Fraudulent Attempts to Obtain s Identity Activation Codes

Currently, fake text messages claiming that the s Identity app is about to "expire" and needs to be "renewed" are being sent out in large numbers. In some cases, there is also talk of "suspicious activity in your online banking". As is usually the case with phishing, the SMS contains a link that leads to a fake login page under the control of the scammers.

How does the scam work?

If a login is attempted on the (fake) page, the user number entered is passed on to the fraudsters, who try to use it in the background to carry out an actual login. If the login is authorised at the same time, the fraudsters are logged into your internet banking.

The fraudsters then try to link their own signing device, which requires another authorisation in s identity from you. If this is also authorised, an activation code will be displayed in your s Identity app. The scammers try to obtain this QR code by asking you on their phishing site to take a screenshot and upload it.

With this QR code, the scammers can activate a new s Identity device and take complete control of your internet banking!

How can you protect yourself from this scam?

• Do not follow the instructions of the fraudsters under any circumstances! Erste Bank und Sparkassen will never ask you for your personal activation codes.
• Be sceptical if you receive unsolicited links to login pages via SMS, WhatsApp or e-mail.
• Even if the sender's number seems familiar, this is no guarantee of trustworthiness. Often the phone numbers are faked with caller ID-spoofing.
• Protect your financial data and do not enter confidential information on unknown websites.
• Every time you sign something, check precisely what you are authorising with s Identity. We have compiled many recommendations on this in our Security Centre.