Chapter in this post:
This morning I received an email that Apple Mail had pre-sorted into the spam folder as a precaution. That surprised me, because it apparently came from the savings bank and provided information on the Tan process. It was about PushTan as well as ChipTan and MobileTan. There was also talk of PushTan 2.0, which the Sparkasse wants to introduce on September 13.09.2021, XNUMX. Finally, there was the request to register using the button integrated in the e-mail in order to accept the innovations. That made me puzzled, which is why I took a closer look at the mail. Lo and behold: It's phishing and you should NOT click on the button!
Fake emails from fraudulent subjects have been hard to distinguish from legitimate emails for years. Even if we have often written guides and instructions on the subject for the Sir Apfelot blog I still have to look carefully myself to see through the scams of the senders. However, if you take a closer look, you quickly discover the errors that such an email brings or can bring with it:
I asked myself whether a legitimate name or the email address of an employee in a reputable company from Belgium (top-level domain ".be") was misused for the email. That's why I once called up the website "si-tech.be" specified in the mail - also and above all so that you don't have to do it. It turns out: The Sparkasse website was recreated under this URL, solely to access the login name and PIN or password of inexperienced users. All links in the menu, in the footer and elsewhere on the page only lead to the one landing page on which phishing is carried out.
Here is the text from the e-mail, so that you can see how perfidious it is currently being used. Perhaps mentioning the text will also help anyone looking for it on a search engine to get here and see the phishing warning:
[...] with today's online announcement, we will inform you of all changes to the Tan procedure at your Sparkasse.
Since your security is our top priority in the Sparkasse's online experience, the Tan procedure will be updated on September 13.09.2021, XNUMX.
An overview of the change in the Tan process for you:
- The PushTan procedure will be updated and security will also be improved - the PushTan 13.09.2021 procedure will be available to you after the successful changeover from 2.0.
- In addition, the ChipTan process is also updated - no new card reader is required for this.
- The MobileTan procedure (mTan procedure for short) will be deactivated on September 13.09.2021, 2.0 and replaced by the new PushTan XNUMX procedure.
Your help is required to carry out the changeover as smoothly as possible. Please register in advance using the button below to switch to the new Tan process.
This is a mandatory change for every Sparkasse customer. This is the only way we can continue to guarantee you full security. [...]
As you will surely notice, the short period of three days as well as formulations such as “mandatory changeover” and “This is the only way we can continue to guarantee you full security” should build up a certain pressure. Recipients should be made to act quickly and not think about the email as such. This is a recurring scam in order to access as much login data as possible via phishing before the phishing website in the Sparkasse look is taken offline.
If you have received an email that looks like Sparkasse, but is not from Sparkasse, then forward them directly firstname.lastname@example.org Further. Then the mail will be evaluated and the phishing site will (hopefully) be taken offline. There is then a ready-made answer to the forwarding to the specified address. You can then delete the received fake email so that you don't accidentally click on the link later.
Finally, a note: Be careful and always check such emails for fake and phishing notices! If necessary, call the Sparkasse (or the other supposed sender) and ask whether such an email has been issued.
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.