Our colleague Peter Hryciuk was immediately startled when he received an e-mail from Sparkasse Bad-Pyrmont – he doesn’t even have an account there. Otherwise, he might have fallen for it, because this phishing scam really is close to perfect…but only close.

 

Table of Contents
  1. 1.How does the savings bank trap work?
  2. 2.Important rules of conduct for ALL bank emails
  3. 3.That’s what you have to do if it catches you

There have already been a few attempts like this Sparkasse phishing. In most cases, you have already recognized them by the spelling mistakes in the e-mail. They are there this time too, but most people probably don’t notice them right away and so they end up in a trap that was set up on a Russian server by probably German-speaking programmers.

How does the savings bank trap work?

  • First you will receive an email with an attachment.
  • The subject is “Secure+ 00100 9171997“.
  • Already at the sender it gets strange. In this case it is “support@ssk-bad-pyrmont.de <noreply.central@beapi.fr>”. A Sparkasse branch that is not suitable in most cases therefore has an e-mail from you French mail account Posted? This example shows that you should always take a close look at such messages.
  • The text of the message is – apart from small mistakes – not conspicuous. Aside from the fact that the Recipient not addressed by name becomes.
  • Then it says “Please follow the attached file to update.‘ The ‘file’ in that awkward sentence is in the attachment. It is about a HTML file whose content is encoded and referenced to the domain “sparka-kontogeheimnis.com“ redirects.
  • This page is on a Servers in Russia the owner becomes through a Russian anonymization service obfuscated and the routing leads over Chinese name servers.
  • The source code of this page contains indications that it was created by a German programmer was written. For example, HTML classes are named “registration roundabout“.
  • First you have to Enter the name of your bank. This way, perpetrators already know where they have to log in later with your data! Also, you will get this later matching logo of the bank is displayed.
  • Now you shall enter your login name, your PIN and your telephone number.

  • Then takes place the most dangerous step! In the background, this web page is now trying to to register with your data at your bank branch while it looks to you as if only one registration is checked.
  • the phone number serves as another identifier with which the Criminals can take over and empty your account.

Important rules of conduct for ALL bank emails

  1. In e-mails from your Sparkasse you will always addressed by your correct name. There is neither “Dear customer‘ nor the name of your e-mail account such as ‘snow white85“.
  2. You can always find such important messages in yours Online banking mailbox. If you can’t find it there, it’s a fake. If you are in doubt, contact your bank personally.
  3. If links or e-mail attachments lead to a web page, then this domain should either be “sparkasse.de“ or about the Your bank branch website act. Addresses like “sparka-kontogeheimnis.com“ don’t just sound wrong, they are!
  4. Try if you are on the displayed web pages click any other links can. If you always end up on the same page with “Help”, “Imprint” or “Terms and Conditions”, the website is just a facade.

That’s what you have to do if it catches you

The Sparkasse provides information on currently known attacks on a security page. There you will also find the e-mail address warning@sparkasse.de, to which you can forward such e-mails for checking.

If you have actually entered your access data on a fake page, call them immediately Number 116 116 to your lock account allow. As soon as it is possible for you, you should then speak to your bank for further steps, which can then give you new online access, for example.