The emails appear to be aimed specifically at Strato users, although users of other providers such as 1&1 have also been affected in the past. The email text points out the urgency with which the extension form should be used. This can be accessed via the attached link, which, however, redirects to a fake website.

Screenshot: LKA Lower Saxony / Fake Strato-Mail with phishing link
Screenshot: LKA Lower Saxony / Fake Strato-Mail with phishing link

Fake Strato website!

Anyone who follows the link and may not be warned about phishing by their own browser/mail program will end up on a login page that is modeled on the Strato website.

First, the access data for a possible real account at Strato is accessed here, with which the perpetrators can carry out further measures within the domain administration (change web content, influence email traffic, change customer data, etc.).

Image: Screenshot of the fake Strato website
Image: Screenshot of the fake Strato website

If you look at the real link in the browser bar (marked red in the image), you will see that this is not the real Strato website.

In the next steps, credit card details including check digits and TAN are required as input.

Image: Screenshot of the fake Strato website, entering credit card details
Image: Screenshot of the fake Strato website, entering credit card details

In addition to the access data, the perpetrators now also receive valid card data. Even if only €1 is supposedly debited here, which is perhaps bearable, the debit could be higher in the background or at least the card data could be collected for later misuse.

The company Strato gives the following tips regarding phishing and security:

The Strato validation service offers the possibility of checking emails that supposedly come from Strato for authenticity.

Here Strato provides general information about phishing . Strato also mentions the possibility of providing the customer login with two-factor authentication .

Anyone who has fallen for this scam should inform their provider (in this example Strato ) immediately. The access data should be changed immediately. Check the stored content, data and settings (website, email settings, customer data, storage, etc.). If abusive changes can already be seen there, capture them as evidence, for example using a screenshot. If you have a website manager/admin available to you, inform them of these circumstances.

Inform your credit card company and have the credit card you provided blocked. Please check the following debits/account statements.

Then file a report with your local police and bring the information you have with you to file the report.

In general, you should be careful with emails that involve blocking/validation (and similar measures). Never click on links/attachments from such emails. If in doubt, check the information by visiting the websites you know yourself/calling the service and checking your customer data there.

Source: LKA Lower Saxony

Also read: This is what a “WhatsApp scam” looks like – original images published


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )