security in your finances

  • discover how to protect your personal and financial data
  • learn how to protect yourself from online threats
  • watch for telltale signs
  • be careful
Internet scams, fraud and hacking have been on the rise recently, so it’s important to be vigilant when banking online. At K&H Group, we do our best to protect you from online fraud and help you find your way in the digital space.

what to do if you fall victim to fraud?

report any incident straight away

1. report any incident straight away

if you suspect that someone has gained access to

  • your personal or bank account details,
  • your internet or mobile banking account,
  • your bank card or CVC codes,

take immediate action!

  • report the incident promptly to the Bank at K&H TeleCenter (+36 1/20/30/70 335 3355), which you can do round-the-clock
  • report the case to the local police station
  • don’t hesitate even if you are not absolutely sure about a fraud having taken place.
block the bank card and/or the bank account

2. block the bank card and/or the bank account

if you notice that a transaction you don’t recognise has been initiated from your bank account or that unauthorised persons have accessed your bank card or bank account details, promptly report the case to TeleCenter so that they can take steps to block your bank cards, as well as access to your bank account (including your phone number) in order to minimise losses and prevent further fraud. At the same time, you can apply for a replacement card

If you wish to block your bank card for any other reason, you have the following options:

  • notify the bank of your request to block your card via K&H TeleCenter (+36 1/20/30/70 335 3355)
  • log in to K&H e-bank, where you will find the option to block your card under cards/accounts
  • under Products/Cards in K&H mobile bank, select the card you wish to block, then select Block Card under Card Safety
  • in person in any of our branches
run checks

3. run checks

use lawful software on all your devices

  • check that you do not have any remote access programs on your computer or phone that allow fraudsters to gain access. If you find any, uninstall them and change the passwords of all applications you have used from that device.
  • if you find an unknown piece of software on your device, immediately delete it and change all the passwords you have used on that device, such as the passwords of e-mail and social media accounts.
reactivate your accounts and cards

4. reactivate your accounts and cards

please, visit your nearest branch, and reactivate your accounts and cards with the help of our advisors.

monitor bank transactions

5. monitor bank transactions

  • regularly monitor transactions and money movements on your bank account to detect suspicious activity.
  • do not allow unauthorised transactions to go unnoticed, report them to the Bank promptly.
data phishing information

what is phishing?

what is phishing?phishing is a subset of fraud, one of the biggest online threats today, and one that almost everyone is exposed to. As its name suggests, phishing is an attack aimed at obtaining our data. Quite a few attacks can be prevented by technical means, however, without your involvement, technical means are worth very little. We, at K&H, do our best to protect your money and your data, but one of the key components of that protection is YOU.

& why would it be good for the attacker to get my data?

  • they can easily get your money, take out a loan or make a purchase on your behalf using your bank card, bank account or authorisation details. With your passwords, they can access your mail, your social media profiles and the applications you use, or even create a fake online persona, post in your name, and, in the worst case, sell your data on darkweb... and that’s just the tip of the iceberg.

& why is phishing so widespread?

  • data phishing does not require deep technical knowledge.

& how does phishing work?

  • when phishing, hackers use psychological manipulation to get your data. You may receive a tempting, attention-grabbing offer or one that promises high profits, or, to the contrary, an intimidating or threatening message, aimed at getting as much of your data as possible.

& via what channels can they contact me?

  • you may receive phishing messages through virtually any online channel or by phone. In Hungary, phishing e-mails are the most common forms; however, phone and SMS phishing attacks are also becoming more usual. There are also phishing attempts via chat applications or even social media sites. Any channel where the attacker does not need to be present in person is suitable for phishing.

phishing by phone

one of the most common phishing techniques is for unauthorised persons to try and obtain the bank card details and certain identification data of customers from a phone number that appears to be real, often pretending to be representatives of another bank. It can also happen that they call ‘on behalf’ of another bank and then, once they identify the person as a K&H customer, they ‘transfer’ the call to a K&H ‘staff member’ or immediately redial the customer again, posing as a staff member of K&H.

phone spoofing

caller ID spoofing is a special technique that allows fraudsters to modify the caller ID that is displayed on the phone’s screen (for example, to a K&H phone number), hiding the identity of the real caller. In other words, when you receive such a call, the display will not show the real caller’s phone number, but another number that often looks familiar, such as the bank’s phone number. This increases the credibility of the fraudsters and helps them deceive victims. A familiar phone number may appear less suspicious, making it more likely that they can trick victims into providing the information they want.

how to protect yourself from phone fraudsters

  • pick up unexpected phone calls with caution and suspicion
  • urgency is unusual and suspicious: think carefully about what the callers are asking from you
  • never share your personal or financial information, the bank will not ask for such information over the phone
  • do not believe that the phone number displayed is the Bank’s real customer service number, look up the real phone number on the Bank’s official website
  • don’t trust everyone: fraudsters can easily get your basic information from social media profiles - don’t believe the caller just because they know some of your personal details
  • never install a software that someone asks you to install over the phone, this is often how scammers take control of your device
  • do not transfer money when requested by phone, the bank will never request a financial transaction over the phone
  • if you become suspicious during a phone call, end the call immediately, call K&H TeleCenter using one of the central contact numbers, and report your suspicion
  • similarly to a bank administrator, you can also ask the caller to prove that he or she is a K&H Bank employee

phishing by e-mail

They typically take the form of letters written in incorrect Hungarian, with typing and spelling mistakes, which

