Fake email: "Customer Service of the Sparkasse" informs about the Tan process

This morning I received an email that Apple Mail had pre-sorted into the spam folder as a precaution. That surprised me, because it apparently came from the savings bank and provided information on the Tan process. It was about PushTan as well as ChipTan and MobileTan. There was also talk of PushTan 2.0, which the Sparkasse wants to introduce on September 13.09.2021, XNUMX. Finally, there was the request to register using the button integrated in the e-mail in order to accept the innovations. That made me puzzled, which is why I took a closer look at the mail. Lo and behold: It's phishing and you should NOT click on the button!

Phishing attempt: This fake email in the name of the Sparkasse is intended to lead users to click the link and log in to the target website with their login data. DO NOT click on the button in the mail!

Phishing attempt: This fake email in the name of the Sparkasse is intended to lead users to click the link and log in to the target website with their login data. DO NOT click on the button in the mail!

Fake: Email from "Customer Service" with the subject "Sparkasse - Change in the Tan process"

Fake emails from fraudulent subjects have been hard to distinguish from legitimate emails for years. Even if we have often written guides and instructions on the subject for the Sir Apfelot blog I still have to look carefully myself to see through the scams of the senders. However, if you take a closer look, you quickly discover the errors that such an email brings or can bring with it:

  • The only sender is “customer service”, which is very generic
  • Behind this is (in my case) the e-mail address "jochen@si-tech.be", which has nothing to do with the bank
  • The information period is too short (you will be informed on September 10.09th about changes to September 13.09th), which is not serious and should only get the recipients to click on the link quickly and carelessly
  • Only the salutation, the button and the final greeting are really text; the main text is included as an image - the Sparkasse would certainly not do that
  • Even if the text looks well written the first time you skim it, there are errors here and there (comma error, "is" instead of "is" and the like)
  • The integrated button does not lead to the Sparkasse website (DO NOT try it, just hover the mouse cursor over the link so that the link URL is displayed)
  • The email does not contain an imprint or any other contact details

What kind of website is si-tech.be?

I asked myself whether a legitimate name or the email address of an employee in a reputable company from Belgium (top-level domain ".be") was misused for the email. That's why I once called up the website "si-tech.be" specified in the mail - also and above all so that you don't have to do it. It turns out: The Sparkasse website was recreated under this URL, solely to access the login name and PIN or password of inexperienced users. All links in the menu, in the footer and elsewhere on the page only lead to the one landing page on which phishing is carried out.

So that you don't have to be curious, I called up the sender website out of curiosity. It is a replica of the Sparkasse website or the website for online banking. All links lead to phishing, i.e. an attempt to access login data.

So that you don't have to be curious, I called up the sender website out of curiosity. It is a replica of the Sparkasse website or the website for online banking. All links lead to phishing, i.e. an attempt to access login data.

The email text: Phishing disguised as a “Sparkasse” message

Here is the text from the e-mail, so that you can see how perfidious it is currently being used. Perhaps mentioning the text will also help anyone looking for it on a search engine to get here and see the phishing warning: 

[...] with today's online announcement, we will inform you of all changes to the Tan procedure at your Sparkasse.

Since your security is our top priority in the Sparkasse's online experience, the Tan procedure will be updated on September 13.09.2021, XNUMX.

An overview of the change in the Tan process for you:

  • The PushTan procedure will be updated and security will also be improved - the PushTan 13.09.2021 procedure will be available to you after the successful changeover from 2.0.
  • In addition, the ChipTan process is also updated - no new card reader is required for this. 
  • The MobileTan procedure (mTan procedure for short) will be deactivated on September 13.09.2021, 2.0 and replaced by the new PushTan XNUMX procedure.

Your help is required to carry out the changeover as smoothly as possible. Please register in advance using the button below to switch to the new Tan process.

This is a mandatory change for every Sparkasse customer. This is the only way we can continue to guarantee you full security. [...]

As you will surely notice, the short period of three days as well as formulations such as “mandatory changeover” and “This is the only way we can continue to guarantee you full security” should build up a certain pressure. Recipients should be made to act quickly and not think about the email as such. This is a recurring scam in order to access as much login data as possible via phishing before the phishing website in the Sparkasse look is taken offline.

What should I do if I receive a phishing email on behalf of Sparkasse?

If you have received an email that looks like Sparkasse, but is not from Sparkasse, then forward them directly warnung@sparkasse.de Further. Then the mail will be evaluated and the phishing site will (hopefully) be taken offline. There is then a ready-made answer to the forwarding to the specified address. You can then delete the received fake email so that you don't accidentally click on the link later.

Finally, a note: Be careful and always check such emails for fake and phishing notices! If necessary, call the Sparkasse (or the other supposed sender) and ask whether such an email has been issued.

-
Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!

4 comments

  1. LutzS says:

    In the last few days I have received several spam mails from Sparkasse and Volksbank, SpamSieve always sorts them out.
    I wouldn't click on them anyway, as I'm not a customer of the two banks.
    But still sad that there are still some who fall for this and click on it.

    • Jens Kleinholz says:

      Well, some of them are already well done. I already know quite a few phishing emails, but I almost fell for one or the other. At least by clicking the link. If I do not then read sparkasse.de in the domain, then I am guaranteed not to enter an account. But sometimes a click on the smartphone is enough to catch something.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .