Security and data protection
Protect your finances against fraudsters and thieves on the internet and beyond.
How to fight fraud
Learn to recognise the most common tricks fraudsters are using these days to steal your savings.
- They often pretend to be well-known companies or state institutions (such as ČEZ, Česká pošta, portál MOJE daně etc.).
- They falsely urge you to complete data or require some other action from you (e.g. update personal data, collect an overpayment, additional tax or transport duty, etc.).
- They send a link directing you to a fake website. You receive an instruction to immediately enter your banking login details or all the numbers on your payment cards.
- Check the sender: Always focus on who sent you the message. If you are unsure about anything, do not reply.
- Watch out for links: Always only log into internet banking, business client zones or websites of authorities only from the official website of the institution concerned, not by using a random link from browsers, an SMS or from an email.
- Look through the web address carefully: Fake websites appear to look legitimate, but they may contain small differences such as missing letters or typing errors. Always verify the web address before you click on the link.
- Fake demands: These fake messages are characterised by the fact that the other party is putting pressure on you. When scammers stress you out, they have a better chance of making you do what they want without thinking.
- Unsolicited requests (spam) for information: Stop and think. Are you expecting a message from the institution concerned? Is it normal for it to send you a refund this way?
- He wants either to gain access details to your George from you, permission for remote access to your computer or that you send money to a “secure” account, or place it in a “secure” ATM.
- Fake banker: “Your account has been hacked, so we must block it immediately to save your money. Give us your banking access details…”
- Fake investment advisor:
“We will require remote access to your computer for a daily overview of your investments... So, we can credit your account with money from investments we require access details to your internet banking.”
- If it is a “banker” that is calling, ask him to verify his identity using George. If he refuses, he is probably a scammer.
- If you are not sure that you are speaking to a bank employee, end the call and use our NON-STOP helpline 800 207 207.
- Never share your details with anyone over the phone. Always use George to communicate with your banker.
- Visit the official website of the given company and verify the information that is there. Or call the company’s official number. Do not verify information using the phone number/e-mail given to you by this stranger in an SMS or dictated over the phone. Do not call back on the number from which the potential scammer called you. Although it may look like the official number of an institution it could be a fake. Always newly enter and dial the number on your phone.
- Search for reviews of the company and the given phone numbers on the internet in several places and do not just rely on the website of the specific company. The more ratings you find the better.
- Stop and think. Why would anyone give a lot of money for little work? Would the given institution behave this way? How would you behave in the physical world – would you give the key to your home or your savings to a person you don’t know? What exactly do you know about the counterparty?
- Ask your close persons for advice.
- An advertisement on the internet or a fake advisor over the phone offers a bargain on buying shares or cryptocurrencies.
- They can abuse the names of well-known personalities or companies (e.g. recently names such as Petr Pavel, Petr Fiala, Leoš Mareš, ČEZ, Agrofert and others were abused).
- They try to convince you to start putting money into an investment account, or they offer you help straight away via a program or app that you have to download onto your device. In fact, they get remote access to control your bank account.
- They will warn you that the bank will try to stop the payment. They will force you to hide these investments from your bank, deny the true reason for the transaction and invent another, and give a false description of the purpose of the payment (e.g. vacation, etc.). The goal is to prevent the bank from blocking the fraudulent transaction in time to save your money.
- Check who you are communicating with.
- Don't share your account access and passwords or any card numbers with anyone.
- Do not install programs/apps based on a phone call.
- Be careful what you confirm and to whom.
- You'll get a text message, most often about housing or social security benefits etc. The text message pretends to represent the Czech Social Security Administration, the Ministry of Labour and Social Affairs or other institutions.
- The link from the message takes you to a fake web page that looks just like a login page to Bank ID or to your internet banking.
- Such contact is made in a few moments. The scammer will introduce himself as an employee or a bank officer from Česká spořitelna.
- WARNING: The call might be also made from a spoofed number, which means that it looks like a phone number of Česká spořitelna.
- The "bank employee" will tell you that you most probably clicked on a fake link and entered your details, giving the criminals access to your account.
- Then you will be advised to deactivate the account immediately, if you want to save your money.
- The only way to deactivate your account as directed by the caller, is to get an activation code from an ATM and share it with the caller. You are then told by the fake bank employee that with the activation code, they will "block" your account and "save" your money. But in fact, you gave them full access to your George and they can do anything with it..
- Activate George on a new mobile device;
- Reset your password to George; or
- Change the payment limit in George.
- Check who you are speaking with; the scammer can impersonate anyone. Always verify bank employees of Česká spořitelna via George / George klíč.
- Do not share your account logins and passwords or card numbers with anyone. Enter the activation code only in George.
- Be careful what you confirm and to whom.
Normally the first months of a year is the time when you receive bills for how much heating and energy you have used over the winter. It is also a time when you settle your taxes.
All this presents scammers with an opportunity − they send scam SMS or emails in which they attempt to induce you into refunding overpayments.
The ultimate goal of scam messages, also known as phishing, is: to direct you to a fake website and scam you for your internet banking login details, important card numbers or passwords for various websites such as Netflix.
What is typical of a scam message, whether this is an SMS or email?
Scammers still use the same proven “tricks” and just update them depending on the situation:
Scammers also often combine their methods. Firstly you may receive an SMS or email and then you can get a call such as from a bank employee that your account has been hacked. Read about what scam they are trying to use right now.
How to recognise a fake message?
Remember: No real institution will ever demand all the numbers on a card or George login details from you for a money refund. If they do refund you money, they just need the account number.
The best defence is vigilance. If you have any doubts, do not reply to the message, do not click on anything and verify the information on the official website of the institution or company concerned.
