Tech News
← Back to articles

My Bank Keeps on Undermining Anti-Phishing Education

2025-10-31 | original
read original related products more articles

TLDR: my bank sent out emails with websites which looked a lot like phishing mails, so much so that this similarity could potentially be used against them legally by potential phishing victims

– Discussion at hackernews (soon)

Chapter 1: You’ve got mail#

As I was writing my first post some weeks ago, I got an email from my bank in my inbox:

Here the English translation of the email: Dear …, The big Wero Win Weeks are starting! Take part now and secure your chance every week to win 7 prizes of €1,000 each. With Wero, you can send money from account to account in under 10 seconds. It’s easy, fast, and secure. And the best part: If you register once for the prize draw now, you will automatically participate in the draw until September 2nd. With a chance to win every week! Join now! Win €1,000 seven times every week! Here’s how it works:

Some background information for my non-German readers: What is a Sparkasse? The bank in question is my local Sparkasse. Sparkassen are regional savings banks that exclusively serve people in their region. They are generally owned and sponsored by their serving municipalities. Each Sparkasse is an independent institution, but they are all connected through an umbrella organisation, which coordinates their activities, ensures interoperability and gives it an overarching corporate design. Their areas are focused on SMEs and private customers, and in general, they have a strong local economic impact and are serving a lot of people. All institutes combined, the Sparkassen financial group is the largest financial service provider in Europe. A link to the Wikipedia article. What is Wero? The email in question was promoting Wero. And I do not mean the Māori challenge, which is part of the welcoming ceremony. Wero is a new European digital payment system launched by the European Payment Initiative (EPI). It was created to replace several local payment systems, which were only used in the respective countries. Imagine it more or less like a rival to PayPal, just decentralised among all banks. Initially it focused on P2P payments (which is promoted in this mail), but sometime they plan to support online and in-store payments. They are still in an early adaptation phase. A link to the Wikipedia article.

This email address wasn’t on a spam list yet, so I was quite confused. I mean, the indicators are clear:

You can win quite a large sum of money

The prize draw without context (more on that later)

Contains a link to a domain unrelated to my bank (“gewinnen-mit-wero.de”)

... continue reading

Related:
The Best Holiday Party Hack? A Good-Smelling House
Meta’s Use of the Term ‘PG-13’ Has Run Afoul of the U.S. Movie-Rating Organization
Critical Site Takeover Flaw Affects 400K WordPress Sites
The Hacker’s Manifesto (1986)
This Is the Telltale Sign That Your Idea Is Worth Going After

© 2025 GoKawiil