Fraudsters are currently sending more emails in the name of the bank “BAWAG PSK”.

It asks you to activate a new service by entering your bank details on a fake BAWAG page. Attention, our cooperation partner Watchlist Internet warns: this data ends up directly in the hands of criminals!

"Last reminder". This is the subject of the fake BAWAG PSK email. Numerous readers of the Watchlist Internet are currently reporting the email. Both the email and the website to which you are redirected look deceptively real. We'll show you how you can still recognize the fraud.

Take a close look at the email address! Does it actually come from BAWAG PSK?

Fraudsters are currently sending this text at random to numerous recipients:

Dear Customer,

Your advisor has sent you a new communication regarding the information related to the new banking regulations implemented by BAWAG PSK.

Your advisor invites you to activate your new “BAWAG PSK clear” service to secure your banking transactions by clicking on the secure link below:

Start activation

Greetings from

Your BAWAG PSK team

[mk_ad]

But how do you know if the email is fraudulent? These two indications are definitely an alarm signal:

  • Incorrect email address: Fraud is most clearly visible through the email address. Even if “eBanking BAWAG PSK” is stated as the sender, the email address is completely different, namely “ [email protected] ” – this has nothing to do with the bank!
  • “Dear customer” : This or other general salutations are often used by fraudsters because they do not know the name of the recipient.
This message is currently being sent randomly to numerous recipients. / Source: Watchlist Internet
This message is currently being sent randomly to numerous recipients. / Source: Watchlist Internet

Check the website before entering your details!

If you have already clicked on the link that is hidden behind the words “Start activation”, you will be taken to a replica BAWAG PSK page. You should log in there with your access data. But be careful: A closer look will show you that you are on the wrong page - even if the original and the fake page look very similar!

You can see the fraudulent website at the bottom left and the original website at the top right. / Source: Watchlist Internet
You can see the fraudulent website at the bottom left and the original website at the top right. / Source: Watchlist Internet

Be sure to ask yourself the following three questions before entering your information:

  1. Secure or non-secure connection? On the original page there is a lock at the top in the so-called address bar. At this point on the fake page you will find the words “Not safe” (often shown with a crossed out lock). Such non-secure connections are usually a warning signal. You are then on an unencrypted website (also recognizable by an “http” instead of “https”) where the data you enter can theoretically be intercepted.
  2. Right domain or wrong domain? The so-called domain can also be found at the top of the address bar. The domain is part of the internet address and it shows you which page you are actually on. To do this, you need to look at what is right before the first “/”. The original website says: ebanking.bawagpsk. com/ – “bawagpsk. com” is the domain. The fake website says: dkbb-de. com/ – “dkbb-de. com” is the domain. Only after the first “/” can you find the following on the fake website: “ebanking.bawagpsk. com”. However, this clever composition is only intended to confuse you. It is therefore important that you always look at the address carefully!
  3. Clickable or non-clickable links? A third clue is the many links that you can find, for example, at the bottom of the website. For example, both sides state that you can view the legal notice, the terms of use or the general terms and conditions. In fact, this only works on the original page. You can click on the fraudulent site as many times as you like and nothing will happen.

Always log in as usual

Such messages are also called phishing messages. This refers to the trick with which fraudsters try to get secret data. This can happen, as here, through an email and a fake website, but also through fraudulent chat messages, SMS or a request to open file attachments.

We are observing that such phishing attempts are getting better and better. This makes it increasingly difficult for Internet users to clearly recognize fraud as such. When it comes to your bank details, we advise you to always log in as usual - and never using a link that you received by email. In addition, if you are unsure, you always have the option of asking the bank or other companies whether the message actually came from them.

I have entered my details – what can I do?

It's best to contact the real bank and explain to them that you have fallen into a phishing trap. The staff will then discuss the next steps with you.

You might also be interested in: Blackmail emails with real passwords in circulation

Source: Watchlist Internet
Article image: Shutterstock / By ozrimoz
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )