Postaj Ninja is popular among people who want to check the status of shipments ordered from AliExpress. However, the site could easily retrieve data on up to 800,000 shipments, which also included the name and the surname of the customer and the address to which the package is to be delivered. Tracking numbers were not randomly generated and were easy to predict.

One of the readers of the Trusted Third Party noticed a vulnerability in Postal Ninja, thanks to report from TTP it was quickly resolved. Speaking of speed, after reporting the gap, the TTP portal only had to wait three hours for Postal Ninja’s response. In their response, TTP ensured that the gap was patched within 24 hours. After removing the vulnerability, the status of the shipm


Cybercriminals are not idling by and in a span of few days have attacked Polish municipal offices in Lututów, Kościerzyna, as well as the Budzik clinic, which has also become a victim.

In the Lututów commune, data encompassing liabilities for municipal waste, water and rent were encrypted. The commune issued a statement in which it informed that in the case of payment of liabilities to the commune, it would not be possible to obtain the information on the amount of arrears. The cybercriminal demands a ransom of $6,000 for decrypting the data. The head of the commune has notified the police about the incident.

In the case of the Kościerzyna commune, the head of the commune has turned to CSIRT NASK and an external company f


Virtual New Year cards have become a phishing tools in the hands of fraudsters in order to obtain Facebook passwords.
Caution should be exercised due to the fact that we can also receive such “wishes” from our friends.

Dedicated sites can be found on the network for creating virtual cards. Entering the name in a specified field triggers the script that gains access to the victim’s Facebook account. If a takeover is successful the account begins to send out links to friends from the victim’s contact list.

If you use the same password as the one for Facebook on other websites, such as online banking or email, the situation becomes especially dangerous.

Source: Cyber Securi


Sensitive data of customers of Virgin Mobile’s cellular operator has been leaked from the database of one of its applications. Clients affected by the leak are receiving text messages informing them about the theft of personal data.

The leak occurred between 18th and 22nd of December and concerned customers using prepaid accounts. The stolen data includes full names as well as PESEL identification numbers. The operator announced the breach on December 25th.
The data of Virgin Mobile’s customers running monthly subscription plans is secure.

Virgin Mobile released a statement in which it informs that data leak concerned 12.5% of pre-paid customers registered with the company. Procedures preventing the use of subscr


Police department in Beringen, Belgium warns against incoming calls from Poland. The scammer is probably originating from Koszalin, as the prefix +48 94 points toward the town, and wants to force the victim to pay for the phone call.

The scenario is that the scammer calls once, the victim is shown an unanswered call and the scammer hopes that they will call back. According to the portal Next, the Belgian police warns not to return call and immediately block such a number. If the victim calls back, it is recommended to verify their account statement through an app or contact the mobile operator, as this connection can cost a lot.

People from Poland face similar problems, we have already warned you not to ca


Cybercriminals are again trying to extort money via a fake payment operator’s website. In this case, they used Google’s brand.
Experts from CERT Orange Poland have noticed increased traffic on the domain posing for a Google service. Cybercriminals are attempting to extort money under the guise of paying arrears on Google Play or Google Maps. The amount that is supposed to be paid is small and oscillates around PLN 1-2, the victim receives an SMS or an email about arrears.

The person that wants to settle the payment is redirected to a website posing for the payment operator’s site. Scammers hope that the victim will not double check the website address, enter the login and password for electronic banking and confirm the “transf

Thursday 19 December 2019, Safety Guide

SMSes sent out by phone on its own?


Expert from the portal Niebezpiecznik have received messages from their readers in which owners of phones running Android and iOS were concerned that their smartphone “sent out SMS’ to a strange Polish number”.
In this situation, you would expect they are premium SMS’ or a virus.

Niebezpiecznik reassures that the phone had not been hacked in this case.

If the phone sends an SMS to one of the following numbers:
732232988, 732232988, 732232986, 732232984, 732100230 with the text:
- Google is verifying phone # of this device Learn more: https://goo.gl/LHCS9W

It means that it is standard verification of the phone number listed under user


Polish branch of the BNP Paribas bank warns of a site impersonating their own website. The fraudsters have created a logotype that resembles bank’s official ones, and the name of the website suggests that it is associated with the BNP Paribas Bank.

