Warning about the current wave of malicious emails!

They're on the move again: the fake Telekom bills. Disguised as a bill for the month of March, many people are currently receiving a bill that shows an amount of €300 to €400 and whose sender claims to be Deutsche Telekom.

The content of these emails varies slightly, for example the amount is always different, but it always seems to be quite high. The text in these emails always has slight differences from email to email, but what they have in common is that a download link is implemented in all emails.

Subject: Invoice March 2018 No.: 391863876

Dear Telekom customer,
you will receive your current invoice attached to this email. Amount of the claim in March 2018: €390.18 .
Billing_March2018_Invoice.
Best regards,
Ralf Hoßbach
, Head of Customer Service Department

image

This download link is tricky because the file described as an invoice, which is started as a download, is a .doc file with a malicious macro.

When you open this file you immediately see: A macro is asking to be executed!

A macro is a programmed sequence that can be embedded in documents (text or spreadsheet documents). The original purpose of macros is to make work easier for the user: Macros are intended to automate certain processes that are tedious or boring for the user. Example: Automatically generating address labels from address files or automatically searching and marking specific words in a text.

However, macros can also be harmful! You can also format entire hard drives or download malicious files from the Internet using a macro. Therefore, macros from unknown and untrustworthy sources have long been considered dangerous. Microsoft also reacted years ago and since Office 2007, macros cannot be executed in the new XLSX, DOCX, PPTX formats, and the automatic execution of macros is deactivated by default.

Therefore, you have to agree to the macro in this file beforehand, which you should definitely not do!

image

Anyone who has opened one of these emails and activated the embedded macro should urgently check their PC check everything with updated protection software A PC within a company network should IMMEDIATELY be reported to the appropriate administrator .

Especially in companies, you shouldn't keep quiet if you've fallen for an email like this, because ultimately you've acted in accordance with the work instructions somewhere - and the fraudsters rely on that.

In addition to the real invoices that are sent every month, there are often fake invoices that try to impose malware on the recipients or lure them into a phishing trap.

In our last article about a fake online email that pretends to be Deutsche Telekom and carries a macro virus in the supposed invoice document, Alexia Sailer, press spokeswoman for Deutsche Telekom (cybersecurity), pointed out the positive features of Deutsche Telekom invoices.

This is how you check Telekom invoices for authenticity!

Since February 20, 2015, all online bills for mobile phones and landlines have been equipped with new security features to distinguish between originals and counterfeits.

Since then, consumers have been able to recognize an original billing email based on two features; a third feature is not visible: On the one hand, Telekom shows part of the customer's address both in the subject of the email and in the actual email text. On the other hand, an email seal, a blue @ sign with a checkmark, shows customers of numerous providers that an invoice email is actually authentic. Last but not least, Telekom includes a signature in its original email, which other providers can use to mark a fake email with an alleged Telekom sender as spam for their customers.

Online invoice: Blue @ against counterfeits

Deutsche Telekom writes:

  • Thanks to the forgery-proof email seal, customers can now recognize authentic online invoices from Telekom.
  • In addition to the previously common information such as personal salutation and booking account number, customers can now also find the street and house number in their online invoice.
  • The email seal is in the form of a blue @ sign with a check mark in it and is displayed in front of the sender of the message.
  • The address data characteristics are in the subject of the invoice email as well as in the first sentence of the actual email text.
  • Even when the invoice email is opened, the email seal is visible to the sender.

The features in detail:

  1. Address: In addition to the previously common information such as personal salutation and booking account number, customers can now also find the street and house number in their online invoice. The new features can be found both in the subject of the invoice email and in the first sentence of the actual email text.
  2. E-mail seal: Thanks to the forgery-proof e-mail seal, customers can now clearly identify authentic online invoices from Telekom when they send their invoice online via the browser (http://telekom.de/email) or mobile email - Access Telekom email applications. The email seal is in the form of a blue @ sign with a check mark in it and is displayed in front of the sender of the message. The seal is also displayed on GMX, WEB.DE, freenet and 1&1. For technical reasons, the email seal cannot be displayed in email programs such as Outlook or Thunderbird.
  3. Signature: The third feature, a new signature, is not visible. It is read by the Internet provider when emails are sent. With this signature, fake emails with a Telekom sender can be better marked as spam by the various providers.

Further information and numerous questions and answers on the topic can be found at www.telekom.com/sichere-rechnung

Via Deutsche Telekom


If you enjoyed this post and value the importance of well-founded information, become part of the exclusive Mimikama Club! Support our work and help us promote awareness and combat misinformation. As a club member you receive:

📬 Special Weekly Newsletter: Get exclusive content straight to your inbox.
🎥 Exclusive video* “Fact Checker Basic Course”: Learn from Andre Wolf how to recognize and combat misinformation.
📅 Early access to in-depth articles and fact checks: always be one step ahead.
📄 Bonus articles, just for you: Discover content you won't find anywhere else.
📝 Participation in webinars and workshops : Join us live or watch the recordings.
✔️ Quality exchange: Discuss safely in our comment function without trolls and bots.

Join us and become part of a community that stands for truth and clarity. Together we can make the world a little better!

* In this special course, Andre Wolf will teach you how to recognize and effectively combat misinformation. After completing the video, you have the opportunity to join our research team and actively participate in the education - an opportunity that is exclusively reserved for our club members!


Notes:
1) This content reflects the current state of affairs at the time of publication. The reproduction of individual images, screenshots, embeds or video sequences serves to discuss the topic. 2) Individual contributions were created through the use of machine assistance and were carefully checked by the Mimikama editorial team before publication. ( Reason )