Scammers Impersonate Czech VZP
New year, old scam — scammers are once again using fake emails to trick people into giving out their sensitive information. This time customers of Czech insurance company (VZP - Všeobecná zdravotní pojišťovna) are the target. Both Czech authorities and the VZP are warning the public about a widespread scam in which attackers send fake emails claiming you are owed an overpayment that needs to be processed.
TL;DR
Fraudulent emails are circulating in the Czech Republic, claiming to be from VZP and offering a large payout due to an overpayment. These emails contain links to phishing sites that steal your bank details or login info.
- Do not click on links sent via email: Use official websites to log in and check the information for yourself.
- Never enter your personal or banking information: Unless you verify the site you are visiting is legitimate.
- When in doubt, contact the company through official channels: Most companies, including VZP, have customer support , which is designed for you to call if unsure or suspicious.
How the Scam Works
For this kind of scam, this is how things usually unfold:
- Receive an email: You will receive an email that will include VZP’s logo and branding. It will usually appear similar or almost identical to the emails you are used to receiving.
- Alleged overpayment: The email will claim that you are owed a refund or that an overpayment is waiting to be returned. The email will state a specific amount (often several thousand crowns) to grab your attention.
- Links in the email: A link or button is usually included. It will urge you to click to confirm your bank details or verify your identity so the “refund” can be processed. If you click and enter personal or banking information, it goes straight to the attackers instead of VZP. ! No trustworthy company asks for your personal information or bank details via email.
- The website: The attackers may use very convincing domain names that look like they belong to VZP. Make sure to double/checks the domain of the website you are visiting is the correct one, or you might be giving away your personal information.
Examples of fake emails
- Below are two images showing examples of fake emails.
Why This Scam Is Effective
Scammers keep changing tactics, but new online scams never stop. As time goes on, people get more careful, so how is it that this scam works so well?
- Realistic-looking emails: Despite being fake, the emails sent look very real.
- Credibility of the company: People are familiar with VZP as a health insurer, so they are unlikely to doubt an email that seems to be sent by VZP.
- Giving instead of asking: Most scams claim to be selling merchandise or ask for a payment in some way. However, asking for information to return money sounds like good news, so recipients are less likely to doubt it.
How to Protect Yourself
- Be skeptical of any unsolicited emails that promise money or demand immediate action.
- Ignore or verify unexpected refund emails — especially those asking you to enter sensitive information.
- Check the sender’s email address — official VZP emails will come from addresses associated with vzp.cz.
- Do not use phone numbers or links provided in the email — instead, find contacts directly on VZP’s official website.
- Never enter your banking information or login credentials on a link opened from an email.
- Our app Redamp.io includes a Safe Surfing feature that effectively handles protection against the latest threats such as phishing or malware.
What to Do If You Have Already Fallen Victim
If you have already clicked a link or had your personal information taken:
- Contact your bank to block or freeze your account/card
- Change your online banking passwords and security settings
- Report the incident to the Czech Police
- Report the email to VZP so they can warn others
Final Recommendations for Your Safety
Stay informed! Read our blog and follow alerts in the app about the latest threats we’re monitoring for you.