UPDATE: Warning against fraud abusing the identity of Financial Administration

Attacks that abuse the identity of the Financial Administration are constantly continuing. The National Cyber Security Centre SK-CERT has again detected an increased incidence of phishing e-mails that have the same method of execution. The attacker uses a new domain hXXps://earl-cherpeau[.]fr

The National Cyber Security Centre SK-CERT, in cooperation with the Financial Administration, warns against fraudulent e-mails designed to give the impression that they are sent by the Financial Administration. The e-mail promises a refund.

This is a large-scale phishing campaign. It abuses claims that are not based on truth. A real aim of the campaign is to lure the victim into providing their personal data and payment card numbers.

Please be advised that the Financial Administration has never exhorted citizens to perform activities included in such a phishing campaign and asks citizens not to respond to such e-mails and fraudulent practices.

The National Cyber Security Centre SK-CERT in relation to this campaign and also other phishing campaigns RECOMMENDS the following:

  • Follow the basic principles of cyber hygiene
  • do not open unverified messages and messages from unknown users;
  • do not open suspicious attachments (even in familiar formats such as .pdf/.docx and so on);
  • disable macros in documents;
  • do not open suspicious URLs;
  • if e-mail applications are used, disable the attachments preview function;
  • in case of suspicion, verify the content of the message with the sender in a different way (by phone, in person);
  • never respond to messages requesting any personal and sensitive information (login names, passwords, payment details).
  • Never log into any service directly from the URL received by an e-mail and be more cautious. When logging into services, use valid URL links from websites of service providers.
  • Under no circumstances should you enter your personal/login information on websites that are anyhow suspicious or have no reason to request similar information.
  • Keep your devices updated, not only the operating system itself but also all software components.

How the attack is executed?


An example of a fake webpage

In this phishing campaign, fake pages are hosted on epgv01[.]fr domain. Under no circumstances should you visit this page and fill in anything. A malicious page looks as follows (there are also attached images of successive steps on the page):






« Späť na zoznam