Skip to main content


If you learn that your password has been leaked, you should follow these steps to keep your data safe:

  1. Change your password!
    Change the leaked password immediately to a strong password that is not similar to the leaked one.
  2. Log out on your devices!
    Log out of all devices where you are logged into your account.
  3. Set up multi-factor authentication!
    Use biometric identification and/or authentication apps for enhanced security.
  4. Monitor our bank account!
    In particular, if financial data passwords have been leaked, check transactions regularly and freeze the card if necessary.
  5. Inform your friends and colleagues!
    Inform those who may be affected by the leak of your password, especially those responsible for IT security at work.

In line with GDPR, cookies that are not strictly necessary for the essential functionality of a website should only be activated if the end-user has given his or her explicit consent to their use, knowing the specific purpose of the data collection.  

In most cases, the acceptance of cookies on a website will not have negative consequences, but it is worth reading the related notice carefully to be aware of exactly which kind of cookies are used by the website and for what purpose, so that only those that are truly necessary are accepted (e.g.: basic cookies, recommended cookies, marketing cookies, etc.) 

Accepting cookies is not recommended in the following cases:

  • unencrypted websites (where the padlock icon next to the web address in the search bar is not locked), or any other suspicious websites that look like a scam
  • third-party cookies
  • cookies flagged as suspicious by an antivirus software
  • if you‘re sharing personal data on the website (e.g. bank details, ID number, etc.)

Browsers have the option to disable certain types of cookies or even all cookies in general, but it is important to keep in mind that disabling all cookies can greatly affect your browsing experience.

The first and most important thing to remember is that, as frustrating as it can be, it's best to change your password regularly.
 A good password:

  • contains no meaningful words, even in a foreign language
  • does not contain any information about us, whether words or numbers
  • is of appropriate length (usually at least 8 characters)
  • contains a mixture of upper and lower case letters, special characters and numbers
  • is easy to remember
  • does not contain accented characters (which may not be available everywhere)
  • is specific to each system

In order to avoid having a password that is an impossible to remember gibberish, it may be optimal to start with a motto. Choose a phrase that is easy for you to remember, either a line of poetry or another slogan e.g. If we shadows have offended. The first letters of the sentence form the basis of our slogan: iwsho. If you add capital letters, memorable numbers and special characters along some logic, you get a password that meets the above requirements: iwS_hO53.

Under no circumstances should you choose a password that:

  • is specific to you (nickname, family member or pet name, favourite football team, etc.)
  • easy to guess (a sequence of numbers like 1234 or a sequence of characters like qwerty)
  • is too short (2-5 characters long), if it has any length at all ("just hit enter and you're in!")
  • contains characters that may not always be available (e.g. accented characters)
  • is a known word in any language
  • can only be remembered if you write it down somewhere

Never use the same password for multiple systems or services!

Since the essence of a brute-force attack is to try to crack your passwords and other identifiers by trying all the combinations that exist, the most effective defense is to change them frequently and choose passwords of sufficient complexity that can take several years to crack.

If you choose to decline the use of cookies, you may not get the full user experience on the website. Some features may not work, or in some cases, website owners may deny you access to the website.

Start by using a spam filter. Most popular email service providers (e.g. Gmail, Hotmail, Yahoo, etc.) use a pretty strong spam filter by default, but none of them are perfect, so it is important to help the filter work properly by marking junk mail that does make it to your Inbox as spam. It's also worth checking the "Spam" or "Junk mail" folder from time to time to make sure that no regular (non-spam) messages have ended up there.

You may also want to use two separate email addresses. One for personal correspondence and one for online purchases, newsletter subscriptions and other services. In addition, it is important not to display your email address on social media sites or other websites.

If a website asks for your email address, check their privacy policy to assess what purpose they will use your information for. Some service providers may share or sell your information.

Finally, unsubscribe from unsolicited messages. Most email service providers now offer a separate option to unsubscribe from newsletters.

Scammers usually write on behalf of a well-known organisation or company (e.g. utility provider, bank, credit card provider, police, post office, other service providers), but they may also pose as distant millionaires, legal representatives of unknown relatives or other individuals. They often try to get you to act immediately, otherwise you face some kind of "negative consequence". For example:

  • Suspicious activity has been detected on one of your user accounts, quickly update/confirm your details via the link provided before the account falls into unauthorised hands.
  • Update your billing details for a service or it will be immediately blocked.
  • Police action has been taken, respond immediately to the email address provided or an arrest warrant will be issued.
  • Immediately pay the fee for a package in transit, otherwise it will be returned or withheld.
  • The payment of the attached (unknown) invoice has expired, the service will be blocked soon
  • You may receive a gift, free product, other unexpected cash.

Most often, these emails require you to click on a link that will take you to a fake login, payment or some other virus containing page.

It is always worth checking the sender's email address. Legitimate organisations will typically not send a message from a public domain (e.g. If the domain name (the part after the @ symbol) matches the apparent sender of the email, the message is most likely from the sender, whereas if you see a gmail or some other unidentifiable domain, you should be cautious. Fake websites also have suspicious domains, often not matching the name of the organisation.

In the past, phishing emails contained a lot of spelling mistakes, but nowadays there are more and more letters with convincing language. The salutation is almost always generic in these letters, and the recipient is not identified by name in the body of the letter.

The most important thing is to avoid opening unsolicited messages from unknown sources whenever possible. If you do, do not click on the link in the message.

Email spam filters can keep many phishing emails out of your inbox, but scammers will always try to get around these filters. It is important to protect your devices with a constantly updated antivirus software and to always update the operating system of your devices and the browsers you use. It is recommended that you use two-factor authentication for your different user accounts where possible, so that fraudsters cannot gain access to your internet bank account, for example, in the event of a password leak. We also recommend that you make a backup of the data on your devices to an external hard drive or to the cloud.

In case of Hungarian relevance (domain ending in ".hu" or phishing text in Hungarian), please report the incident to HunCERT using our incident reporting form. In the case of a webpage, please send the full URL, and in the case of an email, please send the full header of the message. The full header of emails is not visible by default and the method of viewing it varies between the different mail clients. Please consult the related knowledge base item.

To report foreign phishing websites, we recommend the website of the European Phishing Initiative or Google's related reporting page.

A VPN allows your device to connect to the internet through an encrypted channel, giving you a freer and safer online experience.


  • helps you to keep your data (e.g. passwords, credit card details, etc.) more secure, which is particularly important when connecting to public WIFI networks (e.g. cafes, restaurants, shopping centres, etc.).
  • by hiding the IP address, prevents our ISP or other 3rd parties from tracking our online activity, hiding our browsing history. It ensures online anonymity.
  • hides your geographical location, so you can access blocked or region-specific content (e.g., for streaming service providers, movies only available in a specific country).
  • provides a secure, private connection to company resources when working remotely.
  • helps to get better prices for online bookings, as providers always perceive you as a new visitor. Otherwise, some service providers (especially for example: airline ticket purchasing, accommodation booking, car rental) may increase prices on subsequent return visits.

Using VPNs nowadays does not require a high level of technical knowledge and there are many applications and system-specific instructions available online. For a general overview, we recommend the guide on pcmag.

  1. Choose strong passwords of appropriate complexity that you change frequently.
  2. Keep your computer's operating system and other installed software up to date. (Updates often fix security bugs)
  3. Use an antivirus software.
  4. Keep your firewall turned on.
  5. Watch out for phishing and other fraudulent messages and web content.
  6. Back up your data.