Have you received a scam SMS, email or have you come across some other fake message? Let us know. Send suspicious emails, SMS, chats or call recordings to our special email box podvody@csas.cz.
Have you been scammed by someone? Or do you suspect that someone has tried to scam you? Use the first aid of Česká spořitelna.
Scam calls are constantly on the rise. Fake bankers, advisors and others attempt to gain your trust, but they are always just interested in your money. How can you protect yourself effectively?
How you can immediately tell it is scammer:
The bank, police or an investment company will never ask you for access to your banking or passwords. It does not require these details even to save your money! None of these institutions will want you to send or place money in “secure” accounts or ATMs. This is always what a scammer will do!
How to verify that you are speaking to a banker or employee of Česká spořitelna:
Tips on how to verify companies, institutions, and state entities:
Do you want to learn more about scams? Follow our Security and Data Protection website.
Tip: Have you been scammed? Do you suspect an attempted scam? Use the first aid of Česká spořitelna.
Everything began with a purchase made in an e-shop
The story of Mrs Iveta began in a totally innocent way. She was attracted by discounts on one e-shop so she made a purchase. After having paid for the goods, it occurred to her to look at some reviews where she discovered that probably the e-shop was not reliable. The reviews were bad, some saying that the e-shop was untrustworthy. She very quickly realised that she had most likely just lost her money therefore to be sure she blocked her card and asked for a new one. She felt relieved. Because of her carelessness she had lost a couple of hundred crowns, but at least it had occurred to her in time to block her card.
Fake investment advisors are coming up with more and more sophisticated ways to lure you into high valuations in the form of investments in cryptocurrencies or shares of large companies such as ČEZ or Agrofert.
What is new is the attempt to persuade you not to tell the real reason for the transaction when contacting your own bank, so that the bank cannot warn you of the danger in time. So be careful.
How does the scam work?
How can you protect yourself?
It’s your money, be cautious, take your time and verify. If you suspect a scam, call us at +420 800 207 207. For more on the topic of fake investments, please visit our website. And remember, you can invest safely in George or speak to a banker at one of our branches.
Such thieves constantly improve their skills, combining different fraud and manipulation techniques. Their latest activity focused on our clients is to gain full access to their George through their activation code.
How does the scam work?
A scam can start with phishing:
Afterwards, you receive a call from a fake bank officer:
Beware of shopping from resale marketplaces or second-hand sites, where a fake buyer sends you a link to a common shipping service (Česká pošta, Zásilkovna, PPL, DHL, etc.). This page looks exactly like the real page, but it's actually an accurate fake. It has only one purpose - to trick you into giving out your George login and activation code.
What is an activation code and what happens after it is given to scammers?
The activation code is a one-time unique numeric code that you can get from an ATM, at a branch or by calling the helpline of Česká spořitelna.
Remember that the activation code is only used to:
Enter the activation code only in George. When you give it to a scammer via a link or over the phone, they get full access to your George. If someone tells you that they need an activation code from you, e.g. to block your account, this is a scam.
Using the activation code, they activate your George on any device and, from that moment, they can work in your George as if it were their own. Then they comfortably transfer your funds to other accounts, make purchases on e-shops or create virtual cards to withdraw cash. You can lose all your money within minutes.
How to protect yourself?
The story of Eliška from Plzeň
Eliška received a text message that looks like a message from the Ministry of Labour and Social Affairs, informing her that by clicking on a link, she could collect her housing benefits. Eliška typed the link into the internet search bar on her computer and logged in via Bank IDentity.
A few minutes after logging in, she received a call from a man who introduced himself as Mr. Novotný from security department of Česká spořitelna.
He informed Eliška that she had clicked on a fraudulent link, her account was attacked and it must be deactivated using her activation code from an ATM. Eliška went to the ATM; all the time she had the bank employee on the phone. She didn't know she was talking to a fake bank employee the whole time. .
Remote access to your computer
Fake merchants
Phishing
CEO fraud
Payment card phishing
‘Nigerian’ scams
Vishing<br>
Family fraud<br>
Skimming<br>
Fraudulent Invoices<br>
Straw Man
Ransomware
Security guidelines and recommendations<br>
Safely Downloading Mobile Apps
Minimize the risk of misuse of the George Key application
following simple rules.
How to Use Your Payment Card Securely
Protect your credit card from misuse.
Using Payment Cards with PKI Certification Securely
Protect your certificate card (PKI) from misuse.
Ten Security Rules for Using the George Key App
Minimize the risk of misuse of the George Key application
following simple rules.
Glossary
You will have certainly heard of phishing, skimming and scams, but do you know exactly what they mean? Here’s a look at the tricks used by fraudsters.
<b>Antivirus program </b>
George Key app
<b>Banking IDentity</b>
<b>CEO fraud</b>
<b>Family fraud</b>
<b>Free Trial</b>
<b>Cryptocurrency</b>
<b>Malware</b>
<b>Operating system </b>
<b>Personal firewalls </b>
<b>Phishing</b>
<b>Skimming</b>
<b>Software</b>
<b>Spam</b>
<b>Vishing<br> (or voice phishing)</b>
<b>Remote access </b>
What should you do if you become a victim of fraud?
First of all, don’t feel foolish. Fraudsters use clever and convincing tricks that even IT experts can fall for.
However, it is important to act quickly.
- Call 800 207 207 (+420 956 777 956 if calling from abroad) immediately and tell us what information you have disclosed (internet banking security details, card details, etc.)
- Request cancellation of the unauthorised transactions (unfortunately, this is not always possible)
- Report the incident to the Czech Police
- Change your internet banking security details
- Forward suspicious emails to phishing@csas.cz