Criminals regularly pose as support staff from a bank, an Internet access provider or an IT company such as Microsoft. During the call, you will be asked to install a software or update. This usually contains malware that tries to obtain your online banking data.
Disconnect your computer from the Internet, network or router as soon as you suspect that malware has been installed.
If your computer behaves strangely after installing software as a result of such a call or your anti-virus software sounds an alarm, then you have probably caught some malware.
Immediately disconnect your computer from the Internet and your network and router. This can prevent the malware from spreading to other devices or your computer from being used for other criminal purposes, e.g. as part of a Botnet.
Initially, do not make any independent attempt to remove the malware. Should the fraud attempt have been successful, it thus enables the police to secure evidence and initiate investigations.
You should also avoid re-starting or rebooting the infected device. Many banking Trojans use a computer reboot to remove their traces.
Instead, put your computer into standby.
Contact your bank
Especially in case of spying related to bank data, you should contact your bank immediately. This will help you determine any damage already incurred or take steps to block your account.
The nationwide emergency number to block a card or account is: 116 116. The blocking emergency number can also be reached from abroad.
In case of financial damage: File a report with the police
If you have suffered financial damage in the event of such a call, you should report it to the police immediately.
Use a secure secondary device for criminal reporting online to the police.
If it is not possible to use a separate device, you should go personally to the nearest police station to make your report. Take the infected device with you to the police station to secure evidence.
If there is no damage: Instructions for removing the malware
If you have not suffered any financial damage, you can try to remove the malware yourself. However, there is no guarantee that all malware can be removed.
In case of an infection with a banking Trojan, we generally recommend importing the last system backup.
If you do not have a backup, we recommend a complete reinstallation if you still intend to perform sensitive actions such as online banking with the device.
After reinstalling or importing the backup, you should scan your computer again intensively with an anti-virus program. You can find an overview with different AV products here.
Help and support in the removal of malware or the reinstallation after a malware infection can be found in the Botfrei forum.
Related links
Botfrei.de: Fraudulent service staff call again!
ING DiBa: Fraudulent account manager
Consumer Center: Fake Microsoft calls
T-Online.de: Fraudsters pose as bank employees
HNA.de: Beware of 110 calls: Fake police officers on the line