What to do?
The attackers created a very successful copy of the website of the MPSV. For this reason, the page's appearance may seem trustworthy at first glance. But don't be fooled, and check the URL of the page! This is because attackers deliberately create minor adjustments in URL addresses so that they imitate the official name of the address as best as possible (e.g.: they use mpvs instead of mpsv). However, the only official website of the Ministry has the format mpsv.cz, while the official address linking directly to information on the housing allowance looks like this:
It is also necessary to beware of fake login gateways of individual banks. Here, too, it is essential to check the URL address and thus verify whether we are really on the official website of our bank. No bank will ever ask you to share sensitive data via phone, email, or SMS. If you suspect you have received a fraudulent SMS, email, or phone call, it is advisable to check the phone number or email address on the bank's official website. However, the best solution in such a case is not to share any details over the phone or email. Instead, go communicate the issue to the bank in person. You will avoid possible problems.
Smishing, which the attackers use in the aforementioned fraudulent campaign, is one of the techniques of social engineering that exploit one of the most sensitive methods – psychological manipulation. You can read about other similarly insidious techniques and advice on how not to get scammed in the online course we have prepared for you. At the same time, we also recommend that you follow the activities of the Cybersecurity Team of Masaryk University, which warns you of current threats.