Kyberbezpečnost
OK
When an Attack Starts with an Ordinary Message
Attackers are increasingly mimicking everyday corporate communications. Protection therefore depends not only on technology, but above all on your good habits and ability to verify information.
Five tips for your security
The foundation of protection isn't complex technology, but good habits and the ability to pause when in doubt. Attackers often apply pressure and try to force the victim into a quick response. If something 'doesn't feel right' – such as an unexpected request or the method of communication – it's always better to pause the conversation and verify the situation.
1
Verify
In unusual situations, verify the person's identity through another independent communication channel, preferably a company phone or email.
2
Slow down
Urgency is one of the most common tools of manipulation, so do not succumb to pressure to act quickly or keep things secret.
3
Don't rely on impressions
Neither voice nor video is reliable proof of identity today. Therefore, do not share sensitive information via informal communication tools.
4
Protect your access credentials
Do not provide passwords, PINs, or one-time codes to anyone. Follow standard work practices and established procedures.
5
Don't be afraid to speak up
Reporting incidents early protects not only you but others as well.
Deset varovných signálů
1
Nesedí adresa odesílatele
Jméno je správné, ale doména za zavináčem je podezřelá, má například koncovku @micros0ft-support.com.
2
Nátlak na rychlou reakci
Odesílatel vám píše slova jako „okamžitě“, „poslední výzva“ apod.
3
Požadavek na heslo nebo přihlášení
Nikdy se nepřihlašujte z odkazu v e-mailu.
4
Nečekaný finanční požadavek
Všímejte si v e-mailu změny čísla účtu nebo žádosti o platbu.
5
Podezřelé přílohy
Nikdy neotevírejte dokumenty s makry a přílohy s příponami .ZIP, .EXE a vše nahlaste IT Security v útvaru FIG/2.
6
Podivný jazyk
E-mail může být psán špatnou češtinou nebo má nepřirozený tón a slovosled.
7
Nesedí kontext
Jestliže jste žádáni o potvrzení objednávky, ačkoli jste si nic neobjednali, e-mail nejlépe nahlaste nebo ignorujte.
8
Neobvyklé odkazy
V e‑mailu se objevují zkracovače (bit.ly) nebo cizí domény. Skutečnou adresu zkontrolujete tak, že na odkaz najedete myší.
9
Nesoulad v brandingu
Logo v e-mailu je rozmazané nebo má jiný počet písmen či odlišné barvy.
10
Žádost o diskrétnost
V e-mailu se objevují spojení: „nikomu nic neříkejte“ nebo od „vedení“.
Digital communication is now a common part of work, which is precisely why cyber attackers are increasingly targeting it. Using modern technologies, they can create highly convincing messages, calls, and videos that appear completely normal at first glance. It is not the technical complexity of the attacks that matters, but the ability to mimic work-related communication and inspire confidence. The more naturally an attack fits into daily routines, the more dangerous it is.
New Threats
The way we communicate is changing – and so are attackers' methods. They no longer rely on system flaws, but on inattention and poor working habits. Attacks often occur through informal channels, such as chat apps, where people typically pay less attention to details. Typical signs include short messages related to work topics, unexpected voice or video calls, and often links or QR codes leading to fake websites. Attackers use all of these as follow-up steps after seemingly trustworthy communication. A common feature is a sense of urgency and an attempt to create the impression of an exceptional or confidential situation.
What an attack might look like in practice
A targeted cyberattack aimed at senior Škoda Auto employees was recently recorded. The attacker sought to give the impression of legitimate internal communication at the managerial level and leveraged authority and trust. Contact was made via WhatsApp from an unknown phone number, whose international area code matched the home country of the person the attacker was impersonating. Profile photos and other publicly available materials of real individuals from Škoda Auto were used to bolster credibility. In these cases, a voice or video call also followed. Thanks to the caution of the executives who were contacted and the verification of identity through another, independent communication channel, the attack was detected in time and reported before any damage occurred.
Sophisticated cyberattacks from recent times
These days, you can no longer spot such an attack by typos or garbled messages. Attackers use highly sophisticated methods of communication, aided significantly by artificial intelligence. Here are a few real-life examples.
Modern cyberattacks rely primarily on psychology and the exploitation of trust and masquerade as ordinary private or corporate communication.
For example, last year the Czech Police warned the public about a new wave of scams that had emerged on the social messaging app WhatsApp. Unknown perpetrators hacked into users' accounts and then, using that identity, contacted their friends or family asking them to send money. A typical scam scenario involved a message that appeared to have been written by a family member, colleague, or friend.
A phishing campaign targeting WhatsApp users took place in recent days. A message arrived from a trusted source asking to 'vote in a contest' for the daughter of an acquaintance. The link led to a page that looked like a regular poll, but was actually part of a sophisticated account takeover scheme. What was unusual was that it also affected users from the IT and security community.
Both Microsoft and Google have also warned about the growing number of attacks via MS Teams or Slack. Attackers pose as IT support or colleagues and try to trick employees into installing remote access tools.
Czech companies have also reported cases of so-called CEO fraud, where employees received an urgent message purportedly from company management requesting an immediate payment or the sharing of internal information.
Tip
If you suspect unusual communication, always contact the Service Desk. It operates 24/7 and accepts requests via a web form, by phone at +420 326 817 777, or via e‑mail.
Cybersecurity