In April I have here in the blog before warned about an alleged e-mail from the Federal Ministry of Finance. It is about the digital euro, the NextGenerationEU project and the promise that you can secure a whopping 1.000.000% subsidy on deposits of up to 29 euros. Of course, this all sounds too good to be true. Because it's not true. And so are the new emails that build on April's news. These should serve as a "reminder" and draw you back to a fake website where you are supposed to disclose your data. I have summarized all the information for you below.
Chapter in this post:
Subject of the scam email
Last chance: Exclusive participation in the “Digital Euro” pilot program
Text of the scam email
We recently informed you about a unique opportunity to participate in our special funding program as part of the NextGenerationEU package of measures. This program was created to offer you the opportunity to protect and preserve your wealth in the face of inflation, which has exceeded 2022 percent since October XNUMX.
If our communication has missed your attention, or if you are still undecided, we encourage you to reconsider this opportunity.
The number of participants is limited and interest in the program is high. We want to make sure that you, as one of our valued customers, don't miss the chance to be part of this exclusive initiative.
We therefore invite you again to consider participating in the pilot program. Remember that you have the opportunity to switch equity of up to 1.000.000 euros into the Digital Euro, backed with a subsidy of up to 29% on your investment made.
Please revisit our website for more information about the program and its benefits.
To participate in the program [link removed, d. R]
Your personal, assigned access code to participate in the pilot program is:
[String removed, d. R]
You can unlock the special content with this personal key.
Note that the link is only valid until enough potential attendees are registered. So don't hesitate and take the first step towards the future of digital money today.
We look forward to your participation.
Your BFM – Digitization department
Signs of a fake email - indications of scam and phishing
Of course, you already know the “analysis” of scam signs in emails if you have already read the numerous other phishing warnings here in the blog. For newcomers, however, I am happy to repeat them again, because of course we want all readers to be protected and to know their way around:
- Sender: The sender name in your mail program is probably "Federal Ministry of Finance", but if you display the e-mail address, you will see "email@example.com". LogosMarcas.com is a Spanish-language website that claims to be about company logos. I have no idea what the connection is here.
- Link: If you hover the mouse over the "To the program participation" link, the URL "http://darren-and-orla.com/bmf/?[character string]" appears. According to a who-is query, the Darren-and-Orla.com page was created in August 2022, probably just to redirect clicks from scam emails.
- link target: After the redirection, you get to a page with the URL “https://bundesfinanzministerium-reg.com”, which looks like a BFM registration page at first, doesn’t it? No, because why should a German Federal Ministry use the top-level domain ".com"? It is completely a fake site and you should NOT interact with it. According to a who-is query, it was not created until May 26, 2023.
- Personal access code: The code described in the email as "personally assigned" appears to be the same in each of these emails. I found the same code as in the mail addressed to me in other reports, such as the LKA Lower Saxony (Message about the old mail from April 2023).
- Careless action desired: Once again, quick, thoughtless action is encouraged. Not only is the greed of the recipients aroused with the large numbers. It also clearly states "So don't hesitate and take the first step towards the future of digital money today", which is typical of such scam emails. Others aren't even more pushy.
What is the aim of scammers?
I don't know exactly what the scammers are aiming for with the email. Because I opened the link in the mail in a safe detour and looked at what was asked for and what was offered on the fake BFM website. On the one hand, personal data is requested (very clear Phishing), on the other hand you can download stuff (maybe malware like Trojans). In any case, you should NOT click on the link and do not interact with the website! Even if your URL looks almost serious and the presentation is strongly reminiscent of the official website of the Federal Ministry of Finance.
Report the "Digital Euro Pilot Program" e-mail: Here's how!
I already told you in April how and where to report spam, scam and phishing at this point explained in detail. So here is just a brief summary:
- BSI form for vulnerabilities and security gaps: Fill in here
- Report spam to the Internet Complaints Office: Get addresses here
What should I do with the fake email?
After you have reported / forwarded it to the appropriate places, you can simply delete the mail. Of course, this also applies in the event that you have nothing further to do with it, do not take any steps and simply want to be left alone. Just delete and ignore. Then nothing can happen to you.
Look at the fake BFM page
As has now been shown several times, you should not click on the link in the mail and certainly not interact with the website behind it (specify data, download content, etc.). So that you don't click on it out of curiosity, I did it for you (in a safe setup).
The first image is a comparison of the original Federal Ministry website and the fake website. I'm not an expert in website code, but I took a look at some of the elements' code anyway. And it seems like just copy and paste here. There is a lot of hard work involved in this scam. I hope it was free.
A lot of information is offered, especially on the funding project for the digital euro advertised in the e-mail and on the alleged pilot project "03E - DE". It all looks very official. Unless you read across to the action with a little basic understanding. After all, why should the minimum age be 17? As far as I understand, the BGB has age limits such as 7, 15 and 18 years to restrict legal capacity. The limit of 17 years makes no sense.
Finally, another insight into the fake website "bundesfinanzministerium-reg.com", which shows alleged PDF downloads and links at the end of the page that look like the original. I didn't investigate the download links further because I didn't want to download anything for security reasons. The links, on the other hand, all lead back to the registration page, where you have to enter the character string from the e-mail. The only thing that really works are links like "To participate" and the input fields for personal data (see above). So clearly a scam.
Don't fall for this nonsense, even if it looks professional. You don't get anything from the BFM for free.
After graduating from high school, Johannes completed an apprenticeship as a business assistant specializing in foreign languages. But then he decided to research and write, which resulted in his independence. For several years he has been working for Sir Apfelot, among others. His articles include product introductions, news, manuals, video games, consoles, and more. He follows Apple keynotes live via stream.