Hungarian Financial Supervisory Authority warns banks and clients on phishing attacks

The Hungarian Financial Supervisory Authority (PSZAF) has published guidelines governing the phenomenon known as "phishing".

"Phishing" is the practice of sending out fake emails, or spam, written to appear as if they have been sent by banks or other reputable organisations, with the intent of luring the recipient into revealing sensitive information such as usernames, passwords, account IDs, ATM PINs or credit card details. Typically, phishing attacks will direct the
recipient to a web page designed to mimic a target organisation's own visual identity and to harvest the user's personal information, often leaving the victim unaware of the attack. Obtaining this type of personal data allows an attacker to impersonate its victims and make fraudulent financial transactions. Victims often suffer significant financial losses or have their entire identity stolen, usually for criminal purposes.

Based on the fact that in Hungary more than 400,000 clients are using banking services via the internet and the number of phishing attacks are growing at an alarming rate worldwide, the Hungarian Financial Supervisory Authority has published its guidelines on internet fraud.

The guidelines review the following:

• the actual techniques and tools used by phishers
• "best practice" for detecting and preventing phishing scams
• the establishment of a "phishing-proof" IT environment.

In the guidelines, the Hungarian Financial Supervisory Authority emphasises that it is not monitoring the internet and is not responsible for internet security. All phishing attacks should be reported directly to the relevant police authority.

Recently, one of the major Hungarian banks published a warning on its website that phishers had targeted its clients for the purpose of stealing their personal data.

For further information, please contact Dr. Árpád Lantos
at [email protected] or on +36 1 483 4823.