Deutsche Bank Warns: Beware of Fake Letters with QR Codes
Fake letters are currently being sent claiming to be from Deutsche Bank. They contain QR codes for an alleged TAN update. How to recognize the scam and protect yourself.
New Scam Method: Fake Bank Letters with QR Codes
Fraudsters are currently sending fake letters that look deceptively real and allegedly come from Deutsche Bank. The letters often have subjects like 'Banking App Update Required' or 'TAN Procedure Update Necessary' and contain a QR code.
The QR code is supposed to be used to update your TAN device or BestSign procedure. In reality, it's a so-called 'quishing' attack – a combination of QR code and phishing.
How the Scam Works
The perpetrators proceed systematically:
- Sending fake letters in Deutsche Bank's corporate design with professional-looking logos and layouts
- The letters claim that identity verification or TAN update is necessary due to EU regulations (AML/KYC)
- A QR code is presented as an 'easy solution' to speed up the process
- When scanning the QR code, the victim ends up on a fake banking page that looks deceptively real
- Login data, TANs, credit card details, or personal information are requested and stolen there
Recognizing Warning Signs
Unexpected Letters
You receive a letter about an update even though you didn't request one
QR Codes in Bank Letters
Legitimate banks typically don't send QR codes for security updates via letter
Urgency and Threats
The letter suggests time pressure ('Act immediately') or threatens account suspension
Spelling Errors
Watch for unusual wording or grammar mistakes in the text
No Personal Address
Often missing correct personal address with your full name
What Deutsche Bank Says
Deutsche Bank makes it clear: If you have received such a letter, please ignore and dispose of it immediately. If you have already scanned the QR code or entered data, contact the bank immediately.
Important: Deutsche Bank never asks you to enter sensitive data such as PIN, TAN, or passwords via email, SMS, phone, or letter. Such requests are always suspicious.
Deutsche Bank will never ask you to enter your login credentials or update your TAN procedure via a QR code in a letter.
How to Protect Yourself
- Don't scan QR codes from unsolicited letters: Especially not from banks, authorities, or insurance companies – they use other channels for security updates
- Use QRTrust to check suspicious QR codes: Our app warns you in real-time about known phishing sites before you open the website
- Contact your bank directly: If in doubt, call the phone number on your debit card – not the number stated in the letter
- Never enter TANs on external sites: Your bank will never ask you to enter a TAN on a website you reached via a link or QR code
- Report suspicious letters: Inform your bank via phishing@deutsche-bank.de and file a police report if necessary
What to Do if You're a Victim?
If you have already become a victim and entered data:
- 1.Immediately block your online banking via the emergency number 116 116
- 2.Contact your bank immediately using the official service number
- 3.Change all passwords and PINs
- 4.File a police report
- 5.Document the incident with screenshots and keep the letter
The faster you act, the greater the chance to prevent financial damage.
Conclusion: Vigilance is the Best Protection
This new scam method shows how creative and professional cybercriminals have become. The combination of traditional mail and modern QR code technology makes the scam particularly dangerous.
Stay vigilant, don't scan unsolicited QR codes, and use security tools like QRTrust to protect yourself from quishing attacks.
Protect Yourself from QR Code Fraud
QRTrust checks every QR code in real-time and warns you about phishing sites before you enter your data.
Use QRTrust for FreeSources and Further Information
This article is based on current warnings and reports: