Key Points
What you'll learn in this notification
- Attackers exploit institutional trust through sophisticated German tax authority impersonation.
- Emails appear to be generated by custom spam scripts with forged Thunderbird headers and high variability in subjects and sending email addresses
- Predominantly targeting organizations in Germany with a financial motive
The Threat Research team has been monitoring fraud campaigns targeting German organizations since early May 2025. This campaign focuses on two notable entities: the German Central Tax Office (BZSt) and the German Social Accident Insurance Institution for Foodstuffs and Catering Industry (BGN). While these organizations are not official government public sector entities, they play significant roles in the administration of tax and social insurance matters in Germany.
The lure focuses on two areas and includes an invoice attachment.
- Digital DGUV-Prevention Module Introduction:
- Example subject: Introduction of Digital DGUV Prevention Module
- Content: Mandates participation, outlines benefits, and specifies urgent compliance and payment deadlines.
- Payment Reminder for Tax Declaration 2023
- Example subject: Zahlungserinnerung: Steuererklärung 2023 (Payment Reminder: Tax Declaration 2023)
- Content: Notifies of a due fee for the tax declaration under x amount, instructs to open the attached PDF for details, and emphasizes the urgency of payment.
Please click here to read the entire article.
We welcome your questions; please ask them by posting a comment below.
Dimakatso Makinta
