Warning: False email circulating in the name of the Sparkasse!

There is currently an increasing number of emails appearing whose senders claim to be “Sparkasse” and ask recipients to confirm their identity. The threat is issued that non-compliance will be penalized with €49.99. This email is an attempted scam!

As I said, the senders of this email pose as “Sparkasse” and use the bank’s corporate design. The aim of this email is to entice Sparkasse customers to follow the instructions in the email and end up falling into a phishing trap, which not only costs them their personal data, but can also cause financial damage.

First of all, an important note: The company mentioned (Sparkasse) has nothing to do with the fraud. You yourself have become victims here, with your name being misused to trap users! Since the email is sent blindly, it naturally also reaches people who are not Sparkasse customers.

Visually, this email appears as follows:

image

This email refers to a website that is modeled on the Sparkasse's online banking system. Various form fields simulate a login and an alleged data verification. But all of these questions are fake input fields that fraudsters use to get access data. We therefore warn against providing truthful information in these places.

In this email, the term “link” is actually accompanied by a link that leads to a fake website. This is where the real trap lurks for the visitor. When you access this URL, our Kaspersky Internet Security immediately warns you of a phishing web address.

image

image

Protection software is helpful! With updated databases and appropriate heuristics, malicious sites are often blocked. We use Kaspersky protection software .

Sparkasse.de writes on this topic:

What is Phishing?

Data fisher on the move

Phishing is a portmanteau of “password” and “fishing” and stands for stealing passwords. Data fishers send emails on a large scale that look as if they come from Amazon, Ebay or your savings bank, for example. They want to get your passwords via a fake link. There's one thing you can do to prevent password theft: pay attention.

image

Data fishers only want what’s best for you: your data

“Your account has been temporarily blocked” or “You need to update your access data” – these or something similar are usually the subject lines of the emails that try to steal your passwords during phishing. The urgent-sounding email lures you via a link to deceptively real-looking copies of the original website. You will then have to enter your secret number (PIN) or one-time password (TAN) on the manipulated pages. Supposedly to reactivate your account. Instead, the data thieves steal highly sensitive information.

The email scam sometimes comes across as a donation request or tax notice. As a winning message or discount offer. Or the password-stealing links can be found in messages that you receive from fellow players in online games. Also be alert for unsolicited text messages or messages from an app on your smartphone.

The best protection against phishing is healthy suspicion

You can protect yourself quite well against password theft. Most effective: Do not respond to messages of unknown origin. Ignore the request to enter data anywhere.

Your savings bank will never ask you to open websites from an email and enter your account details there. This also applies to every other bank and every professional Internet retailer.

Report suspicious emails to your savings bank. Forward them to [email protected] . Your savings bank is checking the matter and preventing it from spreading further.

How to recognize password theft:

  • The subject lines and texts are often written in poor German. Unfortunately, the quality is getting better and better.
  • As a rule, it involves account suspensions, alleged identity theft, data comparison or similar. The emails specifically put pressure or panic on the recipient. Or they promise profits or special offers.
  • The text asks you to follow a link and enter data on a website.
  • The address in the Internet line often has spelling errors or transposed letters.
  • Fake websites usually do not have a closed lock symbol in the address bar of your browser. The line starts with http:// instead of the encrypted https://

How to protect yourself from password theft:

  • Ignore emails, SMS and app messages from unknown senders.
  • Never follow the links in such messages. Do not enter sensitive account information on these websites.
  • Always type in the Internet address of your savings bank yourself.
  • The lock symbol in your browser must always be closed when banking online.
  • The internet line must start with https:// (instead of the normal http://) for an encrypted connection.
  • Make sure the internet address is spelled correctly.
  • Check the “certificate” of the website: banks and many online retailers offer identity data. You can query this in the symbol next to the address line. For example, your internet protection program or the browser operator then confirms the authenticity of the page with “Verified by…”.
  • Only use private, secured Wi-Fi connections for your banking transactions. Public Wi-Fi homepages could be fake.

Here's how to react if you've fallen for password thieves:

If you have already replied to someone else's email or entered confidential data after clicking on a link, then:

  • Change your access data for your online banking transactions immediately.
  • Tell your savings bank immediately. It can prevent further damage.
  • If you still have the malicious email, send
    it to [email protected]
Sign up for the Mimikama newsletter

Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )