Fraudsters Use Elster for Phishing Attacks

Taxpayers in Germany should be cautious when receiving emails with the subject "Your electronic tax assessment for 2026 is available." The consumer advice center Schleswig-Holstein warns that these emails are from fraudsters attempting to steal personal data. The emails exploit the current deadline for tax returns and entice recipients to click on a link. The fraudulent message claims that there is a system notification in the recipient's personal Elster mailbox. The salutation is impersonal and begins with "Good day," which is another indication of the fraud.

The email promises an "outstanding tax credit" and urges "verification according to payment guidelines," which is intended to pressure recipients into acting quickly. The consumer advice center points out that the tax office does not send emails with registration buttons. Taxpayers should always log in directly through the official Elster website instead of following links in emails. The emails often include a note that a quick response is required to avoid cancellation of payment, which is a typical feature of phishing attempts. Another warning sign is the incorrect year mentioned in the subject line.

While the email refers to an "income tax assessment 2025," the subject mentions the year 2026. This should immediately raise alarm bells for recipients. The tax office does not send emails with such wording or requests for verification. The consumer advice center recommends deleting such emails immediately and reporting them to the email provider if necessary. Taxpayers should be aware that fraudsters continually attempt to gain trust using Elster and other official entities to obtain personal data.

The warning about these phishing attempts is particularly important as many people are especially busy during the current tax season. Cybercrime has increased in recent years, and phishing attacks are one of the most common methods to obtain sensitive information. According to the Federal Office for Information Security (BSI), over 100,000 phishing incidents were registered in Germany in 2025. However, the actual number could be significantly higher, as many attacks go unreported. To protect against such attacks, taxpayers should regularly update their security software and be vigilant for suspicious emails.

Using two-factor authentication can also help enhance the security of personal data. Experts advise directly contacting the tax office in case of uncertainties rather than responding to email inquiries. The consumer advice center Schleswig-Holstein has previously warned about similar fraud attempts multiple times. The agency emphasizes the importance of staying informed about current fraud schemes to avoid becoming a victim of cybercrime. Educating about such risks is a central part of consumer advice.

Cybercrime is constantly evolving, and fraudsters adapt their methods to current events. Therefore, taxpayers should remain vigilant and stay informed about new fraud schemes. The consumer advice center provides comprehensive information on its website about current phishing attempts and offers tips on how to protect oneself. The next tax return must be submitted by July 31, 2026, which increases the likelihood that fraudsters will be active during this time.