Do not login to the computer as an administrator, unless it is necessary. Malware can cause enormous damage on the administrator's account. Login to your computer as a common user.

An antivirus program is fundamental, no discussion. An antivirus program can detect malware but also software applications which appear legitimate, but contain a harmful code. If the antivirus program informs you that the website is infected, do not ever open it. Always observe the instructions of the antivirus software.

Update antivirus software. A non-updated antivirus program will not protect your sufficiently, as it is not able to detect new types of viruses which are created every day and are more and more sophisticated.

Check your computer regularly by running the antivirus program. We recommend checking all contents of your computer at regular intervals (e.g. once a week). Checks may also be automatic.

Do not download contents from the Internet illegally.Attackers love using attractive films or music which they disseminate for free via the online storage services. And they often add a virus to the package.

Use only a legal version of the operation system. Legally acquired software is, besides other things, provided with updates supplied directly by the producer. Non-updated software is not able to prevent attacks of new viruses, nor is it able to protect sensitive data.

The certificate is the key to the bank. It must be protected in the same way as the keys to your flat or car.

Use the certificate only on the computer you know. If you have to use a computer you do not know, use anonymous browsing (the browser does not store any data about you to the history), one-time browsing (link to Help?), or after you log out from the internet banking, delete the history of browsing.

Set a strong password for your certificate. The password should have at least 8 characters. It must not be a word that has any meaning Attackers decipher passwords using dictionaries and they are able to quickly decipher any word they may contain. You may increase the intensity of your password using numbers and other characters, such as punctuation or a combination of lower and upper case letters.

Back-up the certificate. Save your certificate as a file with the suffix *.p12 in safe storage, e.g. in a personal USB disk. Then delete the file from your computer. Never save your certificate to shared internet storage sites (e.g. www.ulozto.cz). Keep your USB in a safe place.

Never disclose your password and PIN. Never. To nobody. Neither bank, nor police or the closest family member has any right to know such data.

Do not record your password or PIN anywhere. If you write your password or PIN anywhere, you risk that somebody will find this note and misuse the data. The same error is to save the PIN and password to your mobile phone. Simply remember the PIN and all passwords and destroy all documents (the envelope with the assigned PIN).

You received an e‑mail with an attachment in PDF file format for downloading. Although the attachment sounds trustworthy, its extension is different. Beware! If a file masquerades as PDF, but it ends with the extension .exe, it may be malware!

What to do? Always pay attention to the extension of attachments. Do not open suspicious attachments and delete the e‑mail.

Attackers know what people like. New music, films, games, handy software applications, and preferably immediately and for free! This is what they offer to people and as a bonus they add a virus to the package.

What to do? To have the new Hollywood blockbuster absolutely for free and watch it today is very tempting, but nonetheless we recommend that you not to succumb and not to download illegal content.

On social networks we like to boast or complain about things, we insert photos of our kids, pets... in this manner we can give attackers valuable information about ourselves. Even here, the rule applies: Think twice, click once!

What to do? Never disclose sensitive data, such as passwords or PINs on social networks.
Be careful about who you add as your friends.
Protect your privacy and carefully set your profiles on all the social networks you use.

You have found a nice USB key pouch in the café. What do you do? If you immediately insert it into your notebook to examine it, you are making a grave mistake! Attackers try their luck and bet on human curiosity!

What to do? If you do not know the legitimate owner of the USB or CD, it's better not to insert it into your PC at all.

Attackers disguise e‑mails as official communications from a bank or other institution (governmental authorities, telephone service providers etc.). But mostly there is something wrong about them:

• The message may contain grammatical errors, and strange sentence structures. Bank and office employees, however, always stick to grammatical rules!
• The e‑mail contains a fabricated reason why you should immediately enter the number of your bank card or password to internet banking. However, banks do not under any circumstances request such data from you!

What to do? Do not fill in the data about the card, do not click and delete such an e‑mail immediately!

On social networks a "friend" can ask you for a small friendly loan which you can provide via your bank card. After you click the attached link, a website will open which will appear as a legitimate payment gate. Just enter your bank card data and that's all! Your bank card is in the hands of con artists!

Fraudulent payment gate

Secured payment gate

What to do? Never respond to similar requests.
Be careful about who you add as your friends.
Protect your privacy and carefully set your profiles on all the social networks that you use.
Generally, rely on verified payment gates only.

Various websites, typically websites of betting and gaming companies (e.g. SYNOTTIP, FORTUNA, BWIN), often include an attractive advertisement, such as: "Register your bank card and obtain super bonuses". Stay alert! Although the advertisement may look trustworthy, it is a typical example of phishing.

Sample of fraudulent website

What to do? Never enter any bank card data.