Hungarian Post Facing Hard Time As Phishers Target Its Customers: All About This Phishing Scam

Hackers Use Hungarian Post’s Name And Logo To Bait Its Customers Into Sharing Private Data

Hungarian Post (Magyar Posta) announced that its customers are receiving e-mails asking for their confidential information. The details demanded include addresses, bank account details, etc. Customers are requested to share these details if they want to win exciting prizes, such as mobile phones. This phishing scam first came to light when a customer reported it in January 2019. Magyar Posta claims that these e-mails were not coming from them and that phishers are targeting the institution’s customers. However, as of now, there is no report of any customer falling victim to the attack. An advisory by the Hungarian Post states that the customers must take caution before clicking on any link or downloading an attachment from a new e-mail. The customers should verify the sender before opening any links or attachments.

In January, when this phishing scam first came to light, customers reported receiving suspicious e-mails and pop-ups while surfing the internet. However, recently, customers are also reporting fraudulent text messages. These text messages also offer expensive prizes in return for private credentials of the users.

What Is The Response Of Magyar Posta?

Hungarian Post does send out promotional offers to its customers. However, they claim that they never sent fraudulent e-mails. They claim that they have all the information notifications printed on their webpages, whenever such offers are out for its customers.

Hungarian Post made it clear that they never tie-up with any advertisement company, even if they are running promotional offers. Magyar Posta announced that they never ask for personal information in e-mails or over phone calls. Flashy ads are created in such a way to attract users to click them. The organization advised its customers to take precautions and look for evident signs of a phishing attempt in the e-mails. These include looking out for grammatical errors, missing accents, missing posta.hu URL, and other indications. The users must thoroughly consider before sharing sensitive data on any website.

What Is The Modus Operandi Behind These Attacks?

• Most of the e-mails reported by the customers were asking them to share personal details, to win exciting prizes, including mobile phones. Others said that the e-mails were purporting them winning a lottery and asking for their bank details.
• A link given in the e-mail when clicked upon lands the user on a web page that looks similar to the Magyar Posta website but is fake.
• These e-mails are asking for user IDs, passwords, credit card numbers, and addresses of customers, to claim the lottery prize.

How To Respond If An E-Mail Says You Won The Lottery?

• Check the e-mail address of the sender. Hackers cleverly design these e-mails to look genuine and carry the Hungarian Post’s name and logo. They also have a similar domain name, but with a slight grammatical error.
• Lots of exclamation marks are intentionally added to demonstrate the “ACT NOW” and manipulate the user for taking immediate action.
• Most of the fraudulent e-mails offer costly gifts, such as mobile phones. They require the user to enter personal information, failing which, there are chances of losing the lottery. The adversaries also send text messages with the same content and a fake link.
• In case you receive such an e-mail from Magyar Posta, check if the e-mail demands urgent action. If yes, directly contact the actual sender by phone, or physically visiting the nearest post center.
• Check if the link is similar to the Magyar Posta website and opens a new page that does not have “posta.hu” in its URL. If so, avoid taking any action on this page and quickly close the page.
• If you notice any advertisements popping on a webpage you visit, claiming to win a lottery or other lucrative offers from the Post, avoid clicking on such ads.
• These e-mails use incorrect Hungarian language and skip specific accentuation symbols to by-pass the spam filters. One can check for these anomalies by carefully analyzing the sender’s e-mail address and the URL of the website.

A Few Tips To Protect Yourself From Phishing Scams

• Never rush in clicking the links provided or downloading the attached document; it could be a scam. Check for its legitimacy before sharing any information.
• The attachment, if downloaded, could infect your computer system if the attachment contains malicious code.
• All devices should have macros disabled and carry out prompt patching of the operating system. It is essential to stay up to date with the current changes in the software program of operating systems.
• Organizations must carry out adequate awareness training programs for individuals and employees. Such pieces of training make the employees abreast with all types of malicious threats and how to avoid falling for them.
• Enterprises must implement and install advanced Anti-Phishing solutions in the systems for early detection and prevention of these cyber threats.
• Spam filters, firewalls, and web gateways are some tools which efficiently block malicious IP addresses. Organizations must deploy these tools to block detected threats.
• They must install a high potential firewall in the system.
• All browsers have an anti-phishing toolbar that can be customized and is helpful for preliminary detection of threats. Additionally, it contains information about the blocked websites from other browser’s toolbars.
• Only visit those web pages which are either from a trusted source or protected by a secured socket layer. Secure links generally begin with the prefix in URL “https”.
• Scam filters may allow 0.1% pilferage of threat e-mails and thus, can be harmful. Therefore, a web filter must be installed in the systems that detect unauthorized web pages and shows alert notifications.

Final Words

Phishing scams are rising at an alarming rate, and it is natural that hackers decided to target reputed institutions and organizations. Many individuals and organizations keep reporting such fraudulent tactics in emails, texts, and flashy ads on their webpages. Organizations must deploy a mix of preventive and detective controls in the form of anti-phishing solutions, anti-virus or anti-malware solutions, etc. to keep their information assets safe.