ELSTER phishing: beware of fraudulent emails
All information on the current ELSTER phishing in January 2025Back in August 2024, the tax authorities warned of a new phishing scam in which emails were sent in the name of the ELSTER portal. These messages looked deceptively genuine and were designed to steal sensitive data such as account information and credit card details from recipients.
There is currently a new ELSTER phishing scheme in circulation that uses a very similar approach. You can find out everything you need to know here.
Phishing campaigns target ELSTER users
Almost six months ago, the Thuringia Ministry of Finance drew attention to an increasing wave of phishing attacks in which fraudulent emails relating to electronic tax returns (ELSTER) were circulating. As many citizens and companies use ELSTER for their tax affairs, there was an increased risk of the scam being successful.
Users were directed to fake websites that were used to steal account data, access information or credit card details. There was also a risk that malware such as viruses or Trojans could find their way onto the devices of those affected.
New ELSTER phishing in circulation (as of January 2025)
The current ELSTER phishing uses a similar method and lures the recipient with an alleged tax refund for the last tax year (in this case 2024), which the recipient is supposedly entitled to.

Among other things, they are asked to provide their ELSTER access data and bank details in order to receive the outstanding amount. There is also a threat of account blocking if the steps are not taken, as “active participation in this process” is mandatory. The websites appear authentic, but have no connection with the real ELSTER platform.

ELSTER informs users about the current phishing campaign on its website.
How to recognize counterfeits
The fraudulent messages have several peculiarities that should make you suspicious:
- The form of address is impersonal (“Dear customer”).
- Pressure is exerted by urging immediate action.
- There are threats of disproportionate penalties, such as the blocking of the ELSTER account.
Protect yourself!
Do not open any links or attachments and do not disclose any personal data. The tax administration does not send tax data or invoices as e-mail attachments and does not request sensitive information by e-mail.
Recommendation: If you receive suspicious e-mails, contact the company or authority directly via the official channels to verify the authenticity of the message. Do not reply to the e-mail under any circumstances and do not follow any instructions contained therein.
In addition to these measures, we recommend using software to protect your email communication. Opt for a professional email security solution and minimize the risk of becoming a victim of cybercrime.
More news
Social engineering – 6 tips on how companies can protect themselves
No matter how good the technical security precautions in companies are: The human factor is often the weakest link in the security chain. In social engineering, cyber criminals exploit this potential vulnerability by faking a personal relationship with the victim in order to carry out their criminal activities. How do you recognize social engineering and how can companies protect themselves and their employees?
Critical Outlook vulnerability discovered (February 2024)
In February 2024, security researchers discovered a vulnerability in Microsoft Outlook and classified it as critical. You can read everything you need to know as a user here.
Bitcoin Halving 2024 : Danger from phishing mails on the rise
More and more cases of crypto phishing! The reason is the high Bitcoin price and the upcoming Bitcoin Halving 2024.
Digital document management system – Find out everything you need to know about DMS.
The efficient management of digital documents is a necessity in the modern working world. A digital document management system (or “DMS” for short) is therefore becoming a must-have for companies – and not just for corporations, but also for SMEs. In this article, you will find out what a digital document management system actually is, what functions it fulfills and what advantages it can offer your company.
Managed IT services: Is it worth it for my company? Can I simply outsource my IT?
Managing and monitoring their IT poses challenges for many companies. There is a lack of resources to set up an in-house support team that is up to the task. Managed IT services offer one solution, with external specialists taking over individual IT sub-areas through to complete IT operations. Find out here what Managed IT Services actually are, what advantages they offer and whether the model is also worthwhile for you.