Czech Banking Phishing: How Scammers Target Česká spořitelna, ČSOB, and Komerční banka Customers

The Czech Republic has one of the highest internet banking adoption rates in Central Europe. More than 6 million Czechs actively use online banking through platforms like George (Česká spořitelna), ČSOB Smart, and My KB (Komerční banka). That widespread digital adoption has created a massive target for phishing operations. In 2025, the Czech National Bank and NÚKIB (Národní úřad pro kybernetickou a informační bezpečnost) reported a sharp increase in banking phishing attacks, with losses running into hundreds of millions of Czech koruna.

Here is how these scams operate and what you can do to stay safe.

How Czech Banking Phishing Works

The attack pattern is almost always the same. You receive an SMS or email that appears to come from your bank. The message creates urgency — your account has been blocked, a suspicious transaction was detected, or your banking certificate is expiring. It includes a link to what looks like your bank's login page. When you enter your credentials, the scammers capture them in real time and drain your account.

What makes Czech-specific attacks dangerous is how well scammers have adapted to local platforms. They know that Česká spořitelna uses George, that ČSOB has its Smart banking app, and that KB customers rely on My KB. The phishing pages are near-perfect replicas of these specific interfaces.

The Most Common Czech Banking Scams

1. Fake George App Notifications

Česká spořitelna's George platform is the most targeted banking interface in the Czech Republic. Scammers send SMS messages claiming your George account has been locked due to suspicious activity. The message includes a link to a fake George login page. Once you enter your client number and password, the scammers use them immediately. Some advanced versions even intercept the SMS authorization code by prompting you to enter it on the fake page.

Example message: "Vaše George aplikace byla zablokována z bezpečnostních důvodů. Ověřte svou identitu: [fake link]"

2. ČSOB Smart Banking Alert Scam

These messages claim there is a problem with your ČSOB Smart banking app. You are told to verify your identity by clicking a link. The phishing page mimics the ČSOB login portal. Some variants ask you to install a "security update" that is actually malware giving scammers remote access to your phone.

3. KB Certificate Expiration Trick

Komerční banka customers receive messages about their digital certificate expiring. Since KB does use certificate-based authentication for some services, this scam feels especially convincing. The link leads to a fake page where you are asked to enter your login details and approve a new certificate — which actually authorizes a fraudulent transaction.

4. Fake Bank Call Centers

An increasingly common variant is the follow-up phone call. After you click a phishing link (even if you did not enter credentials), scammers call you pretending to be from your bank's security department. They reference the fact that you visited the page, making the call seem legitimate. Then they walk you through "securing your account" — which actually means approving their fraudulent transactions.

Red Flags for Czech Banking Phishing

How to Protect Your Czech Banking Accounts

1. Never click links in banking SMS messages. Always open your banking app directly or type the URL manually in your browser.
2. Verify the URL carefully. Česká spořitelna is george.csas.cz. ČSOB is ib.csob.cz. Komerční banka is my.kb.cz. Anything else is fake.
3. Enable push notifications in your banking app instead of SMS-based authorization codes. Push notifications are harder to intercept.
4. Set transaction limits. Most Czech banks allow you to set daily transfer limits through the app.
5. Use biometric authentication (fingerprint or face ID) for your banking app when available.
6. Never share your authorization code with anyone. No bank employee will ever ask for it.
7. If you receive a suspicious call, hang up and call your bank directly using the number on the back of your card.
8. Report phishing attempts to your bank and to NÚKIB at nukib.cz.

What to Do If You Fell for a Banking Phishing Scam

1. Contact your bank immediately — Call the emergency line on the back of your card. Česká spořitelna: 800 207 207, ČSOB: 495 800 900, KB: 955 559 550.
2. Block your internet banking and payment cards through the app or by phone.
3. File a police report at your local Policie ČR station.
4. Report the phishing URL to NÚKIB and your bank's fraud department.
5. Change your passwords for all accounts that shared the same credentials.

Share Banking Details Safely When You Need To

There are legitimate situations where you need to share your bank account number, IBAN, or payment instructions with someone. Sending these through email, Messenger, or SMS leaves them sitting in your chat history forever. Instead, use LOCK.PUB to create a password-protected, auto-expiring link. The recipient enters the password to view your banking details, and the link self-destructs after expiration.

The Bottom Line

Czech banking phishing is sophisticated and locally adapted. Scammers know exactly which platforms you use and craft their attacks to match. The single most important rule: never click a link in an SMS claiming to be from your bank. Open the app directly. Type the URL yourself. And if someone calls claiming to be from your bank's security team, hang up and call back on the official number.

For sharing any sensitive financial information, use LOCK.PUB — free, encrypted, and designed to disappear after it is read.