Fake foreclosures have appeared in the Czech Republic

Fake foreclosures have emerged in the Czech Republic: another scam to get people's sensitive data and money.

Another type of scam to gain access to sensitive data has intensified on the Czech market in recent weeks. SMS were sent to randomly generated phone numbers informing about unpaid debts and inviting to check possible foreclosures on a very precisely prepared website with a valid certificate. However, these were fraudulent and aimed to lure unsuspecting people into using their bank or citizen identity to access their accounts and other information. This is according to the findings of the Czech company Analytics Data Factory, which focuses on fraud management, i.e. real-time fraud prevention.

"This was a very sophisticated and well-prepared scam to gain access to the most sensitive data. The language and the means used could very easily have fooled the citizen into logging on to the fraudulent site. In addition, the website, which was reportedly registered in Russia, operated for almost two days, during which time the attackers were able to collect information. Meanwhile, similar scams are becoming more numerous and sophisticated," says Kamil Mahdal, founder and CEO of Analytics Data Factory, an expert in managing and leveraging corporate data.

The whole scam worked by sending a text message to a phone number alerting about an outstanding debt and linking to a website where everything could be checked. As soon as the person clicked on the page, they were offered to verify the executions using the identities of Czech banks through which they could check. He could log in using his bank identity or his citizen's identity. Fraudsters could thus immediately access the citizen's sensitive data and misuse the data in various ways.

"How many people succumbed to the scam and what the consequences will be cannot be estimated at the moment. If a citizen receives such a message, they should immediately contact the National Office for Cyber and Information Security. The latter should investigate the incident, block the attackers' websites and inform the general public. It is worth noting in particular that the entire site was perfectly redacted, with a valid certificate, and moreover integrated the fraudulent login screens of most banks on the Czech market. It was essentially an aggregation fraud portal, which naturally and effectively circumvents the situation where the attackers do not know the specific bank of the visitor," says Jiří Mojžíš, fraud management expert and technical director of Analytics Data Factory.

Source: Analytics Data Factory and CTK