Phishing attack in the name of ELSTER

The deadline for filing tax returns is approaching, and many citizens are preparing to submit their information to the tax office on time. This time of year is also a welcome opportunity for scammers to use sophisticated phishing schemes to obtain sensitive information such as login credentials or bank account details. The Thuringian Ministry of Finance is currently warning of a particularly insidious method in which fraudulent emails are sent in the name of the ELSTER online portal. The criminals exploit the urgency and official nature of the tax return to lure their victims into a trap.

The scammers’ goal: Stealing personal data

The scammers attempt to direct recipients to fake websites that visually mimic the real ELSTER platform. The emails claim that no refund has yet been calculated for the 2023 tax year and that the recipient must fill out a form on the linked website to receive the refund. These fake websites are designed to steal personal data such as login credentials, bank account information, or credit card details. In some cases, viruses or Trojans may also be installed on the victim’s computer as soon as the link in the email is clicked.

How to Spot the Scam

To protect yourself from this phishing method, recipients should take the following precautions:

1. Check the sender’s address: Emails from ELSTER come exclusively from addresses ending in “elster.de.” Other extensions, especially those from free email providers, are a strong indication of a scam attempt.
2. Be alert to spelling errors: Official emails from ELSTER are grammatically correct. Incorrect addresses or unusual spellings also indicate fraud.
3. Do not click on links in suspicious emails: Instead of clicking on links in emails, you should go directly to the tax office or ELSTER website in your browser to ensure you land on the correct page.
4. Be wary of unexpected payment requests: ELSTER never asks for personal information or requests payments via email. Such requests are a typical sign of phishing attempts.
5. Protection through antivirus software: Up-to-date antivirus software can help detect malicious attachments or links and protect your computer.

By taking these precautions, citizens can significantly reduce the risk of falling victim to such phishing methods. If you are unsure, you should always contact the official agency directly before responding to suspicious emails.

We provide comprehensive information on business and tax matters. We have direct points of contact in Düsseldorf and Oberhausen. Contact us to schedule a consultation. We look forward to meeting you.