Talk to a fraud fighter

Fourteen European Banks targeted by a complex phishing campaign – ROT Alert

November 5, 2021

Last week our SOC team has discovered an elaborate phishing campaign targeting 14 Czech banks with different vectors abusing concerns about Bohemia Energy, electricity and gas supply; and rising energy prices.

The web pages mimic Česká Spořitelna & Czech Post pages to scam (old Bohemia Energy) users into leaving their online banking credentials so they can set up new automated payments to get some better prices.

Our research indicates that these (and those we previously reported) phishing campaigns are produced by the same actor/actors.

Although we’ve taken some steps to mitigate the phishing URLs, similar are being published daily. We urge banks to further educate their users about this threat.

This campaign is done from 2 different vectors: Česká Spořitelna & Czech Post pages.

Upon visiting the phishing site the user is welcomed by this screen which promises to transfer money in 2 installments to the user’s account:

Other page uses Czech Post branding for the same purpose:

Ultimately, upon venturing further the users are presented 14 different fake banking portals which are used to steal the credentials.

The full report, with technical details, screenshots and URLs is available on request and to ThreatMark’s Ring of Trust members.

If you wish to double check the technical details and want to receive the phishing URL, write to

Mitigation steps undertaken

Our SOC team has already taken some mitigation steps by reporting the phishing URL to Safe Browsing, reporting it to the domain registrar and the hosting provider.

Our recommendation

We recommend you alert your users that there’s an active phishing campaign offering money in 2 installments while emulating web pages featuring: Česká spořitelna and Česká Pošta (including their Pohlednice Online service branding) and fake banking gateways.

Depending on the capabilities of your existing security solution, try to find out which of your users have visited the phishing URL prior to coming to your site.

If you need help and require more details about this campaign please write us to


About Ring of Trust (RoT)

ThreatMark’s Ring of Trust (RoT)–is an invite-only initiative that aims to combat phishing frauds in the banking industry with a community approach: by sharing cyber threat intelligence among the members and disseminating the information for a faster and timely response.

The essence of the initiative is to combine intelligence and fight phishing scams from a common ground. Fraudsters work together to perpetuate fraud. We believe that the same approach works for preventing fraud as well.

At the core of the Ring of Trust is ThreatMark’s advanced fraud prevention solution complemented by a team of cybersecurity & fraud analysts from our Security Operations Center. Our technology uses various on-page and off-page methods to detect wide array of threats across digital channels. All detections are categorized and added to our Threat Intelligence systems for easier mitigation and future detections.

All Ring of Trust members benefit from this intelligence and a shared mission to combat fraud. We invite everyone to share with us all discovered phishing campaigns targeting banks with so we can facilitate mitigation and alert the Ring for significant threats.

Ring of Trust is an invite-only initiative. Interested parties can reach out for consideration at