Overview

• Verbraucherzentrale Sachsen and Deutsche Telekom issued fresh alerts on October 16 urging users to treat unexpected invoice emails as phishing and to verify billing only on telekom.de.
• The fraudulent messages typically claim an alleged charge of more than €160 and link to cloned sites designed to harvest personal data and login credentials.
• Deutsche Telekom says criminals abuse its legitimate password‑recovery workflow to lend credibility before sending the convincing follow‑up invoice email.
• A newer variant cited by Telekom describes a supposed change to recovery data with a 24‑hour window to cancel, even showing partial email or phone details to increase trust.
• Advice from consumer protection groups includes deleting suspicious emails, avoiding embedded links, and immediately changing the Telekom account password if any data were entered.