Skip to content Skip to sidebar Skip to footer
Close
News

Bundeswehr Warns of QR Code Scam at Start of Conscription

January 20, 2026

The German armed forces, Bundeswehr warns of scam wave at the start of the new compulsory military service

With the official launch of the new compulsory military service, the Bundeswehr
is warning of a targeted fraud campaign. Criminals are currently sending fake official letters
containing manipulated QR codes to steal personal data from young adults.
Consumer protection groups describe this as a rapidly growing quishing campaign.

Key safety rule
Access official websites manually in your browser. Never follow QR codes from letters.

Digital registration as an attack surface

As the new service model introduced by Defence Minister Boris Pistorius takes effect,
the digital registration of the 2008 age group begins. Fraudsters are exploiting this exact process by sending
deceptively authentic-looking letters that appear to come from official authorities.

The letters closely imitate official layouts, language, and symbols, including the federal eagle and formal
administrative tone. The core element of the scam is a QR code that allegedly links to the official questionnaire.

What is “quishing”?

Quishing combines QR codes and phishing. After scanning the code, recipients are redirected not to
an official Bundeswehr website, but to professionally designed fake sites. These sites request
sensitive information or prompt users to install malicious software.

Typical targets include:

  • Bank and credit card details
  • Copies of ID documents
  • Personal identity data
  • Spyware or malware installation on smartphones, particularly Android devices

How to identify fake letters

The Federal Ministry of Defence highlights clear indicators:

  • Check the sender: Legitimate letters come exclusively from the Federal Office for Bundeswehr Personnel Management.
  • Verify the URL: Official content is published only under domains such as bundeswehr.de.
  • No sensitive data requests: The Bundeswehr never asks for PINs, online banking credentials, or credit card numbers.
  • No fees: Any request for payment related to registration or processing is always fraudulent.

Why now?

Large public initiatives with new digital processes create ideal conditions for fraud. Similar scam waves have
already been observed during the energy relief payments and the property tax reform.

The new military service is particularly attractive to criminals because it:

  • Targets a young, digitally active audience
  • Involves people with limited experience handling official correspondence
  • Relies heavily on digital workflows

What to do if you suspect fraud or data loss

  • Report suspicious letters to the police
  • If data has already been entered:
    • Inform your bank immediately
    • Change all relevant passwords
    • File a formal report

The Ministry of Defence has announced increased communication via official channels in the coming weeks.

Conclusion

The start of the new compulsory military service marks a security policy reset. For many young people, however,
the first security test happens at their mailbox. Vigilance, healthy skepticism, and careful
verification of senders and URLs are currently the most effective protection.

0Likes
Copyright © FeldmannCyber GmbH. All rights reserved.
+49(0)151 6275 6121