After I recently had a Sparkassen phishing email warned, the next candidate rolled in: An email that allegedly came from Postbank and advised me that I should upgrade the BestSign applications. To do this I have to - who would have thought it - click on a button and log in there with my Postbank access data.
Now I don't have a Postbank account, so I was immediately sure that this email was fraudulent nonsense. But if you have an account at the bank, you might get the idea that this email is actually meant seriously. The BestSign app is an application that Postbank customers can use to log into online banking. In this respect, it sounds plausible at first.
Here is the exact wording of the email again:
Dear Sir / Madam,
From March 01.03.2019st, XNUMX, Postbank will upgrade all BestSign applications. As part of a BestSign upgrade, the security of every customer account is still guaranteed.
To participate in the upgrade, please open the activation link below.
We strongly recommend that you perform this upgrade. In the event of an abstention, your Postbank ID will no longer be accessible to you.
As a respected and reputable financial institution, we are committed to maximizing trust and security for our customers and guaranteeing excellent payment transactions in the long term.
Please note the urgency of this upgrade.
Sincerely yours,
Your Postbank team
Chapter in this post:
How to recognize phishing mails
A few weeks ago I already had an article on the blog that explained What points to look out for in emails in order to identify so-called phishing emails. When it comes to the supposed Postbank e-mail, some points seem strange to me, which is why, with a little practice, you can quickly expose them as dubious nonsense:
- If you click on the sender, the e-mail address “bestsign@mein.appgerate-pb.de” is behind it. Not that it would be difficult to forge a "postbank.de" here, but the scammer doesn't seem to bother. The sender address is obviously not "postbank.de" and therefore not credible.
- The subject “Upgrade” would probably sound more like “Upgrade your BestSign application” in a real mail. “Upgrade” looks oddly short to me.
- If you click on the recipient, my email address is not there, but the same one that was entered as the sender. A typical sign of a mass mail. If the mail were from the bank, my full name and email address would be here.
- The salutation “Dear Sir/Madam” is also a sign that the sender does not have my name and has to resort to such a general form of address. My bank knows my name and would certainly have used it.
- If you hover the mouse pointer briefly over the "Upgrade" button, the URL linked behind the button appears: https://meine-postbankde.appgerate-pb.de/login/
Here you can see that the actual domain (top level domain) on which the website is located is not “postbank.de” but “appgerate-pb.de”. Another sign that something is wrong here. - Finally, the e-mail also lacks any imprint. Companies are legally obliged to do this and I can't imagine that Postbank would leave out all this data and just end the mail with "Best regards, Your Postbank team".
I think you can see that there are numerous points here that indicate fraudulent intent. I would therefore not click on the link in the mail under any circumstances. In any case, banks send really important messages by post and not by e-mail. The financial institutions are well aware of how many phishing emails are on their way. This means that the chance that the mail will simply be deleted is relatively high.
Related Articles
Jens has been running the blog since 2012. He acts as Sir Apfelot for his readers and helps them with technical problems. In his spare time he rides electric unicycles, takes photos (preferably with the iPhone, of course), climbs around in the Hessian mountains or hikes with the family. His articles deal with Apple products, news from the world of drones or solutions to current bugs.