Currently, phishing campaigns are on the rise again with the aim of stealing the login data of German online banking users. Banks are usually aware of these large-scale campaigns, which is why they warn their users on their websites.

GLS Bank, for example, has observed particularly sophisticated phishing attempts in recent weeks and months. Among other things, a fake job offer was used to pretend to be the employer GLS Bank and thus to capture sensitive data during the digitally conducted ‘job interview’. The job application was conducted via WhatsApp.

Another scam: calls from supposed Microsoft employees. The cybercriminal poses as a support technician who needs access to remote maintenance. To do this, he asks for the access data for online banking over the phone.

Smishing also remains a trend in the cybercriminal scene. The scam of obtaining personal data via SMS is not new. However, the BSI is now warning of a new method: the fake text messages are intended to persuade victims to install an app. This app then brings the actual malware onto the system.

Significant increase in phishing attempts since August 2021

Since the end of August 2021 in particular, there has been a significant increase in phishing attempts, which primarily target German online banking users.

The criminals are proceeding very cleverly: They build landing pages that are confusingly similar to those of real banks. The starting point is usually a fake email from the Sparkasse or Volksbank, which encourages the user to click on a link that supposedly leads to the original website of the respective bank. However, the link actually directs the user to the fake pages of the data thieves.

Currently, the cybercriminals are targeting data on the bank’s branch as well as the user name and online banking PIN of the respective victim.

Particularly explosive: Most recently, the cybercriminals used geo-fencing techniques to ensure that only users in Germany were redirected to the phishing page. If the victim is not in Germany, they are redirected to a supposed tourist info website. However, if the victim is in Germany, he or she is redirected to the replicated bank website.

On this website, the above-mentioned data is then requested because it is necessary for the supposed login.

To this day, the hackers are constantly registering new domains – the phishing campaigns continue.

Phishing attempts in online banking: How to protect yourself

As is so often the case with phishing campaigns, the human vulnerability is exploited in the case of the recent phishing attempts. The goal is not to bypass a security infrastructure, but to fool the human at the computer.

To avoid falling for such a phishing attempt, consider the following tips:

• Attend awareness trainings with simulated attacks.
• Try to filter out fake phishing mails before they reach your inbox
• Invest in anti-phishing solutions that detect fake websites and monitor incoming email traffic

Test your knowledge around phishing email detection. Sign up now for the free IT-Seal Phishing Demo.