Phishing can cause billions in financial damage!

Phishing can cause billions in financial damage – here's how to recognise it!

Phishing has become one of the most dangerous cyber threats in recent years, targeting both individuals and businesses. Although many people have heard of it, few truly understand what phishing is, how it works, and what to do if they fall victim to it. In this article, we provide practical examples of phishing types, the warning signs to watch for, and key prevention tips.

Phishing has become one of the most dangerous threats in recent years.

What is phishing?

Phishing is a digital crime where attackers use deception to "fish" your data. 

Phishing includes all cyber-frauds where attackers use deceptive messages - such as emails, SMS, phone calls or social media posts - to obtain sensitive data.

In most cases:

  • passwords, credit card details,
  • personal data (e.g. address, social security number),
  • access codes or security tokens, etc.

Why is phishing so dangerous?

Phishing isn’t just a nuisance — one wrong click can lead to serious financial, legal, and personal consequences. 

1. Effects on individuals

  • Financial loss: Once they have your credit card details or access codes, fraudsters can empty your account in seconds.
  • Identity theft: They can steal our data and then apply for a loan, subscription or other service in our name.
  • Digital security breach: Stolen email or social media accounts can be used for spamming, further phishing campaigns.

2. Effects on businesses

  • Data leaks: Contracts, customer data, internal documents can fall into unauthorised hands.
  • Loss of customer confidence: If it is discovered that a company's customer data has been compromised, customers may leave.
  • Financial and legal consequences: GDPR and data protection fines, litigation, claims for damages may arise.
  • Reputational damage: One successful phishing or fake email campaign can tarnish your brand for years.

Interesting Fact: Billions lost to phishing

According to recent statistics from the Magyar Nemzeti Bank (MNB), cybercriminals stole nearly HUF 8.5 billion from Hungarian bank customers in the first quarter of 2025 alone. Of this, HUF 5.8 billion resulted from transfer fraud and HUF 2.7 billion from card fraud. Although these figures have slightly decreased compared to last year’s peak, the annual total still exceeds HUF 34 billion — an alarming trend. 

Phishing messages and psychological manipulation remain the main tools used by criminals to trick victims into voluntarily sharing login or payment data.

Reporting phishing is a key step to prevent fraudsters from reusing the data they have obtained.

Types of phishing: more than just an email

The methods of phishing are very diverse. Now let's see the most popular types!

1. E-mail phishing

This is the most typical form of online phishing, where scammers send out masses of messages that appear to be official. The message usually contains:

  • urgent tone ("check your account immediately"),
  • fake links
  • Malicious attachments

Their aim is to get the user to enter their login details on a fake website.

2. Voice Phishing (vishing)

Phone scams involve attackers trying to gain trust by making a phone call.

Often:

  • bank epmloyee,
  • an authority figure
  • a customer service representative

Typically, they ask for immediate action (e.g. to enter a code, to approve a transfer). This is one of the most dangerous forms, because a convincing voice can easily fool anyone.

3. SMS phishing (smishing)

Fraud in the form of SMS is also very widespread. Attackers send fake links in short text messages, such as:

  • on behalf of the parcel service provider,
  • with the promise of a prize or discount,
  • or disguised as a bank notification.

SMS often appear direct and authentic, so victims easily click on the attached link.

4. Social media phishing

On platforms like Facebook or Instagram, scammers:

  • create fake profile,
  • request information in private messages,
  • or advertise a deceptive prize draw.

People are often less suspicious when they receive a message on behalf of someone they know.

5. Spear phishing - targeted phishing

This form is much more personalised. The attacker gathers information about the victim beforehand (e.g. LinkedIn) and then creates a message that appears to be completely genuine. The target can be:

  • financial transaction,
  • obtain internal documents,
  • or download a malicious file.

6. Whaling - fraud tailored for leaders

This method targets senior executives and company directors. Messages often request urgent transfers or confidential data. A successful whaling attack can cause massive financial and reputational damage.

7. Other modern variants

  • Pharming: Redirects you to fake websites via DNS manipulation.
  • Evil Twin Wi-Fi: a fake public Wi-Fi network that intercepts traffic.
  • Angler phishing: social media fake customer services.
  • Clone phishing: a forged copy of a previous email with an infected attachment.
Internet fraudsters try to get your data in a number of ways.