In the statement bank explains that it has no association with paribagroup.com platform. The fraudsters have used bank’s image to extort money. On the site one could find offers related to currency exchange, high-risk investments, as well as an option to setup a dedicated account, where victims were to transfer their savings. Cybercriminals promised high profits, asked for scan of ID’s and installed an application that allowed them to take control of the device.

In the statem


Data Viper, a company dealing with monitoring threats, data leaks and cybersecurity breaches, announced the leak of 1.2 billion users that hit the black market, the so-called darknet.

The database contains 4 terabytes of data, which includes names, surnames, phone numbers as well as Facebook, Twitter and LinkedIn profiles.
It may seem that the leak is quite serious, however, the collected data comes from data scraping, i.e. technique for collecting information from public profiles that is shared by users themselves.

According to the Data Viper assessment, the data comes from two different companies dealing with expanding of personal data, i.e. having one information such as name and surname and su


The ai.type application with 40 million download has been identified as malware by Upstream experts.
The application modifies the appearance of the virtual keyboard, learns the user’s writing style and applies automatic spelling correction.

Malicious software sends users request for premium digital services. Upstream experts have noted that ai.type delivers millions of invisible ads, and one of the modules makes false clicks. In addition, the app uses authentic user data related to the displayed pages, clicks and purchases, and forwards the collected data to online advertising companies. It is estimated that the value of purchases of unwanted digital services generated through the ai.type application totals almost 19 million dollars


Cybercriminals have exploited the release of another Windows update to launch an attack.
According to the experts from Trustwave, Internet users receive emails in which they are informed about the need to install an important system update.

Email content: “Please install the latest critical update Microsoft attached to this email”

Attached to the message is a fabricated file with *.JPG extension, which is actually a script that launches the download of the Cyborg ransomware.
Ransomware encrypts data on the disk, thus forcing a ransom. The data decryption value is estimated at $500. 

Thursday 28 November 2019, Safety Guide

SMS phishing - “win” an iPhone 11


Cybercriminals have once again used Lidl and Auchan brands. Multiple users are receiving SMS phishing, where potential victims are informed about a lottery in which they can win iPhone 11.

According to CERT Orange Poland, if the victim decides to participate in the lottery, after four questions, 9 boxes appear, in which the prize should be hidden. When victims see the icon of iPhone 11 in one of the boxes, they are informed that they were selected for pre-release testing of the smartphone. There is only one step necessary to receive the phone - a bank transfer of 1-2 euros to cover ‘shipping cost’.

As experts from CERT warn, participation in the lottery can cost us all the savings from the bank account

Monday 25 November 2019, Safety Guide

Callback scam


Telephone fraud scam where fraudsters make money on inter-operator charges, is becoming more and more popular.

The scammers have gone so far as to pick their phone number, so that it looks like the call is originating from Polish area code, while in fact it is an international prefix. This is, of course, related to the appropriate charge for the connection. A person who will try to call back on such a phone number may be unpleasantly surprised once monthly bill arrives with charges of up tens of PLN.

Recently, the Office of Electronic Communications has warned against fraudster from Africa, such connections, with multiple connections in the Śląskie Voivodeship.



Santander Bank issued a mesage in which it warns of fraudsters impersonating various banks. Cybercriminals send SMS messages of various types.

The text message contains a link that directs users to the fake quick payment page. The content of the message may relate to:
-    Courier surcharge,
-    Bailiff payment, in which the victim is informed of a debt of several PLN,
-    Settling of fees on the auction site so that the listing does not disappear,
-    Information about blocked access to online banking.

The bank warns that one click on the provided link gives th


Cybercriminals try to fool Polish Post’s customers. They send text messages, in which they inform about changes in service fees, due to which an additional payment is required.

The surcharges are as small as PLN 1, so many people may try to make the payment in order to have their debt cleared.

The content of the SMS is as follows:
“In connection with the change in the service fees on 04.11.19, we inform that your parcel requires a surcharge of PLN 1.00 to continue the delivery. https://pp-sa.net/doplata”

The text message is signed as “Polish Post”, it is also listed under real messages from the company, if the victim received any in the past.