Warning: phishing campaign to misuse bank identity

We draw your attention to a phishing campaign that has been running since around the beginning of August. It uses the offer of a housing allowance from the Ministry of Labor and Social Affairs as a motive. Fraudulent messages are spread via e-mail or text messages.

31 Aug 2022

What's going on?

Together with the National Cyber and Information Security Agency, we are drawing attention to a phishing campaign that has been running since approximately the beginning of August, using the housing allowance offer from the Ministry of Labour and Social Affairs as a motive. The fraudulent messages are spread via e-mail or SMS with text machine-translated into Czech (in varying language quality, but where the flaws can generally be detected by careful reading).

The attackers use these messages to convince the victim to log in to the fraudulent site by entering their bank details and then actively use the login details to hack into their online banking, which sends a two-factor authentication prompt. The victim (believing themselves to be confirming their login) then confirms.

The campaign has been repeated in several waves with a constant change in the domains used. The attackers have already used (for example): mpsv-prihlaseni, mpcv or mpvs-bydleni. The CZ.NIC association is taking steps to block them, and the Cybersecurity Team of Masaryk University is also actively blocking these fake domains for access from the Masaryk University network.

What to do?

We recommend paying close attention to incoming messages and alerting your family and loved ones to the risk. When logging in (especially for banking), always check the address bar of your browser to make sure it is a legitimate URL, i.e. the address of the website. As you can see above, URLs are often very similar to the original address.

The official website of the Ministry of Labour and Social Affairs is located only at https://www.mpsv.cz/web/en. Any new fraudulent domains can be reported on the https://stoponline.cz/en/ website operated by the CZ.NIC association, and possibly also to the Police of the Czech Republic.

Source: https://www.nukib.cz/cs/infoservis/hrozby/1872-upozornujeme-na-phishingovou-kampan-s-cilem-zneuzit-bankovni-identitu/

Forged addresses are often very similar to the original ones, so you need to be careful, especially when entering your sensitive data. Sometimes a single letter or character may be substituted, for example, 'p' for 'q'.

Don't get caught...

The attackers in this campaign are using one of the techniques of social engineering, which are very insidious methods of attacking through psychological manipulation. Learn more about these practices in our course, so you don't become the next victim.


More articles

All articles

You are running an old browser version. We recommend updating your browser to its latest version.

More info