CERT Poland warns people who have not yet settled their accounts with the tax authorities about a modified software for filling in the PIT declaration - E-pity.

Cybercriminals have modified the E-pity software and embedded in it an additional module from the Zloader family. Accessing the epity2020[.]pl domain is associated with an attempt to install banker type malware which targets online banking. According to CERT the malware contains fabricated schemas for multiple Polish banks.

According to CERT Poland, after visiting the site from an Android device, an attempt is made to instal an application containing malicious code on the platform - malware from the Cerberus family.
The “password for archive” bit on the E

Leak of personal data does not necessarily have to be associated with the activities of hackers. According to Sekurak people who migrated the training platform system or were testing the new environment were responsible for the data leak.

The data leakage concerns prosecutors, judges and court staff. Leaked records contain personal data, phone numbers, email addresses, places of residence and encrypted passwords.

As Sekurak portal emphasizes, the situation is dangerous because it is also possible to exclude leakage of PESEL identification numbers. It should also be taken into account that many people use the same login and password for multiple systems.

Cybercriminals hacked Italian provider of email services - Email.it. The data leak affected more than 600,000 people, and the offer for the data from the last two years was listed on the dark web. However, the data offered for sale only includes persons who have used the free version of Email.it.

The group that stole the data presents themselves as NN Hacking Group has provided the evidence of the attack on Twitter. According to Cyberdefence24, the data that was put up for sale includes 44 collections, valued at $22,000. The scope of the stolen data includes account usernames, passwords, content of the email messages and attachments, as well as phone numbers associated with the service, SMSes and faxes broadcasted from them.

Recently, we wrote to you about the Zoom video conferencing sending telemetry data of users to the Facebook servers. Despite the fact that the application has been updated and the error has been corrected, security experts once again have reservations about this software.

First of all, conversations in the application are not covered by controlled encryption. In addition, Zoom installs a hidden network server on computers of Mac users, which remains on the device even after the software has been uninstalled. This involves the risk that a third party may turn on the camera remotely on your computer without permission.

The application is criticized for its user tracking function, a significant number of hacked conference calls

The Marriott hotel chain has fallen victim to hackers who broke into the company’s internal network, which resulted in a customer data leak. The data leak affects 52 million customers. Hackers also managed to obtain logins and passwords belonging to two Marriott employees.

As reported by Marriott International, leaked data includes:
-    Customer contact details such as personal data, email address and phone number, employment status, gender, date of birth,
-    Information about participation in the loyalty program,
-    Data related to hotel room reservation like length of stay, type of room.

At present, there is no confirmation whet

Recently, we wrote to you about the return of the “courier” fraud, this time scammers are trying to pull people waiting for the package with so called “disinfection”.

Experts from CyberRescue warn against fake text messages informing about the need to pay extra charges for disinfection of the package, which should then be delivered to the sender.

Link included in the SMS allows you to make the necessary payment. Typically, in this case, cyber criminals want to intercept the victim’s online banking credentials.
As you can see, the “coronavirus” fraud appears more often, so you should be on guard.

The fraudsters have decided to once again utilize the coronavirus situation, this time using the known “courier” scam.

During the pandemic, the number of purchases over the internet increased significantly, which the fraudsters decided to utilize by sending an SMS asking for payment of the shipping charges.

According to the portal Wirtualna Polska, in the message we can read that due to OHS procedures in the transhipment center, the shipping cost increased by about PLN 2. The SMS also includes a link that redirects users to the fake payment page. The goal is probably obvious to everyone at this point, fraudsters want to intercept online banking credentials.

The email boxes of Internet users receive messages about the possibility of blocking their allegro.pl accounts. The reason for such blocking is to be an unpaid payment.

The email also includes information on the amount with which the person is in arrears and the threat of recovery if the amount is not paid.

Original message content:
“To date, we have not recorded the settlement of your commitment. A deposit of 1.98 must be paid to prevent account suspension. If the payment is not settled - your debt will be taken over by debt collection.”

