Warning: New Wave of Phishing Attacks

Updated October 21, 2023

We would like to warn you about a rise in phishing scams, which have been reported to us frequently through our customer helpline recently.

Currently, these messages may include:

Claims about cancelled payments and refunds
Contests and offers for extremely discounted products (e.g., from brands like KitchenAid)

With the holiday season approaching, online fraud is expected to increase.

Please do not respond to such e-mails, answer any questions, or fill in any personal or payment details. These e-mails are not part of any official marketing campaign by Alza.cz.

Phishing: krádež digitálních údajů

What is phishing?

In the world of e-commerce, one of the most common cyber threats is phishing. These attacks are becoming increasingly sophisticated and are often carried out via email, SMS, or instant messaging. They aim to create a sense of urgency or fear to trick victims into sharing sensitive information or clicking harmful links.

Often, it's immediately clear that the e-mail is not a legitimate message from Alza.cz.

General tips for identifying phishing

Fake identity: The attacker impersonates a trusted brand or company. They often use names of well-known organisations to build trust. For example, an e-mail may appear to be from Alza.cz, but the sender address might actually be a different entity.
E-mail design: Phishing e-mails often don’t look very polished. You might notice inconsistencies in font sizes, awkward greetings, or poor grammar. However, it’s important to remember that scammers are constantly improving at mimicking legitimate e-mails, so these red flags are gradually disappearing—making extra vigilance essential. 
Too-good-to-be-true offers: The message may claim you've won a contest or are eligible for an unbelievable deal. These scams often dangle popular products like the latest iPhone to lure in as many people as possible. Always ask yourself: did I actually enter any contest?
Request for sensitive information: Once they have your attention, scammers often ask for personal details such as your name, address, bank account, or credit card information—often under the pretext of processing a prize. The requests usually come with time pressure, such as “Act now or lose your reward.”
Misuse of information: If you provide your details, attackers may use them for financial fraud, identity theft, or other malicious activities. If your information has been stolen or misused, it’s essential to act quickly.

Why do attackers use phishing?

The primary goal of phishing attacks is to obtain sensitive data from victims. This includes login credentials for online accounts, banking information, e-mail access, and personal details such as names, addresses, phone numbers, or national ID numbers.

How do attackers use the information?

Attackers use this information for various purposes. They may leverage it for criminal activities like identity theft, fraudulent transactions, or money laundering. Sensitive data can also be sold on the black market or dark web to other criminals.

Gaining control of victims’ online accounts can lead to further fraud or blackmail. In corporate espionage cases, attackers may obtain sensitive information about competitors or business partners. Another risk is extortion, where the attacker threatens to leak sensitive data unless the victim pays a ransom.

What should I do if I become a victim of a phishing attack?

If you've fallen victim to a phishing attack and attackers have obtained your private information, it's crucial to act quickly and take steps to minimise the damage. Here's a general course of action:

Change your passwords: Immediately update your passwords for all online accounts—especially the affected ones. Use strong, unique passwords for each service.
Check accounts: Check your online accounts for unusual activity. If you notice any suspicious transactions or changes, report them to the relevant service or organisation.
Contact your bank: If your financial data has been compromised, call your bank or card issuer right away. Block the card and request a replacement. Review your statements and report any unauthorised transactions.
Enable two-factor authentication (2FA): Where possible, activate two-factor authentication to add an extra layer of security to your accounts. This requires an additional verification step beyond just a password.
Reach out to support: If the attack involves a specific service (e.g., e-mail, social media), contact their customer support and report the incident. Request assistance in securing your account.
Report the attack: File a report about the phishing attack with the appropriate authorities, such as your internet service provider, anti-phishing portals, or your national cybersecurity center.
Monitor your credit score: If your personal data was compromised, monitor your credit report to catch signs of identity theft. In some countries, you can set up alerts for changes to your credit file.

What to do if the attacker blackmails me?

Do not engage with the blackmailer: Avoid negotiating or meeting any demands. Responding can encourage more extortion attempts.

Preserve evidence: Save all evidence of the blackmail, including e-mails, messages, screenshots, and any other communication. This documentation may be crucial for investigations.

Contact the police: Report the blackmail to law enforcement immediately. Provide all collected evidence and cooperate with the investigation. Blackmail is a crime, and the police can offer support and protection.

Consult a lawyer: A legal expert specialising in cybersecurity or criminal law can advise you on next steps and help protect your rights.

Review your privacy settings: Review your privacy settings on social media and other platforms to minimise what personal information is publicly visible.

Has the attacker encrypted your hard drive?

If your hard drive has been encrypted, it’s likely a ransomware attack—a different form of cybercrime from phishing. In a ransomware attack, your files are locked, and the attacker demands a ransom to restore access.

What’s the recommended course of action for encrypted data? Learn more in our article: What is Ransomware?

Why you shouldn’t comply with blackmail demands

At a general level, it is recommended not to pay the ransom and not to communicate with the attacker. Of course, such advice is easier given than followed—in practice, the situation is rarely straightforward. But why is it still worth sticking to this principle?

No guarantee the blackmail will stop: There is no certainty that the attacker will honor their promises and cease harassing you or refrain from leaking sensitive data—even if you comply. Many victims have found that extortion continues even after paying.
You’re funding criminal activity: By negotiating or fulfilling the attacker’s demands, you fuel their illegal operations, encouraging them to target more victims.
Increased risk of future attacks: Once attackers know you’re willing to pay, you’re more likely to be targeted again—either by the same group or others.
Potential legal risks: In some jurisdictions, complying with extortion demands may itself be illegal, as it could be interpreted as aiding criminal activity.
Wider harm: Ransom payments often finance other illegal operations, creating broader harm to society.

Notable phishing attacks

Sony Pictures Attack (2014)

What happened? Attackers used phishing emails disguised as legitimate communications to trick employees into clicking malicious links or opening infected attachments.

Damage: This attack resulted in a massive leak of sensitive information. Thousands of e-mails, employees’ personal data, financial details, unreleased films, and business plans were made public. In addition to the direct financial losses from operational disruptions and system recovery costs, the company also faced significant reputational damage. Total damages were estimated in the hundreds of millions of dollars.

Lessons learned

Always verify emails that contain links or attachments, especially if they come from unknown or unexpected senders. Use security software that scans attachments and links for malware.

John Podesta Attack (2016)

John Podesta was the chairman of Hillary Clinton’s presidential campaign during the 2016 U.S. elections.

What happened? Podesta received a fake Google security alert, leading him to a phishing site where he entered his credentials.

Damage: The attack led to the leak of thousands of John Podesta’s emails, which were subsequently published on WikiLeaks. These e-mails contained sensitive information about Hillary Clinton’s campaign, resulting in a significant political impact and potentially influencing the outcome of the 2016 U.S. presidential election. Although the direct financial damages are unknown, the political and reputational harm was considerable.

Lessons learned

Never click on links in e-mails claiming to be security alerts. Always log in directly through the official website of the service. Use two-factor authentication (2FA) for an extra layer of protection.

Target Breach (2013)

Target is one of the largest retail chains in the USA.

What happened? Attackers used phishing emails to compromise computers of a third-party HVAC vendor. These unwitting providers then became the entry point to Target's network.

Damage: Attackers gained access to payment information from approximately 40 million credit and debit cards, as well as personal data belonging to around 70 million customers. This resulted in direct financial losses in the form of replacement cards and customer compensation, legal expenses, and fines. The total cost of addressing the attack was estimated at around