The dangerous thing about phishing is that you can never predict in which cladding the harmful link is packed. Sometimes it is a DHL email, sometimes an alleged account blocking, and sometimes a bank. We reveal which phishing emails are common in the 48th week of the year.
The Consumer Center NRW continuously lists the latest phishing emails as part of its phishing radar. Of course, the list is not exhaustive; Other emails are also in circulation. However, it shows which e-mails should be kept open as a user at the moment. This includes the following companies and organizations:
- Savings bank
Current phishing position-savings banks, banks and Disney+
An energy flat rate from the Sparkasse: that sounds too good to be true. And that’s it. However, fraudsters try to pretend this scenario with an email with the subject “Sparkasse information!”. In the letter, which at first glance actually reminds me of an official letter from the Sparkasse, it says: “In detail, it is about a one-off payment of 500 euros to survive the coming winter and the associated costs.” you get baited.
Below is the text says: “In order to be able to ensure a payment of the flat rate, we now ask you to confirm your specified data.” And further: “Give your current data on our homepage today”. In addition to the lack of personal speech, all character traits of classic phishing are included: faulty grammar, the view of a non-reality reward, and the pressure to quickly give up its data. So what to do? This email belongs to the spam folder as soon as possible.
Fraudsters have made little effort in this phishing attempt. In the name of Disney, the criminals “end” your account. At least that’s what you claim in an email with the subject “Disney+: interruption of your subscription”. In it, you are referred to as the “client (in) and the interruption is justified with” difficulties with your invoice information “.
Before you read on at that moment and press the button at the end of the email, you prefer to throw the mail directly into the spam folder and switch on a nice film on Disney+. After all, there is only the clumsy attempt to get your data. If you have an account with Disney, check out whether a notification is stored or contact Disney support directly if you are unsure.
A phishing attempt under the LBB label is also brazen. In the email, you will suggest that your credit card is blocked and you have to confirm your “identity as soon as possible”. Of course, this can only be done through a button in the mail.
You know what to do: You already expose this phishing attempt because of the lack of customer address and therefore because no bank queries your data from you online. Pressure is made again, which is also always a clear sign of attempted fraud. The mail is thus the mail from the alleged bank directly in the trash.
And another bank name is used to use data with which the fraudsters can vacate your account. Because here you want your login data for your online account. The prompt is disguised in the mail, which is allegedly coming from the ING DIBA, with an update of ING-Banking-to-go. The transfers allegedly become more secure. Pressure is made about the date: You have to react by 28.11.2022. But you already know what the only real reaction is: off the mail in the spam folder.
Strato customers or non-Strato customers are currently receiving a message in which the domain name has expired. Therefore, an account lock was carried out. Of course, you have to manually enter your data in an alleged “customer area” to make it all usable again. Believe in this email that is brimming with mistakes, just nothing. Better go straight to Strato and log in there. If you are still unsure, contact Strato support. Under no circumstances should you click the link in this phishing email. Better move them unanswered to the spam folder.
Phishing 2022 – Previous cases
The list of phishing attempts is getting longer. It is clear that it mainly affects large companies. They have many customers and thus many potential victims of phishing. This list shows which companies were already used by phishing fraudsters in 2022 to steal your data or money:
- 1 & 1
- Advanzia Bank
- Bafin (Federal Financial Service Supervisory Authority)
- Federal government
- Landesbank Berlin (LBB)
- SMS (voicemail)
- Savings bank
- People’s and Raiffeisen banks
- customs office
What is phishing?
If you think of cyber criminals, you can automatically come to the sense of Hollywood images in hoodies who sit in front of five screens in a basement and look at the Pentagon. However, the truth often looks very different. Because you do not need five screens or great knowledge of security software to get money from internet users. Even a hoodie is not absolutely necessary. Many users voluntarily reveal their access data if you ask them.
Everything that is needed is an email in the Amazon look, for example, the recipient informs about unusual account activities or general terms and conditions. The victim is then asked to carry out an authorization by clicking on a link and registering in his account. Only the link does not lead to the Amazon website, but to a copy. The login data entered here lands directly with the cybercriminals. In the meantime, there is a real industry behind Phishing.
This is how you recognize phishing emails
As soon as the fraudsters have captured your user data, you can use them for identity theft, for example. If the registration data belongs to a service linked to the bank account, your wallet could also suffer. That is why you should pay particular attention to emails in general and to messages from the providers mentioned above.
- Does the email have spelling mistakes?
- What about the direct customer approach?
- Is the sender or the sender of the sender in the head of the email actually PayPal?
- Does the linked website belong to the online payment service, or is the URL rather cryptic?
All of these questions can unmask a phishing email.
Another good self-protection measure is two-factor authentication (2FA). This is a double registration protection, in which a second registration barrel is set up in addition to the registration data-for example in the form of a code that was stored on a previous Telephone number is delivered.
As a rule, cybercriminals cannot easily get hold of this. Although this protection is not insurmountable either. You can get more information on the topic in our phishing guide.