Chapter in this post:
Yesterday I received a new variant of phishing emails. This time the sender is supposed to be the Sparkasse, with which I actually had an account until recently. The subject of the email is "Sparkasse Important Message" and the text explains that the bank is obliged to check the user data in the following form due to the new PSD2 payment service provider guideline.
If this check is not carried out, the bank is obliged to charge a fee of EUR 12,99 (in accordance with the terms and conditions) and the account can even be temporarily blocked. Below the text there is a red "Confirm" button, which refers to the trustworthy site http://5432.su/1590.
Of course, there is a page behind the login button that does not come from the Sparkasse, but here I am supposed to enter my bank access data. Of course ... I do ... not! ;-)
Since the emails are made more and more credible and it is not easy for newcomers to passive Internet fraud to see whether the email is actually from the Sparkasse, I have listed a few points here that show me that a malicious email can be assumed here :
Another point that should make you puzzled: If you copy the text from the mail and paste it into a text program of your choice, another suspicious point becomes visible:
kQim YBbZugTIqe Vyder HEJZweXnSitehon AWxZahXDlunBAygsdSxienoIRstewzSricNchtlZSiniiDte OmPSDDJQ2 vVsinaxd QMfwir aLals QoFingfanzXvinspjgtitpZtut ouAverPmbpflUpichOnTtetHOC, nhstixZvchpKpqrobIBenrlyatixwge nVKonSBtroVFtlleCFn pkKdurVxchzZmufühLVRreniMT. SdMDahXjer CRemüssfsxen xVhwir TXSie ZXfrecbyundhylicthch GWHdazUBhu SJaufrnEforsZderwLZn, MTIhrgQe KNNutxYzerohdatjren IQIM nUcbeiFjNliedSagenmQden KtYFornJmulPtGar prmzu xAtbeswjtätigWPgenBya, OEUM nreinFlen BVsicXtherNzen YRZahfhtlunblWgsvGgNerkOIehr JHwsicWAThervHbzusMYgteleqlenUY.
VqiSolGtplteYHcn WUOSie kdder eDBesjPtätiAegunlykg NuihrPkFer EUXNutOozerOTLdatdYSen mlGnicNZVht IQnacwWhkozhdmmemon, DSdsinqgd eiMwir kTverpjOpfluXichsdtet hRpIhnlnPen Kygemäß nVunsYxoereZhr GNAllySgemXceinMAQen ABcGeszWtchäfrtftsbTxedibVZngutUngeson DFuein ZnEntRSmgelhETt Pnin XGVHöhe wkPvon nwr12, rcO99 € vfmzu NBberVyechfPxnenGIT. ZhDes yZsweiOvYterwNien dhsinGHd Sqwir vciveraNpflexichjItetdCT, BFMIhr CkKonMFdto XkJtemnUiporävimr ZPeinxPSzusivachrähnkevczn. QTZIN zEdieuDsem PRFalaJMle sEWwäre lpfeinbwe YJeReawZsktizGvieHgvrunJBg ULihrURees iJUKonmHYtos Nhnur zemanTHiuelxUOl OVdurxusch bZIhrcnen jsnKunDSjöDaejberich.
The text is made up of coded characters so that it is not easy to filter. This makes the work of spam filters harder and the scammers hope that it will get more mail through to users.
Apart from these points, it can be assumed nowadays that no reputable bank will send any important messages via email anymore. The fraudulent phishing mail affair has grown so large that e-mail is not a trustworthy communication channel for financial transactions.
For people who might come across the site through Google, I have had the text of the e-mail created with the text recognition tool Prizmo (since it could not be copied):
As part of the Second Payment Services Directive PSD2, we as a financial institution are obliged to carry out random checks. We must therefore ask you to confirm your user data in the attached form in order to ensure secure payment transactions.
If you do not comply with the confirmation of your user data, we are obliged to charge you a fee of € 12,99 in accordance with our general terms and conditions. Furthermore, we are obliged to temporarily restrict your account. In this case, reactivation of your account would only be possible manually by your customer advisor.
You can already see that the creators of the phishing email even want to put pressure on the user with a penalty fee and account blocking. The aim is to persuade him to type the data into the form without thinking too long - and thus to commit a huge mistake.
In my view, recognizing such fraudulent e-mails is part of the necessary knowledge that one should have when the Internet is let loose on one. With the help of our post "What are phishing mails?"you learn which criteria can be used to recognize phishing emails.
Jens has been running the blog since 2012. He appears as Sir Apfelot for his readers and helps them with problems of a technical nature. In his free time he drives electric unicycles, takes photos (preferably with his iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions for current bugs.