, frightened by the potential financial loss, acts on impulse, effectively handing over the keys to their account to the scammers. Once the information is obtained, criminals can make transfers, online purchases, or other illicit operations in moments.

Key points

Practical Tips: How to Protect Your Salary

The golden rule to avoid falling into this trap is simple: your bank will NEVER ask you over the phone, email, or message to provide passwords, security codes, or full credentials. Any such request should immediately raise a red flag.

💡 Here is a checklist of actions to take:

  • End the communication: If you receive a suspicious call, even if the number looks correct, hang up immediately. Don't feel embarrassed or rude; your security is the priority.
  • Verify independently: Find your bank's official number (on their website, on the back of your debit card) and call them yourself to ask if there are indeed any issues with your account.
  • Don't click on links: Never click on links received via SMS or messages that seem to come from your bank. Access your e-banking only by typing the official address in your browser or through the official app.
  • Be wary of urgency: Any request made with extreme haste and pressure is a danger signal.

For a cross-border worker, having full control of one's finances is crucial. Knowing the exact amount of your net salary, after withholding taxes, social security contributions, and the franc-euro exchange, not only allows for better planning but also helps in quickly identifying any discrepancies or anomalous transactions. Using reliable tools to monitor your income is the first step towards secure financial management. You can start getting a clear picture right away by using our net salary calculator for frontalieri.

(Source: Cantonal Police, 20.02.2026)

Frequently Asked Questions
What is 'spoofing' and why is it dangerous for Switzerland-Italy cross-border commuters?
'Spoofing' is a scam technique that masks the telephone identity by showing the number of a bank. It is dangerous because it tricks victims into revealing sensitive data, such as login credentials or security codes, putting accounts in Switzerland and Italy at risk.
What is the specific risk for Switzerland-Italy cross-border commuters in connection with spoofing fraud?
Cross-border commuters often manage accounts in both Switzerland and Italy, increasing the attack surface for criminals, who can exploit the complexity of accounts in two different jurisdictions.
What should I do if I receive a WhatsApp or Telegram message that looks like it came from my Swiss or Italian bank?
Do not reply or click on any links. Contact the bank only via the official number (website or back of the card) to verify the authenticity of the message. Scammers use logos and names of banks to deceive.
How can I tell the difference between a fake and a real call from my bank?
Banks never ask for credentials or codes over the phone. If the call seems urgent or threatens blockages, hang up and call the bank yourself with the official number. Spoofing can spoof the number as well.
What bank details should I absolutely never share with anyone, not even with the bank on the phone?
Never communicate passwords, OTP (SMS) codes, PINs, card details or push authorizations via phone, email or messages. The bank asks for them only through secure channels and never in an emergency.

Related articles