Skip to main content

FAQ

If you learn that your password has been leaked, you should follow these steps to keep your data safe:

  1. Change your password!
    Change the leaked password immediately to a strong password that is not similar to the leaked one.
  2. Log out on your devices!
    Log out of all devices where you are logged into your account.
  3. Set up multi-factor authentication!
    Use biometric identification and/or authentication apps for enhanced security.
  4. Monitor our bank account!
    In particular, if financial data passwords have been leaked, check transactions regularly and freeze the card if necessary.
  5. Inform your friends and colleagues!
    Inform those who may be affected by the leak of your password, especially those responsible for IT security at work.

Verifying the authenticity of emails is an essential step for secure digital communication. The following steps will help you make sure that incoming emails are authentic:

  1. Check the sender!
    Check the sender's name and email address carefully. Often the name may look familiar, but the email address is suspicious or strange. Look out for small discrepancies such as extra characters or domain names (e.g. "example.com" instead of "example.co").
  2. Look at the details of the headers!
    The information in the headers of emails can tell you a lot about the origin of the message. Most mail clients allow you to view the full header. Look for items such as the name of the sending server and DKIM records.
  3. Look at the content of the message.
    Pay attention to the style and wording of the message. Many malicious emails contain grammatical errors, poor-quality logos or unusual formatting. These can be warning signs.
  4. Ask questions when in doubt!
    If an email asks for personal or financial information, be sure to verify the request through another channel. Call an official phone number or write to another known e-mail address.

In line with GDPR, cookies that are not strictly necessary for the essential functionality of a website should only be activated if the end-user has given his or her explicit consent to their use, knowing the specific purpose of the data collection.  

In most cases, the acceptance of cookies on a website will not have negative consequences, but it is worth reading the related notice carefully to be aware of exactly which kind of cookies are used by the website and for what purpose, so that only those that are truly necessary are accepted (e.g.: basic cookies, recommended cookies, marketing cookies, etc.) 

Accepting cookies is not recommended in the following cases:

  • unencrypted websites (where the padlock icon next to the web address in the search bar is not locked), or any other suspicious websites that look like a scam
  • third-party cookies
  • cookies flagged as suspicious by an antivirus software
  • if you‘re sharing personal data on the website (e.g. bank details, ID number, etc.)

Browsers have the option to disable certain types of cookies or even all cookies in general, but it is important to keep in mind that disabling all cookies can greatly affect your browsing experience.

The first and most important thing to remember is that, as frustrating as it can be, it's best to change your password regularly.
 A good password:

  • contains no meaningful words, even in a foreign language
  • does not contain any information about us, whether words or numbers
  • is of appropriate length (usually at least 8 characters)
  • contains a mixture of upper and lower case letters, special characters and numbers
  • is easy to remember
  • does not contain accented characters (which may not be available everywhere)
  • is specific to each system

In order to avoid having a password that is an impossible to remember gibberish, it may be optimal to start with a motto. Choose a phrase that is easy for you to remember, either a line of poetry or another slogan e.g. If we shadows have offended. The first letters of the sentence form the basis of our slogan: iwsho. If you add capital letters, memorable numbers and special characters along some logic, you get a password that meets the above requirements: iwS_hO53.

Under no circumstances should you choose a password that:

  • is specific to you (nickname, family member or pet name, favourite football team, etc.)
  • easy to guess (a sequence of numbers like 1234 or a sequence of characters like qwerty)
  • is too short (2-5 characters long), if it has any length at all ("just hit enter and you're in!")
  • contains characters that may not always be available (e.g. accented characters)
  • is a known word in any language
  • can only be remembered if you write it down somewhere

Never use the same password for multiple systems or services!

Since the essence of a brute-force attack is to try to crack your passwords and other identifiers by trying all the combinations that exist, the most effective defense is to change them frequently and choose passwords of sufficient complexity that can take several years to crack.

If you choose to decline the use of cookies, you may not get the full user experience on the website. Some features may not work, or in some cases, website owners may deny you access to the website.

Start by using a spam filter. Most popular email service providers (e.g. Gmail, Hotmail, Yahoo, etc.) use a pretty strong spam filter by default, but none of them are perfect, so it is important to help the filter work properly by marking junk mail that does make it to your Inbox as spam. It's also worth checking the "Spam" or "Junk mail" folder from time to time to make sure that no regular (non-spam) messages have ended up there.

You may also want to use two separate email addresses. One for personal correspondence and one for online purchases, newsletter subscriptions and other services. In addition, it is important not to display your email address on social media sites or other websites.