How to detect phishing?

This is not always easy, because cybercriminals are using increasingly sophisticated methods. Yet there are typical signs that can help you distinguish between genuine and fake messages, calls or websites.

1. Signs of suspicious email or SMS

  • Strange sender: the message often comes from a similar but not exactly the same address
  • An urgent tone: "Enter immediately!", "Your account will be locked within 24 hours!" - these are typical tricks
  • Spelling mistakes: fake messages often contain typos or slang
  • Suspicious links: if you move the mouse over it, you can see that the link is not to the official web address

2. Phone scams

In phone scams, the perpetrators:

  • pretend to be a public official, a bank officer or a courier,
  • call for the immediate release of data,
  • often under pressure ("you need to confirm the transaction right now").

If someone asks for credit card details, a code or password over the phone, it is almost certainly fraud.

3. Detecting Facebook phishing

Typical forms of Facebook phishing:

  • sends a profile message that looks familiar and contains a suspicious link
  • prize draws that ask for details or a credit card number
  • fake customer support pages that require a password

It is always worth checking the authenticity of the page or profile.

4. Checking websites and login interfaces

Phishing often uses a fake website. Watch out for these:

  • Subtle domain differences: e.g. otpbank.hu instead of otp-bank-secure.com
  • Missing HTTPS encryption: always check that the web address starts with "https://"
  • Minor differences in appearance: different logo, colours, incorrect layout

5. General warning signs

  • If it's too good to be true (prize, gift, extra discount), it's probably a scam.
  • If an unknown person or organisation requests confidential data.
  • If the message is highly emotional - fear-mongering, urging, promises of reward.

How to report phishing in Hungary?

Reporting phishing is a key step to ensure that fraudsters cannot reuse the data they have obtained and harm others. 

In Hungary, there are several forums to report suspicious messages, phone calls or transactions.

1. Notify your service provider

If a bank, card or wire fraud has occurred:

  • the bank must be notified immediately,
  • block your card or online banking access,
  • and request verification of the transactions.

If Facebook phishing, email or SMS is suspected, you should report the incident via the service provider's security interface (e.g. "Report").

2. Contact the Police

In case of financial loss or misuse of personal data, a complaint can be made to the police. You should keep it for this purpose:

  • the full text of the email or SMS,
  • sender details and links,
  • a bank statement if a transaction has taken place.

The report can be made in person at the police station, but can also be reported online at Hungarian Police Administration Portal.

3. National Cyber Defence Institute (NKI)

The NKI accepts online reports of phishing and other cyber incidents and can coordinate with service providers to mitigate damage.

4. Important tips when reporting

  • Never delete a suspicious message or call log because it could be used as evidence!
  • Take a screenshot of the fraudulent website, email or SMS!
  • If you have suffered financial loss, act as soon as possible: a quick response increases the chances of recovering the money!

Phishing protection: practical tips

Prevention is an essential safety requirement for both individuals and businesses. Attacks can take many forms, but they all rely on user inattention. The good news is that a few simple habits and technological solutions can significantly reduce the risk.

1. Stay alert!

  • Never share passwords, bank details or codes by email, SMS or phone!
  • Do not click on unknown or suspicious links!
  • Always check that the website address is indeed the official domain!
  • Never delete a suspicious message or call log! These can be key pieces of evidence when reporting phone phishing.

2. Strong password management

  • Use a unique, strong password for each account!
  • Use a password manager so you don't have to keep all the combinations in your head!
  • Turn on two-step identification (e.g. SMS code, authenticator application)!

3. Technological protection

  • Install an antivirus and firewall and update regularly!
  • Keep your operating system and applications up to date!
  • Use a secure Wi-Fi network and VPN on public networks.

4. For businesses

  • Staff training: regular training to detect phishing
  • Security protocols: for example, financial transactions with multiple approvals
  • Artificial intelligence-based filters: that detect suspicious emails

Don't wait for the attackers to make their move! Get in touch with us, and build a protection system that will keep your organisation safe in the long term! Let's act together against cyber-attacks!