Datová schránka Phishing: How Scammers Exploit Czech Government Data Mailboxes

The datová schránka (data mailbox) is the Czech Republic's official electronic communication system between citizens and government authorities. Since 2023, all Czech citizens have been automatically assigned a datová schránka, making it the primary channel for receiving official documents from courts, tax offices, municipalities, and other government bodies. A message delivered to your datová schránka has the same legal weight as a registered letter.

That legal authority is exactly what scammers exploit. Fake datová schránka notifications create genuine panic — people fear missing a court summons, a tax deadline, or an official fine. Under that pressure, they click links, enter credentials, and hand over personal information without thinking.

How Datová schránka Phishing Works

The Basic Pattern

1. You receive an email or SMS claiming to be from the datová schránka system or a government authority.
2. The message says you have an urgent document waiting — a court notice, a tax penalty, a fine, or an official decision.
3. It includes a link to "log in and view your message."
4. The link leads to a fake login page that mimics the official datová schránka interface (mojedatovaschranka.cz).
5. You enter your login credentials, and the scammer now has access to your actual datová schránka — and all the personal information it contains.

Advanced Variants

Fake government document with malware. Some phishing emails include an attachment claiming to be the official document. Opening it installs malware — typically a banking trojan that captures your internet banking credentials.

Tax office impersonation. During tax season (March-April), scammers send messages claiming to be from Finanční úřad about a tax refund or penalty. The link leads to a phishing page that collects your personal data and banking information.

Court notice scare tactic. Messages claiming to be from a Czech court (Okresní soud, Krajský soud) create maximum urgency. People are terrified of ignoring a court summons and rush to click.

Municipal fine notification. Fake messages from city halls (Magistrát, Městský úřad) about unpaid fines or parking violations direct victims to payment phishing pages.

How to Identify Fake Datová schránka Notifications

Key fact: The datová schránka system sends notification emails when you have a new message, but the email itself does not contain the document. You must log in to the actual datová schránka portal to read it. Any email that includes the "document" as an attachment is fake.

Why This Scam Is Especially Dangerous

A compromised datová schránka gives scammers access to:

• Your rodné číslo and personal data from government correspondence
• Your tax information from Finanční úřad documents
• Legal documents including contracts and court orders
• The ability to receive official documents on your behalf — effectively intercepting your government mail
• Information they can use for further identity theft — applying for loans, opening accounts, or committing fraud in your name

Because the datová schránka has legal standing, a scammer with access could potentially acknowledge receipt of legal documents on your behalf, causing you to miss real deadlines.

How to Protect Your Datová schránka

1. Never click links in emails claiming to be from datová schránka. Always go directly to mojedatovaschranka.cz by typing the URL in your browser.
2. Use eIdentita (electronic identity) for login when possible. It provides stronger authentication than username and password alone.
3. Enable two-factor authentication if available for your datová schránka access.
4. Check the notification email sender carefully. Official notifications come from a specific system address. Random email addresses are always fake.
5. Never open attachments in datová schránka notification emails. Real notifications do not include document attachments.
6. Log in to your datová schránka regularly — messages are considered delivered 10 days after arrival even if unread. Do not wait until a scam email prompts you.
7. Use a strong, unique password for your datová schránka that you do not use anywhere else.
8. Keep your registered email address current so you receive genuine notifications.

What to Do If You Fell for a Datová schránka Phishing Scam

1. Change your datová schránka password immediately at mojedatovaschranka.cz.
2. Check your recent messages — See if any documents were opened or acknowledged without your knowledge.
3. Report the incident to NÚKIB (Národní úřad pro kybernetickou a informační bezpečnost) at nukib.cz.
4. File a police report with Policie ČR.
5. Contact the relevant government authority if you believe documents were intercepted or acknowledged fraudulently.
6. Change passwords for all accounts that shared the same credentials as your datová schránka.
7. Monitor your credit through BRKI/NRKI for unauthorized loan applications.

Share Government Documents and Personal IDs Safely

There are times when you legitimately need to share documents from your datová schránka — tax returns, official certificates, or ID copies — with an accountant, lawyer, or employer. Sending these via email leaves sensitive government documents sitting in inboxes indefinitely. Instead, use LOCK.PUB to create a password-protected memo or link that auto-expires. The recipient views the document information once, and it disappears. No permanent copy lingering in email threads.

The Bottom Line

The datová schránka is a critical piece of Czech digital infrastructure, and its mandatory adoption means every Czech citizen is a potential target for phishing. Scammers know that government notifications create fear and urgency — exactly the conditions that make people act without thinking.

The defense is simple: never access your datová schránka through a link in an email or SMS. Always go directly to the official portal. And when you need to share sensitive government information, protect it with LOCK.PUB — encrypted, temporary, and free.