If a website asks for your email address, check their privacy policy to assess what purpose they will use your information for. Some service providers may share or sell your information.

Finally, unsubscribe from unsolicited messages. Most email service providers now offer a separate option to unsubscribe from newsletters.

Scammers usually write on behalf of a well-known organisation or company (e.g. utility provider, bank, credit card provider, police, post office, other service providers), but they may also pose as distant millionaires, legal representatives of unknown relatives or other individuals. Often they try to get you to act immediately, otherwise you will face some kind of "negative consequence" (e.g. "update your details immediately" or "your account will be locked shortly if you do not log in").
Examples include:

  • Suspicious activity has been detected on one of your user accounts, quickly update/confirm your details via the link provided before the account falls into unauthorised hands
  • Update your billing details for a service, otherwise it will be immediately blocked.
  • Police action has been taken, respond immediately to the email address provided or a wanted or arrest warrant will be issued.
  • Immediately pay any charges associated with a package in transit, or it will be returned or withheld.
  • Payment of the attached (unknown) invoice has expired, the service will be blocked soon
    You may receive an inheritance, free product, other unexpected cash.

Most often, you have to click on some link in these emails, which then takes you to a fake login, payment or virus page. The text of the link may often appear to be genuine, but hovering the cursor over it reveals that it actually leads to a suspicious website.

These emails, or fraudulent websites, are often visually indistinguishable from the original companies, using logos and colour palettes. Be careful, because good looks do not mean reliability!

It is worth checking the sender's email address. Legitimate organisations will typically not send a message with a public domain (e.g. @gmail.com) sender ending. If the domain name (the part after the @ symbol) matches the apparent sender of the email, the message is most likely from the sender, whereas if you see a gmail or other unidentifiable domain, you should be cautious. Fake websites also have suspicious domains, often not matching the name of the organisation. There may be small mistakes or extra letters in the email address, so be aware of these too!

Phishing emails can also come from hacked accounts of our own correspondents. Check if this is how your friend would actually phrase it, if they would ask you to do something like this, ask about the message in another channel or on a call.

In the past, phishing emails were very common, with a lot of spelling mistakes, but nowadays more and more of them are written in a plausible way. The form of address in these letters is almost always generic, with the recipient not being identified by name in the body of the letter (e.g. "Dear Customer" or "Dear User").

The most important thing is to avoid opening unsolicited messages from unknown sources whenever possible. If you do, do not click on the link in the message.

Email spam filters can keep many phishing emails out of your inbox, but scammers will always try to get around these filters. It is important to protect your devices with a constantly updated antivirus software and to always update the operating system of your devices and the browsers you use. It is recommended that you use two-factor authentication for your different user accounts where possible, so that fraudsters cannot gain access to your internet bank account, for example, in the event of a password leak. We also recommend that you make a backup of the data on your devices to an external hard drive or to the cloud.

In case of Hungarian relevance (domain ending in ".hu" or phishing text in Hungarian), please report the incident to HunCERT using our incident reporting form. In the case of a webpage, please send the full URL, and in the case of an email, please send the full header of the message. The full header of emails is not visible by default and the method of viewing it varies between the different mail clients. Please consult the related knowledge base item.

To report foreign phishing websites, we recommend the website of the European Phishing Initiative or Google's related reporting page.

A VPN allows your device to connect to the internet through an encrypted channel, giving you a freer and safer online experience.

A VPN:

  • helps you to keep your data (e.g. passwords, credit card details, etc.) more secure, which is particularly important when connecting to public WIFI networks (e.g. cafes, restaurants, shopping centres, etc.).
  • by hiding the IP address, prevents our ISP or other 3rd parties from tracking our online activity, hiding our browsing history. It ensures online anonymity.
  • hides your geographical location, so you can access blocked or region-specific content (e.g., for streaming service providers, movies only available in a specific country).
  • provides a secure, private connection to company resources when working remotely.
  • helps to get better prices for online bookings, as providers always perceive you as a new visitor. Otherwise, some service providers (especially for example: airline ticket purchasing, accommodation booking, car rental) may increase prices on subsequent return visits.

Using VPNs nowadays does not require a high level of technical knowledge and there are many applications and system-specific instructions available online. For a general overview, we recommend the guide on pcmag.

  1. Choose strong passwords of appropriate complexity that you change frequently.
  2. Keep your computer's operating system and other installed software up to date. (Updates often fix security bugs)
  3. Use an antivirus software.
  4. Keep your firewall turned on.
  5. Watch out for phishing and other fraudulent messages and web content.
  6. Back up your data.