Police Warning: Fake Bank Letters with QR Codes in Tauberbischofsheim
A company in Tauberbischofsheim received deceptively authentic bank letters with QR codes – despite having no account at the specified bank. Heilbronn police warn of the fraud scheme known as 'Quishing'. Multiple banks are affected.
What Happened?
A company in the Main-Tauber district received fake bank letters last week that were visually almost indistinguishable from genuine ones. The particularly brazen aspect: the company doesn't even have an account at the specified bank.
The forgeries contained actual sender addresses and contact details of the bank. Only the email address deviated slightly from the original – a detail most recipients would not notice.
The Heilbronn Police Department has confirmed the case and urgently warns against this fraud scheme.
The Scheme: How the Fraud Works
- Criminals send professionally designed letters in the name of well-known banks – with real logos, addresses, and contact details
- The letter claims that stricter legal requirements for fraud prevention came into force across Europe on January 1, 2026
- Recipients are asked to register their devices by scanning a QR code to protect their account
- The QR code leads to a deceptively authentic phishing website where login credentials and TANs are intercepted
- With the stolen data, criminals gain full access to the victim's bank account
Warning Signs: How to Spot the Fake
No Account at the Bank
You receive mail from a bank where you don't even have an account? Then it's definitely fraud.
Different Email Address
The email address in the letter deviates minimally from the original – e.g., an extra letter or a different domain extension.
Pressure Through Legal Changes
The letter creates urgency through alleged 'new legal requirements' and threatens account suspension.
QR Code as Only Action
The entire letter aims to get you to scan a QR code – real banks would never request this by letter.
Affected Banks
Police and the State Criminal Office document fake letters in the name of various banks:
- • Volksbanken Raiffeisenbanken (VR Bank)
- • ING-DiBa
- • ApoBank
- • Deutsche Bank
- • DKB (Deutsche Kreditbank)
The criminals likely use stolen customer data from previous phishing attacks or data leaks to send targeted letters.
Police Recommendations: What to Do?
- • Never scan QR codes from letters without verifying the authenticity of the document
- • Contact your bank using the official phone number on your bank card – not the number in the letter
- • Never enter sensitive data such as passwords, TANs, or PINs on websites reached via QR codes
- • File a police report and bring the original letter as evidence
- • If you've already entered data: Contact your bank immediately and have your account blocked (Emergency hotline: 116 116)
QRTrust: Your Shield Against Quishing
QRTrust was designed for exactly these cases. Before opening a QR code from a letter, scan it with QRTrust. Our 6-layer security analysis detects phishing URLs in real-time – before you even visit the dangerous website.
QRTrust checks against over 1 million known phishing URLs and uses AI-powered pattern recognition to identify even brand-new threats. 100% GDPR compliant, hosted in Germany.
Check QR Codes Securely Now →Sources
*About QRTrust: QRTrust is Germany's first QR code security platform, developed in Dortmund. With AI-powered real-time detection, QRTrust protects citizens and businesses from quishing attacks. 100% GDPR compliant, hosted in Germany.*