Phishing
How to protect against phishing
How does phishing work?
Fraudsters often send fake emails, text messages or messages on social media or sales platforms with the aim of tricking you into revealing confidential data. To deceive potential victims and get them to follow links and enter their personal data, scammers use a variety of tricks, e.g.
- supposedly urgent requests to tempt you into acting quickly and without thinking (threatening “danger” or “financial loss” if you don't act quickly...)
- Links to look-alike websites – e.g. https://sparkasse.at.secure-login.net/ instead of https://login.sparkasse.at/ (looks similar at first glance but does not belong to us)
- Websites that imitate our design or that of other well-known companies (to suggest trustworthiness)
However, such phishing sites are operated not buy us, but by criminals who “intercept” your confidential information as soon as you enter your data there. Personal login information obtained in this way is used, for example, for simultaneous login attempts by the criminals. In other cases, the data obtained may only be used some time later for various scams.
👍 Tip: If you know what to look out for, you can easily distinguish legitimate websites from fake ones and thus protect yourself from phishing scams.
How to recognise our legitimate pages
You can always recognise our websites by the main domain *.sparkasse.at. Please note that various sub domains (represented by the * symbol) can be used before our main domain: login for registration, george or george-business for our internet banking, or www for our website. Most importantly, the main domain is always sparkasse.at.
👍 Tip: Before entering confidential data, always check the address bar of your browser to ensure that you are in fact on our domain sparkasse.at.
How is a domain name structured?
The complete domain, e.g. www.sparkasse.at, usually consists of three parts separated by dots. From right to left:
- Top-level domain (TLD): The “country code” at the end – e.g. “.at”, “.de” or “.com”. This is the part right before the first single slash (/).
- Second-level domain (SLD): The “main part” in the middle – in our case “sparkasse”.
- Third-level domain (or sub domain) – An (optional) part at the beginning, which is usually used to structure a website – e.g. “www”, “shop” or “login”. In our case, for example, “www.sparkasse.at”, “login.sparkasse.at” or “george.sparkasse.at”.
Same examples:
| Link | Safe? | Why? |
| https://www.sparkasse.at/privatkunden | ✅Yes | Main domain is sparkasse.at |
| https://login.sparkasse.at/sts/oauth/[...] | ✅ Yes | Main domain is sparkasse.at |
| https://george.sparkasse.at/ | ✅ Yes | Main domain is sparkasse.at |
| https://sparkasse.at.secure-login.com/ | ❌ No | Main domain is secure-login.com |
| https://sparkasse.at-sicherheit.com/ | ❌ No | Main domain is at-sicherheit.com |
| https://sparkasse.at.george-aktivierung.net/ | ❌ No | Main domain is george-aktivierung.net |
👍 Tip: Always pay attention to the main domain, i.e. the two parts before the first single slash (/). For your internet banking, this must always be “sparkasse.at”, as in these legitimate URLs from us:
- https://www.sparkasse.at/erstebank/privatkunden
- https://george.sparkasse.at/
- https://login.sparkasse.at/sts/oauth/authorize...
How to protect against phishing
On websites
Never enter your personal bank details on websites other than https://login.sparkasse.at/ or https://george.sparkasse.at/. You can recognise that these websites are authentic because they:
- belong to our domain sparkasse.at
- have an SSL certificate issued for *.sparkasse.at
- always protect communication between your device and our servers using HTTPS encryption
On your smartphone or tablet
On your smartphone or tablet, only install our official apps from the Apple App Store, Google Play Store or Huawei App Gallery. You can recognise their authenticity by the developer “Erste Bank und Sparkassen”, the high number of downloads and many positive customer reviews. Do not carelessly install unknown apps, as they could contain malware.
Calls & text messages
Unfortunately, fraudsters use various technical tricks, which means that it is not always possible to rule out the possibility of our telephone number(s) being imitated in calls or text messages (caller ID spoofing). Calls or text messages are therefore not necessarily trustworthy just because they come from a supposedly “familiar” number.
Emails
The easiest way to tell whether an email really originates from Erste Bank and Sparkassen is to check the sender. It is important that you pay attention not only to the name displayed (e.g. “Sparkasse”), but also to the email address being used. We usually send our emails from one of the following addresses (the * symbol here acts as a placeholder for various names before the @-symbol):
- *@aviso.sparkasse.at
- *@mail.sparkasse.at
- *@sparkasse.at
- *@ebspk.sparkasse.at
- *@avisomail.sparkasse.at
📝 Fraudsters can still fake the email sender, so also here, it is important to pay attention not only to individual characteristics such as the sender, but also to the tone, content and the presumed intention behind the email.
Typical features of phishing emails or text messages
- Phishing emails or text messages often use time pressure or a threat of negative consequences to lure you into taking quick, ill-considered action.
- Phishing messages almost always contain a button or a link that leads to a fake website controlled by the fraudsters.
- Phishing emails are often sent from unusual addresses or providers, but this can be “masked” by using legitimate-looking sender (display) names.
- Take a closer look: Behind the display name “Erste Bank und Sparkassen” could be hiding a fraudulent/unknown sender address.
- An example of a fraudulent email would be the sender name “Erste Bank und Sparkassen” from the address “service@george-activation.net” (wrong, because the domain is not “sparkasse.at” but “george-activation.net”).
If you receive any emails or messages that seem suspicious, please first check the characteristics described here. If you still believe that the message is suspicious or does not originate from us, please note the following:
- Do not click on any links
- Do not open any attachments
- Do not reply
Instead, please send suspicious emails to fraud@s-servicecenter.at – ideally as attachment to a new email (rather than simply forwarding it). This will preserve all the technical metadata of the fraudulent email, enabling our specialists to analyse it more accurately.