Overview
- Coordinated phishing campaigns impersonate Deutsche Bank, Commerzbank, Comdirect, DKB, Consorsbank, Postbank and PayPal with urgent messages such as alleged system updates or account confirmations.
- Comdirect warns that criminals aim to register victims’ cards for Apple Pay, Google Pay or Garmin Pay by collecting card details plus activation codes or TANs sent to the victim’s phone.
- If mobile payments are activated on attackers’ devices, payments can be made without further approval from the account holder, raising the risk of quick losses.
- Consumer protection groups report new lures against PayPal users and DKB customers that push identity or contact-data verification through embedded links.
- The BSI and Verbraucherzentrale advise users to avoid clicking links, check accounts via official apps or websites, look for telltale signs like impersonal greetings or suspicious sender addresses, and report attempts via the Phishing-Radar.