The Latest in IT Security

Tax evasion? Don’t need that! Spam email promises tax refund! – Fake German Federal Central Tax Office (FCTO) feedback wants to phish sensitive user data


Tax payers are currently waiting for their tax office’s feedback and the fake email sent to users’ inboxes suggests being a legitimate feedback with a promised tax refund of almost ?235. We’ve seen other mails with different refund values, but the scheme remains the same.

Screenshot of fake DCTO email tp phish user data

The outward appearance of this email is rather convincing, but the text is peppered with mistakes and most probably the result of an automatic translation.
The most interesting part is the html filScreenshot of the fake tax refund forme attached, with a design that is pretty similar to the design used on the "Bundeszentralamt fur Steuern” (German Federal Central Tax Office) website:

Screenshot of the fake tax refund form

All information added in this form will be sent to a remote server:

The server used in this email, located in Belgium, still exists, but did currently not respond to any of our requests. During our analysis, we did not encounter any malware.

What can happen if someone enters all the requested data?

  • The attackers can use the bank data / credit card data to use it for carding fraud or simply do some online-shopping on the victim’s account.
  • They can use the data, which they know is valid, and sell it on the underground market.

What should you do and know?

  • Ignore those emails and throw them into the digital waste bin.
  • Feedback regarding taxes is issued by the local tax offices and not by the FCTO.
  • Remember: Official state authorities, such as the CTO, would never contact you with a simple email when requesting such important information.
  • Therefore, never disclose any personal information and/or bank data – either via email or on dubious websites.
  • Use an up-to-date, comprehensive security solution with a virus scanner, firewall, http scan and real-time protection. A spam filter, to get rid of unwanted spam in the first place, is a must-have, too.

If you want to read more about the scamsters’ tricks regarding emails, feel free to read our G Data whitepaper about “dangerous emails”, currently available in German, French, Dutch, Spanish and Italian.

Leave a reply



Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...



Latest Comments