  • make an offer that’s impossible to refuse (e.g. a top category smartphone for free),
  • are attention-grabbing (e.g. you inherited USD 5 million)
  • sometimes threaten you with some negative consequences or sanctions (e.g. if you do not log in, your account will be blocked)

The text of the link in the letter is not related to the content of the letter (e.g. the link in the letter sent on behalf of K&H does not point to kh.hu, but to a completely different page).

what to do in order to avoid becoming a victim of phishing

  • handle unsolicited e-mails with care and caution
  • the more urgent the tone of the letter, the more suspicious it should be
  • be especially careful if a ‘banking’ e-mail asks for confidential information, such as your online banking password, as real banks never ask for such information by e-mail
  • do not click on links in the e-mail or open attachments
  • always check the link! The easiest way to do this is to hover your mouse cursor over the link. DO NOT click on it, just look at the link in the window or in the bottom left corner of your browser.
  • look out for oddities, spelling mistakes, an urgent tone or unusual formatting, as such errors can be telltale signs of fake e-mails
  • look for differences between the real and fake e-mail addresses, look carefully at the e-mail address because even a small difference can indicate fraud
  • phishing e-mails are harder to spot on mobile devices, so simply do not reply to suspicious e-mails
  • if you receive a phishing letter written on behalf of K&H, please forward it as explained in the section ‘what to do if you suspect a phishing attempt’, otherwise delete it promptly

phishing through text (SMS) messages

Anna sees through scammers' text messages due to their nature, these messages typically contain a short, attention-grabbing narrative message and a link (e.g. your package no. 111111111 has been sent). Text messages, like telephone calls, can also come from a phone number that appears to be real. In any case, be suspicious if you receive a text message with content you were not expecting (e.g. if you have not ordered anything and you are still informed about the arrival of a package). To check the link, hold your finger on the link for some time, and you will see the link to which the message actually points. If the text of the link is not related to the content of the message (e.g. the link in the text message is sent on behalf of K&H, and it does not point to kh.hu but to a completely different page), you are almost certainly the target of a phishing attack.

how to protect yourself from fake bank text (SMS) messages

  • do not click on unknown SMS links, attachments or images without verifying the identity of the sender
  • always look up the number online or check the bank’s website to see if the number matches
  • do not let urgent messages influence your decisions
  • never reply to SMS messages asking for your PIN code, online banking password or other security IDs
  • delete the text message, and if the attack is performed under the name of K&H, please notify us

information to keep in mind at all times

  • K&H Bank will never ask its customers to log in to K&H e-bank by clicking on a link from an e-mail or text (SMS) message.
  • We will never ask for confidential information (e.g. customer ID, ePIN, mPIN, password, 3DSecure text (SMS) message confirmation code) or phone number via e-mail or text message.
  • The address of the official K&H Group website always starts exactly as follows: https://www.kh.hu
  • To ascertain that the e-banking site is genuine, check the green padlock at the beginning of the search bar and check that the site address starts with https://www.kh.hu/ebank, or,
    if you are logging in using a mobile token or text (SMS) message, https://ebank.sso.kh.hu/
  • K&H Bank will never, in any form, request remote access to your devices or ask you to install any applications. Please, note that if you allow remote access to anyone (e.g. by installing the AnyDesk application) to your computer or mobile device, they may have access to the confidential data you store on the device (about yourself or your business) and see everything you do, including your activities on the electronic banking platform.

what to do if you suspect a phishing attempt

  • immediately contact our colleagues through K&H TeleCenter (+36 1/20/30/70 335 3355) in case you find any unusual or questionable setting in your e-bank, under “settings / device management”, or in connection with your registered device or transaction history
  • if you receive a message in your mailbox that instructs you to log into the K&H e-bank or mobile bank, contact our colleagues through the email address informationsecurity@kh.hu so that we can investigate the issue. Please send us the suspicious message as an attachment. In one of the most popular email software, you can do this as follows: after opening the message, click the three vertically aligned dots on the right side, download the message, and then click the paper clip icon to attach the downloaded file (which has an .eml extension) to the message to be sent to us.

Dear Customers,

We would like to inform you that in cases of fraud related to non-cash payment instruments (e.g. credit/debit cards, online banking, mobile banking application), liability will be investigated. We are not liable for damages if the investigation concurs that gross negligence by the customer contributed to the damage. Final judgement on the issue of gross negligence can be made by a court of law.

further reading

Why use a password manager

why use a password manager?

2023. augusztus 29. - one above all. Tips, so that you never have to click on password reminders anymore.

what is ransomware?

what is ransomware?

2023. szeptember 04. - it can happen at the worst moment. It is very annoying - but you need to keep calm!

personal data still kept under the pillow

personal data still kept under the pillow

2023. augusztus 30. - & You, do you know how to protect your data and remain safe from attacks of cybercriminals

it’s convenient, but…

it’s convenient, but…

2023. november 18. - … it can be dangerous. Take care when you are wireless.