What's going on?
Together with the National Cyber and Information Security Agency, we are drawing attention to a phishing campaign that has been running since approximately the beginning of August, using the housing allowance offer from the Ministry of Labour and Social Affairs as a motive. The fraudulent messages are spread via e-mail or SMS with text machine-translated into Czech (in varying language quality, but where the flaws can generally be detected by careful reading).
The attackers use these messages to convince the victim to log in to the fraudulent site by entering their bank details and then actively use the login details to hack into their online banking, which sends a two-factor authentication prompt. The victim (believing themselves to be confirming their login) then confirms.
The campaign has been repeated in several waves with a constant change in the domains used. The attackers have already used (for example): mpsv-prihlaseni, mpcv or mpvs-bydleni. The CZ.NIC association is taking steps to block them, and the Cybersecurity Team of Masaryk University is also actively blocking these fake domains for access from the Masaryk University network.
What to do?
We recommend paying close attention to incoming messages and alerting your family and loved ones to the risk. When logging in (especially for banking), always check the address bar of your browser to make sure it is a legitimate URL, i.e. the address of the website. As you can see above, URLs are often very similar to the original address.
The official website of the Ministry of Labour and Social Affairs is located only at https://www.mpsv.cz/web/en. Any new fraudulent domains can be reported on the https://stoponline.cz/en/ website operated by the CZ.NIC association, and possibly also to the Police of the Czech Republic.