Corporate Responsibility

Warning: First fake personalized mails in circulation

  • Share
    Two clicks for more data privacy: click here to activate the button and send your recommendation. Data will be transfered as soon as the activation occurs.
  • Print
  • Read out

A wave of spam that started at the beginning of November, with which criminals are trying to spread malicious code on computers by means of fake Telekom invoices, is assuming a new quality: There are now individual mails in which the recipients are addressed correctly with their first and last name. Such mails did not previously have a personalized form of address.

"That means we've moved to a new dimension of fraudulent deceit. Users must therefore take a more critical look at every single mail and also pay attention to small details that seem suspicious," says Thomas Tschersich, Head of IT and Physical Security at Deutsche Telekom.

Deutsche Telekom is working to define criteria to enable users to better tell a genuine invoice from a fake. The new distinguishing features are to be introduced in the first quarter of 2015.

The company also advises users not to be careless with their data. Mail addresses, along with first and last names, from contests are often traded – criminals help themselves from such lists or a reservoir of stolen identities and can thus send fake personalized mails. "It seems that so far the criminals have also been successful using the simple way. As users are now growing more aware of the issue, the attacks are becoming increasingly refined," says Thomas Tschersich.

According to the knowledge available to Telekom, a Trojan that can steal passwords used for online banking is being spread by the current wave of spam. However, it cannot be ruled out that the malicious code also has other functions and, for example, assumes complete remote control of computers, spies on data or connects the computer to other computers to create what is known as a botnet. In turn, these botnets are used to disseminate further malicious code.

We have put together a list of the most important questions and answers relating to fake invoices for you: How do I spot a fake invoice? The most reliable criterion is: The subject line of fakes does not contain an individual posting account number or the number is incorrect. In addition, the mails addressed to consumers are not personalized, in other words, do not state the correct name of the customer. In the meantime, however, there are initial cases where the name is stated correctly. Customers can check the sum quoted in the e-mail at any time by accessing their invoice on the secure online customer center at The amount shown there is definitely correct. If the invoice in the mail is for a different amount, the mail is a fake and you should delete it immediately.

How can I be certain apart from that? Always take time to accurately verify and check e-mails with invoices or the like. You should never do that in a cursory fashion! Ask yourself if you are actually a Telekom customer. If you are not, delete the e-mail without reading it. Ask yourself if you have configured or asked for invoices to be sent online (in other words, by e-mail). Telekom does not send online invoices unless you have requested them and given your consent. If you have not, delete the e-mail without reading it. Look at the sender's e-mail address. It must have an identifier that is completely clear and transparent. Note the date the mail was sent. Telekom always sends your (online) invoices in the same billing period, for example, at the end of the month (with minor deviations of up to 1-3 days). Receipt of an invoice in the middle of the month would therefore be unusual and a reason to check whether it is genuine. Is the invoice addressed to you specifically? Ask whether you have given Telekom a direct debit mandate or if you are the person who makes the remittance. If you are requested to make a remittance in the e-mail, that is a reason to check whether it is genuine.

What should I do if I receive an invoice that I suspect is a fake? Check the invoice based on the criteria given in the previous answer. If it really is a fake invoice, delete the mail immediately. Do not click on the download link under any circumstances.

What should I do if I did click on the download link? In that case, you should check immediately whether your computer has been infected with malware. If it has, you should delete it immediately. To check whether your computer has been infected, you should, if possible, let several anti-virus programs perform a full screen of all files on your hard drive. You can use commercially available or free-of-charge anti-virus programs for this purpose. Further information is available at . The malicious code used here is changed regularly, so it is not necessarily detected by the latest anti-virus programs. Full screening should therefore be repeated after a few days.

How do cyber criminals get their hands on my mail address in the first place? Cyber criminals are able to send huge numbers of spam mails at once because they know a great many e-mail addresses They are gained from various sources: Criminals try out different combinations of letters and numbers to identify active addresses. Often, cyber criminals obtain addresses from the publication details of websites or postings in newsletters, forums or competitions. And finally, malware that gains access to computers spies on e-mail addresses and passwords.

Careful with unusual-looking e-mails Telekom asks its customers generally to be careful with unusual-looking e-mails as it is a very common method of spreading malware. Do not click on a link in such an e-mail. More information on how to establish whether an invoice sent via e-mail is genuine can be found on the help pages of " " under "RechnungOnline" (in German only).

Up-to-date virus protection Users should always have an up-to-date virus protection program installed on their computers to reduce the risk of infection with malware. In addition, the operating system and the software on a computer should always be up to date.