Overview
- Current campaigns impersonate major institutions including Deutsche Bank, Commerzbank, Comdirect, DKB, Consorsbank and Postbank to harvest logins, TANs and card data.
- Emails commonly cite a supposed system update or data check with a deadline to pressure recipients into clicking fake links.
- Comdirect reports that fraudsters try to enroll victims’ cards in Apple Pay, Google Pay or Garmin Pay using card details plus an activation code or TAN sent to the customer’s phone.
- The Verbraucherzentrale flags a DKB-themed email that lacks the official logo and uses a generic salutation, and it notes variants targeting Consorsbank and Postbank customers.
- Officials advise ignoring suspicious messages, not clicking links or opening attachments, checking accounts via official apps or websites, and watching for smishing attempts and telltale errors or odd sender addresses.