Beware of emails with “tax refunds”

This time it is not a Nigerian prince who wants to give us money, but the “Federal Office of Finance”, which promises us a considerable sum.

It's crazy, something has come together quite nicely. The email with the subject “Your tax refund years (2013-2014-2015-2016-2017)” and the sender name “Federal Ministry of Finance” informs its recipients about a high tax refund, the payment of which has failed and you have included your own data the Finanz-Online should update.

We already know this email , it is a phishing email that basically sounds quite plausible, especially for those who have filed their tax returns in the last few weeks. This email is currently being sent quite frequently, and the large sum of almost €2,000 also encourages you to think less:

Payment date: August 2, 2018
Invoice number: BMF/84UAT1/AT1001
Amount: €1,941.75 EUR

It's easy to overlook the small but subtle errors: In the "amount" the currency is mentioned twice (once as €, then again as EUR), in the sum the comma and period were swapped, small errors that normally don't occur in an authority happen.

Beware of phishing!

The content, structure and argument are particularly important in this phishing scam via email, because the more convincing a phishing scam is, the more people fall for it. And this email proves again that the authors of the email put effort into building the linked phishing website. What is noticeable again about this phishing website is that it is set up with an HTTPS secured connection.

A secure connection with the HTTPS protocol (HyperText Transfer Protocol Secure “secure hypertext transfer protocol”) ultimately says NOTHING about the content of the page you are visiting, but only something about the path BETWEEN your own computer and the website on the other, but it does work green symbols in the browser, or the term “Secure”, as if you were on the provider’s real website.

Visually it is based on the real Federal Ministry, only the URL shows that the page cannot be real. Here is the URL of the real page:

What is happening here: The website claims to be the online finance portal. Here you should now update your data in order to receive the repayment. You should provide your name, address and also sensitive bank details. However, this is a trap! This website does not belong to Finanz Online, but is a fake portal. All entries made here end up directly in the hands of fraudsters.

If you fall into such a phishing trap, the following measures can help: Security software can help preventatively ! Despite all caution, it can still happen from time to time that you have fallen victim to a phishing attack and have unintentionally disclosed your personal data to third parties. It is important not to panic and to act immediately!

What should I do if I fell into such a trap?

1. Contact the company for which your personal user or login information was stolen immediately. Please call customer service to have your account blocked. Banks in particular have a blocking hotline that can be reached around the clock and is available specifically for such and similar cases. Describe your case and your account or user area will no longer be accessible with the old login data.
2. Log in to your user account and check whether you can still log in. If this is still possible, go immediately to the area where you can change your current login details. Set a new password and, if possible, also change the user name and contact address.
3. Check immediately whether account changes or transactions have already been made , as criminals are usually very quick. Check whether, for example, goods have been purchased or debits have been made for which you are not responsible. If this is the case, inform the customer service of the respective provider immediately.
4. Document all abnormalities . Take screenshots, print out bank statements and the phishing email, or forward the email to the company in whose name the cybercriminals sent the phishing email.
5. Contact a lawyer who specializes in internet fraud , describe your case and submit all documents related to the fraud. You should contact the lawyer even if you have not yet reported any damage.
6. 2 -factor authentication (if offered) prevents access even if fraudsters have obtained the access data through phishing.

By the way, there is also hope in phishing that stolen funds, for example from online banking, will be replaced by banks. The basis for this is the Civil Code. According to § 675u BGB, payment service providers are obliged to replace the stolen payment amounts in the event of unauthorized payment transactions. However, this only applies if the person concerned has fulfilled their duty of care. Further information on the legal basis in the event of damage can be found here .