The National Cyber Security Centre SK-CERT warns against a large-scale fraudulent campaign conducted through phone calls.
The principle of this campaign is to extract different data from the victim, including personal and access data, through phone calls (so-called phishing/vishing). A phone call from an attacker (regardless of where the phone call really comes from) appears to come from a bank number or another trustworthy institution (e. g. the police) or another unknown number for you. However, the phone call does not come from a number actually displayed as the caller’s number. Under the pretence of, for example, checking a suspicious payment, credit information or another bank service, the attacker tries to obtain data from you as an account holder, such as the payment card number, Internet banking login data or SMS verification codes.
Today, the campaign is conducted in the Slovak language. Callers can use very good Slovak and to sound trustworthy.
The National Cyber Security Centre SK-CERT recommends to observe the following instructions regarding this campaign as well as other phishing campaigns:
- If someone calls you from a number you do not know, do not introduce yourself with a name when you answer the phone. If that person tells you that he represents an institution (e.g. a bank) and tries to convince you that you have a problem (e.g. he needs to confirm a suspicious payment), ask him if he knows who you are. If he cannot answer, cancel the call.
- Never provide any data, e.g. your personal number, home address, name, e-mail, Internet banking login data, payment/credit card number, account number, SMS verification codes, and so on through your phone, e-mail or other message. The bank as well as the police, state authority or a private company, should not request such information by phone, e-mail or SMS. Never respond to the request for your data asked in this way.
- If someone asks you to provide such data by phone, e-mail or other message, say goodbye to the caller and hang up. Continue your communication by calling the official phone number, which you can find on e.g. the website of the company/institution. Do not trust the number that the caller would like to tell you for this purpose without proper verification.
- If someone called you, introduced himself as an employee of a bank (the police, state authority, energy company and so on) and wanted personal data or sensitive information from you, please inform the National Cyber Security Centre SK-CERT via the form at https://www.sk-cert.sk/en/tips-and-tricks/report-an-incident/index.html or by e-mail to firstname.lastname@example.org. In the incident report, enter the conversation details as well as the number and e-mail addresses provided by the caller as verification contacts.
« Späť na zoznam