The National Cyber Security Centre SK-CERT warns against a fraudulent campaign. The actors pretend to be police officers and contact their victims by phone. They try to extract various data from them – including personal and access data.
In this campaign, the attacker introduces himself as the police and after an initial talk, the victim is “connected” to the bank. Subsequently, the attacker tries to obtain data from the victim (already as an alleged employee of the bank) such as the payment card number, Internet banking login data or verification codes from SMS messages and other important information.
Fraudulent calls are made in the Slovak language to sound trustworthy.
The National Cyber Security Centre SK-CERT recommends to observe the following instructions regarding this campaign as well other phishing campaigns:
- If someone calls you from a number you do not know, do not introduce yourself with a name when you answer the phone. If that person tells you that he represents an institution (e.g. the police or a bank) and tries to convince you that you have a problem (e.g. he needs to confirm a suspicious payment), ask him if he knows who you are. Ask him not only your name, but also where you live, your bank account number (if calling from a bank) and so on. If he cannot answer, cancel the call.
- Never provide any data, e.g. your personal number, home address, name, e-mail, Internet banking login data, payment/credit card number, account number, SMS authentication codes, and so on through your phone, e-mail or other message. The bank as well as the police, state authority or a private company, should not request such information by phone, e-mail or SMS. Never respond to the request for your data asked in this way.
- If someone asks you to provide such data by phone, e-mail or other message, say goodbye to the caller and hang up. Continue your communication by calling the official phone number, which you can find on e.g. the website of the company/institution. Do not trust the number that the caller would like to tell you for this purpose without proper verification.
- If someone called you, introduced himself as an employee of a bank (the police, state authority, energy company and so on) and wanted personal data or sensitive information from you, please inform the National Cyber Security Centre SK-CERT via the form at https://www.sk-cert.sk/en/tips-and-tricks/report-an-incident/index.html or by e-mail to firstname.lastname@example.org. In the incident report, enter the conversation details as well as the number and e-mail addresses provided by the caller as verification contacts.
« Späť na zoznam