Caution: Sparkasse phishing emails are in circulation

Beware: phishing mail from Sparkasse

Yesterday I received a new variant of phishing emails. This time the sender is supposed to be the Sparkasse, with which I actually had an account until recently. The subject of the email is "Sparkasse Important Message" and the text explains that the bank is obliged to check the user data in the following form due to the new PSD2 payment service provider guideline.

Confirm button leads to fraudulent form

If this check is not carried out, the bank is obliged to charge a fee of EUR 12,99 (in accordance with the terms and conditions) and the account can even be temporarily blocked. Below the text there is a red "Confirm" button, which refers to the trustworthy site

Of course, there is a page behind the login button that does not come from the Sparkasse, but here I am supposed to enter my bank access data. Of course ... I do ... not! ;-)

This is what the phishing email looks like that I apparently received from the Sparkasse (screenshot: Sir Apfelot).

This is what the phishing email looks like that I apparently received from the Sparkasse (screenshot: Sir Apfelot).

Recognize phishing: these points are suspicious in the mail

Since the emails are made more and more credible and it is not easy for newcomers to passive Internet fraud to see whether the email is actually from the Sparkasse, I have listed a few points here that show me that a malicious email can be assumed here :

  • The sender email is:… nothing with, but it doesn't matter. It's easy to fake the sender anyway.
  • Your bank knows your name and can send you a personalized email. The fraudsters usually only have one e-mail address and therefore always address the person "in general" with something like "Dear Sir or Madam" or, as here, "Dear customer". No personalized address is always a reason to be skeptical.
  • Companies are obliged to provide the full business address, telephone number, responsible tax office and tax number in every email. If such an imprint is missing in the mail - as here - it does not look serious either, because such an error can cost the company a lot of money through warnings.
  • If you move the mouse over the confirm button, the URL appears after a short time, which you get to when you click on the button. This is the here. Something should have appeared here with, but the fraudsters didn't bother.

Copy and paste only brings a mess of characters

Another point that should make you puzzled: If you copy the text from the mail and paste it into a text program of your choice, another suspicious point becomes visible:

kQim YBbZugTIqe Vyder HEJZweXnSitehon AWxZahXDlunBAygsdSxienoIRstewzSricNchtlZSiniiDte OmPSDDJQ2 vVsinaxd QMfwir aLals QoFingfanzXvinspjgtitpZtut ouAverPmbpflUpichOnTtetHOC, nhstixZvchpKpqrobIBenrlyatixwge nVKonSBtroVFtlleCFn pkKdurVxchzZmufühLVRreniMT. SdMDahXjer CRemüssfsxen xVhwir TXSie ZXfrecbyundhylicthch GWHdazUBhu SJaufrnEforsZderwLZn, MTIhrgQe KNNutxYzerohdatjren IQIM nUcbeiFjNliedSagenmQden KtYFornJmulPtGar prmzu xAtbeswjtätigWPgenBya, OEUM nreinFlen BVsicXtherNzen YRZahfhtlunblWgsvGgNerkOIehr JHwsicWAThervHbzusMYgteleqlenUY.

VqiSolGtplteYHcn WUOSie kdder eDBesjPtätiAegunlykg NuihrPkFer EUXNutOozerOTLdatdYSen mlGnicNZVht IQnacwWhkozhdmmemon, DSdsinqgd eiMwir kTverpjOpfluXichsdtet hRpIhnlnPen Kygemäß nVunsYxoereZhr GNAllySgemXceinMAQen ABcGeszWtchäfrtftsbTxedibVZngutUngeson DFuein ZnEntRSmgelhETt Pnin XGVHöhe wkPvon nwr12, rcO99 € vfmzu NBberVyechfPxnenGIT. ZhDes yZsweiOvYterwNien dhsinGHd Sqwir vciveraNpflexichjItetdCT, BFMIhr CkKonMFdto XkJtemnUiporävimr ZPeinxPSzusivachrähnkevczn. QTZIN zEdieuDsem PRFalaJMle sEWwäre lpfeinbwe YJeReawZsktizGvieHgvrunJBg ULihrURees iJUKonmHYtos Nhnur zemanTHiuelxUOl OVdurxusch bZIhrcnen jsnKunDSjöDaejberich.

The text is made up of coded characters so that it is not easy to filter. This makes the work of spam filters harder and the scammers hope that it will get more mail through to users.

Banks do not send important information by email (anymore)

Apart from these points, it can be assumed nowadays that no reputable bank will send any important messages via email anymore. The fraudulent phishing mail affair has grown so large that e-mail is not a trustworthy communication channel for financial transactions.

For people who might come across the site through Google, I have had the text of the e-mail created with the text recognition tool Prizmo (since it could not be copied):

Dear customer,

As part of the Second Payment Services Directive PSD2, we as a financial institution are obliged to carry out random checks. We must therefore ask you to confirm your user data in the attached form in order to ensure secure payment transactions.

If you do not comply with the confirmation of your user data, we are obliged to charge you a fee of € 12,99 in accordance with our general terms and conditions. Furthermore, we are obliged to temporarily restrict your account. In this case, reactivation of your account would only be possible manually by your customer advisor.

You can already see that the creators of the phishing email even want to put pressure on the user with a penalty fee and account blocking. The aim is to persuade him to type the data into the form without thinking too long - and thus to commit a huge mistake.

General phishing training

In my view, recognizing such fraudulent e-mails is part of the necessary knowledge that one should have when the Internet is let loose on one. With the help of our post "What are phishing mails?"you learn which criteria can be used to recognize phishing emails.

Did you like the article and did the instructions on the blog help you? Then I would be happy if you the blog via a Steady Membership or at Patreon would support.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * marked