Messages pretending to be Czech authorities

A new wave of phishing attacks is targeting Czech citizens, with scammers posing as official government institutions like the Ministry of Finance and in the latest scheme as the Ministry of Transport. These attacks use emails, SMS messages, and phone calls to steal sensitive banking information by directing victims to fake websites.

Which names and authorities are used for this scam

The Most Recent Fake Traffic Fines

The latest wave of phishing attacks is targeting the Ministry of Transport of the Czech Republic (MDČR) - https://mdcr.cz/ . These phishing emails, SMS messages and phone calls often contain links to fake websites that look like official MDČR portals. The image below is an example of the current form of the fraudulent https://do-konta-ridice-gov-cz.eu website, which mimics the page on the official domain gov.cz .

The scammers' messages urge immediate payment of fines for traffic violations. The aim is to trick victims into entering their bank login details, see below.

Update as of 13th February 2024

• We have recorded a new campaign on fake fines that uses website https://portalgovcz-formulare-id-vypis-zbodoveho-kontaid-ridice-cz.top/.

Fake Tax Refunds

One of the earlier phishing campaigns posed as a communication from the Ministry of Finance of the Czech Republic (MFČR) - https://www.mfcr.cz/ . Victims were lured with the promise of a tax refund. The scam was spread through emails, SMS messages, and sometimes even phone calls, all containing links to fraudulent websites that mimicked official MFČR portals. The goal was again to trick victims into entering their bank login details.

False Housing Allowance Offers

Another wave of phishing attacks targeted individuals with fake offers of housing allowances, allegedly from the Ministry of Labour and Social Affairs (MPSV) - https://www.mpsv.cz/ . This scam also employed emails, SMS messages, and calls, directing recipients to counterfeit websites designed to steal sensitive information under the guise of government aid.

Fraudulent Communication about Social Aids

In some cases, phishing scams masqueraded as communications from the Czech Social Security Administration (ČSSZ) - https://www.cssz.cz/ . Victims received emails or SMS messages claiming to contain important updates or requests for information, urging them to follow links to fake websites. The intention was to capture login credentials and personal details.

How Attackers Target People

1. Emails: Phishing emails mimic trusted sources, like government institutions, using official-looking logos and addresses. They often link to fake websites to steal sensitive information.

2. SMS Messages: Scammers use "smishing" to send texts claiming urgent information or benefits, directing victims to fraudulent sites.

3. Phone Calls: Scammers may call directly, posing as government officials, to pressure victims into giving personal details or visiting fake websites.

How to Protect Yourself

1. Use Safe Surfing feature: This feature in Redamp.io application can filter out malicious URLs.

2. Check the Sender: Verify the email address for slight misspellings or unusual characters. You can also verify the phone number that has sent the suspicious message via website like Call Insider .

3. Look for Errors: Watch for spelling or grammar mistakes, which are common in phishing attempts.

4. Inspect URLs: Hover over links to check the full URL. Legitimate sites have simple, official addresses (e.g., "mdcr.cz").

5. Verify Urgency: Be cautious of messages using urgent language or surprising offers to pressure you.

6. Confirm with Official Sources: If in doubt, contact the ministry directly using contact info from their official website.