Overview

• Phishing campaigns are using deceptive emails with embedded buttons that lead ING, Commerzbank and Deutsche Bank customers to counterfeit login pages.
• Fraudulent SMS messages warn Sparkasse users of a fake pushTAN app deactivation to divert them to phishing sites.
• Banking trojans installed on Windows PCs are quietly replacing genuine recipient IBANs in the pushTAN app and TAN generators of Sparkasse clients.
• Banks and security teams advise customers to scrutinize sender addresses and links, and to confirm transfer amounts and IBANs before authorizing any payments.
• Customers suspecting compromised data should immediately contact their bank to freeze online access and report suspicious communications.