Scams persist in the financial sector, telecommunications, and music streaming services.
In the digital age, cybersecurity remains a significant concern for individuals and businesses alike. This year, there has been a surge in phishing scams targeting banks, service providers, and various other organisations. Here's what you need to know to stay safe.
The Consumer Center advises moving any suspicious emails directly to the spam folder without responding. The Federal Office for Information Security (BSI) has warned that phishing is the starting point for various crimes, including data theft, illegal account transactions, and attacks on critical infrastructure.
Recent phishing emails have targeted customers of banks and payment service providers, including ING Bank, Telekom, Spotify, and Klarna. ING Bank has reported scammers using two tactics: one asking customers to verify supposed data under the subject "ING-DIBA: Important security review of your ING access required", and another telling customers they haven't agreed to "necessary contractual adjustments". Those with accounts at Volksbanken Raiffeisenbank should check the bank's website or app to see if such a request is legitimate.
Not every phishing attempt is as straightforward. For instance, PayPal customers might receive an email asking them to confirm supposed account information under the subject "Account update required for security random seven-digit number". Similarly, in the Telekom phishing email, fraudsters threaten to block phone numbers because the IBAN is no longer synchronized with a "T-Online account". The subject line is: "The last reminder before your phone number is blocked". In the case of Spotify, the subject line mentions an alleged "payment problem" and that the subscription has been paused.
Klarna has also been targeted, with a phishing email claiming a security certificate is expiring and requiring "renewed authentication". Phishing emails often impersonate banks, service providers, internet or telephone providers, and more, appearing authentic.
Recently, there have been increased attempts to deceive bank customers, such as Volksbanken Raiffeisenbank customers being asked to confirm their phone number within 48 hours under the subject "Verify your phone number!". Indicators of phishing include short time frames, threats of account restrictions, email links, suspicious sender addresses, and generic greetings.
It's recommended to check with the business partner directly as soon as there's any suspicion of phishing, to see if such actions or deadlines are currently announced on their website. A call to the customer hotline can also dispel uncertainty. More details about these phishing tactics are available on the Consumer Center's "Phishing Radar". The "Phishing Radar" of the Consumer Center North Rhine-Westphalia provides updates on current phishing scams in circulation.
These latest phishing tactics are becoming increasingly sophisticated. Attackers are using advanced AI models to craft personalized phishing messages at scale, tricking users with fake system alerts, browser update prompts, or CAPTCHA challenges that prompt victims to run malicious commands or download malware. QR code-based phishing remains widespread, while high-text volume and multistage payload phishing emails are also common. Emotional manipulation tactics, such as fake profile views, charity scams, and threatening account suspensions, are also being used to prompt victims to respond quickly without caution.
Business email compromise (BEC) remains a dominant initial access vector, but non-BEC social engineering attacks have surged by over 200%, driven largely by tactics like ClickFix. Attackers are increasingly combining multiple delivery methods, including SEO poisoning, malvertising, and fraudulent browser/OS alerts, to lure victims.
These trends mark a shift towards highly automated, AI-driven, emotionally manipulative, and multi-vector phishing strategies aimed at increasingly sophisticated credential theft and financial fraud against banks and other services. Stay vigilant and always double-check before clicking on any suspicious links or providing personal information.
- To combat the rise in phishing scams, it's essential to verify any suspicious emails directly, as the Federal Office for Information Security (BSI) advises, without responding or clicking on links.
- In light of the growing sophistication of phishing tactics, such as using AI models for personalized messages and emotional manipulation, it's crucial to stay vigilant and double-check before clicking on any suspicious links or providing personal information.
