Overview
- Customers of major German banks, including Deutsche Bank, Commerzbank and Comdirect, as well as PayPal and DKB users, are being targeted by active phishing campaigns.
- Comdirect reports that criminals try to enroll victims’ cards in Apple Pay, Google Pay or Garmin Pay by harvesting card data and a TAN or activation code sent to the customer’s phone.
- The bank warns that if a card is activated on a criminal’s device, subsequent mobile payments may not require further approval from the legitimate cardholder.
- Phishing emails frequently invoke urgent system updates or account checks, with current lures using PayPal subjects such as “Wichtige Kontobestätigung erforderlich” and “Dringende Kontoprüfung erforderlich.”
- The BSI and Verbraucherzentrale urge users to avoid links and attachments, verify accounts via official apps or websites, watch for generic salutations and suspicious senders, and report attempts through the Phishing‑Radar, noting a rise in SMS-based smishing.