Share
GOVERNMENT IMPERSONATION

ID Austria "certificate expiring" scam: the fake renewal that ends with an AnyDesk bank call

A text dressed as an ID Austria, Finance Ministry, or A-Trust notice warns that your digital-ID certificate is about to expire and links to a "renewal" page. Enter your data there and, minutes later, a caller posing as your bank asks you to install AnyDesk to "fix an error." That is the moment your account is emptied. Here is how to know it is fake before you tap the link, and what to do if you already installed the software.

SafeBrowz Threat Research Security ResearchJuly 4, 20269 min read

Verdict: an ID Austria "your certificate is expiring" text with a renewal link is a scam

A message that says your ID Austria certificate is expiring and gives you a link to "renew" it is phishing. The link opens a fake ID Austria page that harvests your ID number, login, and banking details. Then a caller posing as a bank employee claims a "technical error" or a "suspicious transaction" and pressures you to install AnyDesk or similar remote-access software, so they can drain your account while watching your screen. Austria's Federal Criminal Police reported roughly 100 cases and about 500,000 euros lost. Real ID Austria renewal never arrives by an SMS link, and no bank or agency ever asks you to install AnyDesk. Renew only by opening oesterreich.gv.at or the official app yourself.

The Brief

This scam works because the deadline is real. Roughly 300,000 ID Austria certificates genuinely expire between May and August 2026, so a warning that yours is "about to run out" lands as plausible, not suspicious. Criminals bolt a fake renewal onto that real event. Austria's Bundeskriminalamt and the consumer watchdog Watchlist Internet both warned about the wave in April 2026, after nearly 100 reported cases and about half a million euros in losses. The give-away is the two-stage structure. Stage one is a text or email that harvests your data on a lookalike page. Stage two is a phone call that turns your own device against you. The single rule that beats both: renew your ID Austria only by opening the official site or app yourself, and never install remote-access software because a caller told you to.

What the fake ID Austria renewal text looks like

The message arrives as an SMS or email and copies the tone of an official notice. It says your ID Austria certificate is expiring, that you must confirm or renew your details, and that access will be blocked if you do not act in time. Some versions sign off as "ID Austria," some as "FinanzOnline" or the Finance Ministry, and some borrow the name of A-Trust, the company that actually issues the certificates. The pressure is the point. A "final reminder" wording and only a day or two before the supposed cut-off are there to stop you checking.

Tap the link and you land on a page that looks like the ID Austria portal. It asks for your ID number, your login, and often your online-banking details "to verify your identity." Everything you type is captured. According to Watchlist Internet and the Austrian Federal Criminal Police, the renewal links in this campaign have pointed to lookalike domains such as web-id-austria[.]info and ld-austria[.]at-kunden-ident[.]info (reported scam domains, defanged so they are not clickable). Notice the trick in the second one: the "at" sits in the middle of a longer .info address to look like the Austrian country domain, but it is not. The real ID Austria never lives on a .info address or a hyphenated "id-austria" lookalike. It lives only on the official government domain.

If you are ever unsure whether a "renewal" link is genuine, paste it into the checker below before you tap it. It reads the destination the way our extension does, so you get a verdict without visiting the page.

๐Ÿ›ก LIVE CHECK

Test that ID Austria "renewal" link before you tap it

Got a text or email saying your ID Austria certificate is expiring? Paste the link below before you open it. Our 3-layer engine (Local + APIs + AI) returns a verdict in about 3 seconds. Free, no signup.

Full scan with deep AI analysis โ†’ ยท No URL is logged to your identity.

The second stage: the fake bank employee and the AnyDesk call

What sets this scam apart from an ordinary phishing page is what happens next. Shortly after you submit your data on the fake renewal page, your phone rings. The caller introduces themselves as an employee of your bank and sounds calm and helpful. They say they have spotted a "technical error" tied to your ID Austria update, or a "suspicious transaction" they need to stop before it goes through. To do that, they say, they need to guide you through a security check, and for that you must install a small support app so they can "see the problem on your screen." The app is AnyDesk, or another legitimate remote-access tool like TeamViewer, abused for fraud.

The instant you install it and read out the connection code, the caller can see and control your device. They watch you log in to your real banking app, or they push transfers themselves while keeping you on the line with reassuring talk. Because you are the one who approved the remote session and often confirmed the payments, the bank's own systems see a legitimate, authorised login. That is why the losses reported to police reached five-figure sums for some victims: the fraud does not break into the account, it borrows your hands to walk straight in. Remote-access takeovers like this are the same engine behind a classic bank vishing phone scam and the AI-voice callback fraud we broke down in the Spain bank smishing and callback case.

Two facts end the call every time. A real bank never asks you to install AnyDesk, TeamViewer, or any remote-access software, and a real bank never needs to "watch your screen" to stop a payment. If either request appears, it is fraud. Hang up and call your bank back on the number printed on your card.

