Cybercrime is on the rise in Germany, with phishing, quishing and vishing attacks becoming increasingly common.
A recent report from Germany’s Federal Office for Information Security (BSI) has highlighted significant vulnerabilities in the country’s digital infrastructure, raising concerns for both residents and organisations.
According to the BSI, nearly 10,500 consumer inquiries were received in the past year, with almost half relating to specific cybersecurity incidents – most frequently phishing, account abuse and identity theft.
READ ALSO: Five surprising ways Germany is using new technology to improve mobility
The scale of the problem is further underscored by statistics from the Federal Criminal Police Office (BKA), which recorded over 333,000 cybercrime cases in 2024, originating both domestically and internationally.
Experts warn that this is likely just the tip of the iceberg, with estimates suggesting that up to 90 percent of incidents go unreported.
Fortunately, there are practical steps everyone can take to protect themselves.
'Phishing, quishing and vishing'
Phishing remains one of the most prevalent forms of cybercrime in Germany, according to the BSI, with a sharp increase recorded in the number of phishing websites impersonating large online retailers.
These sites use well-known brands to lure unsuspecting users into revealing their personal information.
But phishing isn’t the only threat. Scams involving manipulated QR codes – known as “quishing” – have started appearing in public spaces, such as stickers on parking ticket machines in major cities. Drivers attempting to pay for parking by scanning these codes were redirected to fake websites designed to steal their payment details.
Vishing, or voice phishing, is also on the rise. In these attacks, cybercriminals pose as IT support staff or colleagues over the phone, attempting to trick employees of companies or government agencies into granting access to sensitive IT networks.
Staying safe online
So, how can you protect yourself? The first step is always to verify that you’re dealing with a legitimate party or service provider online.
Even then, avoid oversharing personal information or sensitive data – limit your data sharing to only what’s required for the specific purpose.
A useful tool in the fight against cybercrime is haveibeenpwned.com, a well-known site for checking if your login data has been leaked.
The site contains a list of over 3 billion exposed passwords and email addresses, most of which were compromised because they were used for two or more logins.
Anyone can visit the site to check whether their credentials have been exposed in recent data breaches. If your email address or password appears in the database, you should immediately change your password.
More generally, everyone is advised to use strong, unique passwords for all their logins. This means creating multiple complex passwords using a mix of letters, numbers, and special characters.
READ ALSO: What is Palantir's Gotham software and why do German police want it?
For those who struggle to remember multiple passwords, the BSI recommends using a password manager. Cybernews, for example, maintains a current list of the top password managers recommended for Germany.
In addition, two-factor authentication (2FA) should be activated wherever possible, adding an extra layer of protection even if a password is stolen.
Switching to passkeys is another option, as they can be stored on security USB sticks, mobile operating systems or compatible password managers.
Threats against organisations and infrastructure
It’s not just individuals who are at risk. Hackers are increasingly targeting German public administration, with significant numbers of victims reported in the defence, justice and public safety sectors, according to the BSI.
The agency warns that many companies and institutions – particularly small and medium-sized enterprises and those linked to politics – are inadequately protected. Some organisations reportedly fail to implement even the simplest preventive measures.
READ ALSO: Two of Germany's largest firms are sounding the alarm about an AI bubble
The digital association Bitkom reports that 87 percent of German companies experienced data theft, espionage or sabotage in the past year, with financial damages reaching £289.2 billion.
Attacks on critical infrastructure – including waterworks, telecommunications providers and transport companies – have also increased, with high-profile incidents such as the cyberattack on an IT service provider at European airports highlighting the potential impact on everyday life.
Speaking to ZDF, IT security expert Markus Beckedahl recently criticised Germany’s preparedness for large-scale cyberattacks, warning of chaos and confusion in the event of an emergency.
In his comments, he emphasised the need for better-equipped security authorities, more centralised competencies, and independence from US infrastructures.
Comments