Warning against fraud abusing the identity of the Ministry of Finance of the Slovak Republic

The National Cyber Security Centre SK-CERT warns against fraudulent e-mails designed to give the impression that they are sent by the Ministry of Finance of the Slovak Republic. The e-mail promises a refund.

This is a large-scale phishing campaign. It abuses claims that are not based on truth. A real aim of the campaign is to lure the victim into providing their personal data and payment card numbers.

Please be advised that the Ministry of Finance of the Slovak Republic has never exhorted citizens to perform activities included in such a phishing campaign. Therefore, do not respond to such e-mails and fraudulent practices. The same approach was used by attackers in the past to distribute phishing e-mails under heading of Financial Administration.

The National Cyber Security Centre SK-CERT in relation to this campaign and also other phishing campaigns RECOMMENDS the following:

  • Follow the basic principles of cyber hygiene
  • do not open unverified messages and messages from unknown users;
  • do not open suspicious attachments (even in familiar formats such as .pdf/.docx and so on);
  • disable macros in documents;
  • do not open suspicious URLs;
  • if e-mail applications are used, disable the attachments preview function;
  • in case of suspicion, verify the content of the message with the sender in a different way (by phone, in person);
  • never respond to messages requesting any personal and sensitive information (login names, passwords, payment details).
  • Never log into any service directly from the URL received by an e-mail and be more cautious. When logging into services, use trusted URL links from websites of service providers.
  • Under no circumstances should you enter your personal/login information on websites that are anyhow suspicious or have no reason to request similar information.
  • Keep your devices updated, not only the operating system itself but also all software components.

How the attack is executed?



An example of a fake webpage

It has been detected that the fake pages are hosted on the following domains in this phishing campaign:



However, malicious domains may change on a case-by-case basis.

Under no circumstances should you visit this page and fill in anything. Malicious pages may look as follows:

« Späť na zoznam