How a real ID Austria renewal actually works

The certificate expiry itself is genuine, so it helps to know what the real process looks like. ID Austria is operated with A-Trust, and renewal is done inside a secure, logged-in session that you start, never through a link someone sent you. You renew by opening the official government portal at oesterreich.gv.at or id-austria.gv.at, or by using the official "Digitales Amt" app, and signing in there yourself. The certificate authority behind it is A-Trust at a-trust.at. Authorities have been explicit on one point: they do not send SMS or emails that contain an active link for you to enter your data. A renewal notice that hands you a button to "confirm now" is the opposite of how the real system works.

So the check is simple. Ignore whatever link the message contains. Open oesterreich.gv.at or the official app yourself, from a bookmark or by typing the address, and see whether anything genuinely needs renewing. If your certificate really is close to expiry, you will see it there, in a session you started, with no page asking for your banking password.

The 30-second check and the red flags

You do not need to inspect the message closely. You need one habit and a short list of tells.

  1. Do not tap the link. Nothing is lost by pausing. A real certificate does not vanish because you waited an hour.
  2. Open oesterreich.gv.at or the official app yourself. Type the address or use a bookmark, never the link in the message. Check your ID Austria status there.
  3. Treat any renewal page that asks for banking details as fake. ID Austria renewal never needs your online-banking login or card number.
  4. Hang up on anyone who calls about it. If a "bank employee" phones about the same certificate, an error, or a transaction, end the call and dial your bank back on the number on your card.
  5. Never install AnyDesk, TeamViewer, or any remote app on a caller's instruction. That single refusal stops the entire second stage.

The warning signs, gathered in one place:

  • An SMS or email with a link to "renew" or "confirm" your ID Austria certificate. The real system never sends an active data-entry link.
  • A tight deadline. "Only 24 hours left," "final reminder," "access will be blocked." Urgency exists to stop you checking the real site.
  • A page that asks for your online-banking login or card details. ID Austria has no reason to want them.
  • A lookalike web address. A .info ending, a hyphenated "id-austria" or "web-id-austria," or an "at" glued mid-address to fake the Austrian domain. Real ID Austria is only on the official gv.at government domain.
  • A follow-up phone call about the same certificate. The two-stage combo of a data-harvest page and a bank-employee call is the signature of this exact wave.
  • Any request to install remote-access software. AnyDesk or TeamViewer requested by a caller is fraud, without exception.

What to do if you installed AnyDesk or entered your data

Move quickly. With a live remote session or fresh banking data, the money can move within minutes, so speed is what limits the damage.

  1. Cut the connection and uninstall the remote app. Close AnyDesk or TeamViewer immediately, then disconnect the device from the internet (turn off Wi-Fi and mobile data, or unplug it) so the attacker loses control. Uninstall the app afterwards.
  2. Call your bank now on the number on your card. Not the number the caller gave you. Report a remote-access takeover, ask them to freeze the account and block cards, and have them check for pending or just-completed transfers to reverse them.
  3. Change your banking and ID Austria passwords from a clean device. Use a different phone or computer that was never in the remote session. Change your online-banking password and any password you typed on the fake page, and revoke any active online-banking sessions.
  4. Scan the affected device and check for changes. Look for apps you did not install and payees or transfer rules you did not add. If in doubt, have the device professionally checked or reset before you bank on it again.
  5. Report it. File with the Austrian Federal Criminal Police via your local police, and report the scam site to Watchlist Internet so it can be taken down and others warned.
  6. Warn the people who share your accounts. If it is a joint or business account, tell the co-holders so they can watch for follow-up attempts.

How to report the ID Austria scam

  • Report to the Austrian Federal Criminal Police. Go through your local police or the Bundeskriminalamt at bundeskriminalamt.at, especially if money was lost or your account was accessed.
  • Report the scam page to Watchlist Internet at watchlist-internet.at, the Austrian consumer watchdog that tracks these campaigns and helps get pages taken down.
  • Check the official advice at onlinesicherheit.gv.at, the government's online-safety service, which published guidance on this exact wave.
  • Tell your bank even if you are unsure. Reporting an attempted remote-access takeover lets them watch your account and warn other customers.
  • Delete the message after reporting, and do not tap anything on the way out.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

  • Layer 1 - Local detection: 60+ URL pattern signatures plus a 550+ brand database and Punycode homograph checks, all running inside the extension before the page renders. A "renewal" page that wears the ID Austria or A-Trust brand while sitting on a domain that is not the official gv.at government address, especially a .info ending or a hyphenated "id-austria" lookalike, is exactly the brand-on-wrong-domain mismatch the engine is built to flag. Add the deadline-urgency wording and a login form asking for banking data, and the page trips multiple signals at once.
  • Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus and ScamAdviser feeds plus 30+ scam-TLD lists to flag domains already reported as malicious, which covers many ID Austria renewal lookalikes once they surface in threat data.
  • Layer 3 - AI deep scan (Premium): 100+ language content analysis catches brand-new lookalike pages in seconds, including a fresh ID Austria clone that copies the real styling but sits on the wrong domain and asks for your banking login "to verify your identity."