Cybercriminals have spoofed the original address of the service, which may diminish the vigilance of the victim. However, please

We have recently described to you attempts of phishing online banking data or theft of password to social media accounts utilizing the ongoing coronavirus pandemic.

The Trusted Third Party described the next attack scenario with coronavirus in the background. This time you can receive a text message from the “Ministry of Health”.

From the message we learn that every citizen is entitled to nutritional support in connection with the current coronavirus pandemic. To obtain such support you must click on the provided hyperlink https://mzgov.net

Link leads to a fake website of the Ministry of Health, where you can read the following message:
"Nutritional s

Cybercriminals prey on the coronavirus-related pandemic, they steal login credentials for social media and valuable information from electronic devices.

CERT Orange Polska warns against fake websites that are supposed to inform about the current situation related to SARS-CoV-2. In fact, instead of the latest epidemic data, login credentials will be stolen.

The pages imitates a typical news site, cybercriminals encourage users to log in using their Facebook accounts, followed by a redirection to a fake website where their account logins and passwords are stolen.
It could also be expected that in near future there will be “coronavirus” related phishing attempts to steal login credentials for online banking.

Cybercriminals have targeted customers of PKO BP in their latest phishing campaign.

According to CERT, potential victims receive an email with confirmation of the transaction. The subject of the message is “Copy of payment” and the email originates from info@mantrabe.com. The message contains Polish characters.
The victim, surprised to receive an email with a transaction that was not made recently, will probably open the attachment included in the message. In fact, it’s a malicious script that installs GuLoader family malware, which then downloads the AgentTesla Trojan.

Trojan’s task is to steal the login credentials for the bank account of the customer and then to clear the account.

Niebezpiecznik warns of malicious ads that impersonate the Millenium Bank. Ads are displayed on Facebook and inform users that the bank offers money to anyone with a valid account. The amounts offered are within a range of a few hundred PLN, such as 700 or 900.

This is an textbook example of a phishing attempt, after activating the link a website is displayed, where the victim is informed about the amount to be transferred. For this purpose, the victim must provide, for example, PESEL identification number or one time passcode, which will be sent in a text message.

Extortion of money or data through such means is nothing new, but this type of fraud is still a very big threat to less aware users.


&

Clients of Bestcena.pl were receiving confirmation of deposit payment instead of a proof of purchase. Shop’s customers could find out about the indefinite loan terms from the several dozen-page terms of service, but who reads them carefully, right? In addition, the store did not inform its client about this fact in a clear and transparent manner. It can therefore be concluded that the store was misleading the customer.

The listing did not show “rent” but “order”. Price listed on the product page was in fact a deposit fee. In addition, as stated in terms of service, the buyer of a given device for the period of rent could not sell the it or interfere with it in any way.

The store tempted

ZUS clients receive emails with information about incorrectly paid contributions. The Social Insurance Institution (ZUS) reminds that it does not send information on contribution settlements by e-mail to its clients.

According to ZUS, false correspondence is sent from following email addresses:
kancelaria.zus@wp.pl, zus-skladki@wp.pl, zus._kontakt@wp.pl, ZUS@gov.pl zus_info@wp.pl
The phishing campaign is targeting sensitive data such as number of the issued ID card or PESEL, as well as data for internet banking.

ZUS warns not to open such messages, much less to reply to them or open attachments included in correspondence.

Security experts from CERT warn of the increased number of phishing campaigns. The goal is to steal your electronic banking login credentials or install malware on your phone.

These are mainly SMS messages concerning surcharges for shipments from InPost, Polish Post and DHL or another campaign with SMS surcharges in OtoMoto website. In the case of OtoMoto users received text messages within minutes from posting classified.

One of the most recent campaigns is related to the tax settlement, where fraudsters impersonate the Tax Office. However, the most popular phishing campaign is the one informing users about surcharges for a shipment. Personalized text messages are also becoming more popular. By default, s