Honest scope: SafeBrowz flags and blocks the fake renewal page before it loads, so the data-harvest step, the first half of the scam, never reaches you. It reads the page you are about to open, not your inbox and not your phone line, so it cannot block the follow-up phone call or stop AnyDesk once you have installed it on a caller's instruction. That second stage is beaten by one habit: hang up on anyone who asks you to install remote-access software, and renew ID Austria only by opening the official site or app yourself.

Detection signatures come from threat-intelligence research and our internal brand database, not from user browsing data. SafeBrowz does not store per-user browsing history.

Where browser-layer defense fits

The text is the lure, but the theft starts on the page. That renewal link is where victims are pushed to hand over their ID number, login, and banking details, which is the hook the follow-up call then exploits. Browser-layer scanning catches that first step. When an ID Austria-styled page renders on anything other than the official gv.at government domain, a brand-aware scanner flags the impersonation before the form is usable. SafeBrowz is a free extension for Chrome, Firefox and Edge, plus a live Android app (Safari coming soon), that checks every URL before it renders against a 550+ brand database. Install SafeBrowz and pair it with the rule that beats this whole category: renew ID Austria only by opening oesterreich.gv.at or the official app yourself, and never install remote software because a caller told you to. The same two-stage pattern shows up across borders, from tax-refund text scams to fake delivery texts, so the habit protects you well beyond this one campaign.

Install SafeBrowz free

Add the browser extension, or the SafeBrowz Android app, that runs every link check in this article automatically, on every page, before it renders. Free forever, with optional Premium AI deep scan at $14.99 per year.

Chrome Add to Chrome Firefox Add to Firefox Edge Add to Edge Google Play Get it on Google Play

See pricing and Premium features

Frequently asked questions

Is the "ID Austria certificate expiring" text real?

No. A message that says your ID Austria certificate is expiring and gives you a link to renew or confirm it is a phishing scam. The certificate expiry is a real event for roughly 300,000 people between May and August 2026, but the authorities never send an SMS or email with an active data-entry link. The link in these messages opens a fake ID Austria page that harvests your ID number, login, and banking details. Renew only by opening oesterreich.gv.at or the official app yourself.

Why would a bank call me and ask me to install AnyDesk?

It is the second stage of the scam, and the caller is not really your bank. After you enter your data on the fake renewal page, a fraudster posing as a bank employee phones about a "technical error" or a "suspicious transaction" and pressures you to install AnyDesk or another remote-access tool so they can "see your screen." Once connected, they control your device and move money while you watch. A real bank never asks you to install remote-access software. Hang up and call your bank back on the number on your card.

How do I renew my ID Austria certificate safely?

Only inside a session you start yourself. Open the official government portal at oesterreich.gv.at or id-austria.gv.at, or use the official "Digitales Amt" app, and sign in there. The certificate is operated with A-Trust at a-trust.at. Never renew through a link in a text or email, and never enter your online-banking login on a renewal page. If your certificate genuinely needs renewing, you will see it in the official app or portal.

What are the fake ID Austria web addresses to watch for?

Austria's Federal Criminal Police and Watchlist Internet reported renewal links pointing to lookalike domains, including web-id-austria dot info and ld-austria dot at-kunden-ident dot info. These are illustrative of the pattern: a .info ending, a hyphenated "id-austria," or an "at" placed mid-address to fake the Austrian country domain. The real ID Austria only lives on the official gv.at government domain, never on a .info or hyphenated lookalike.

I installed AnyDesk and gave the caller access. What now?

Act fast. Disconnect the device from the internet to cut the remote session, then close and uninstall AnyDesk. Call your bank immediately on the number on your card, report a remote-access takeover, and ask them to freeze the account and reverse any pending transfers. From a different, clean device, change your banking and ID Austria passwords and revoke active sessions. Then report the fraud to the Austrian Federal Criminal Police and the scam page to Watchlist Internet.

How much has this ID Austria scam cost victims?

As of early April 2026, Austria's Federal Criminal Police reported nearly 100 cases with total losses of about 500,000 euros, and individual victims lost five-figure sums. The scale is driven by the two-stage method: the fake page harvests the data, and the follow-up bank-employee call with remote-access software lets the criminals move money as if it were an authorised login. That is also why the safest defense is refusing the remote-software step outright.

Related SafeBrowz coverage

Bottom line: the ID Austria "your certificate is expiring" text is a two-stage scam. A fake renewal page steals your ID and banking data, then a fake bank call talks you into installing AnyDesk so the account can be emptied while you watch. Real ID Austria renewal never comes as an SMS link, and no bank ever asks you to install remote-access software. Renew only by opening oesterreich.gv.at or the official app yourself, and put SafeBrowz on your browser so the fake renewal page never loads in the first place.