Tuesday 4 August 2020, Safety Guide

Scam using the travel voucher


Fraudsters pretend to be employees of the Ministry of Development and try to extort money and personal data using the Polish Tourist Voucher.

According to the police and the Social Insurance Institution (ZUS), fraudsters call with an offer of a few days’ stay in good hotel, as a part of the “special offer for a vacation voucher”, the victim is to have 3 days of stay for free, for the extra 4 days an additional payment of several hundred zlotys should be made. Fraudsters also try to obtain information about the victim’s personal data. For verification, they ask for PESEL and ID card numbers.

ZUS reminds that the official travel voucher is only available in an electronic version and can only be activated on the ZUS Elec

Thursday 30 July 2020, Safety Guide

Hacker attack on Garmin


As a result of a hacker attack, the production line and synchronization of Garmin watches and bans were stopped.
Device owners are not able to see their workouts and other device parameters. Garmin Connect is down now for several hours, as a result of which users of smart devices cannot send their data for synchronization.

According to the information provided on the company’s social media, the website and Garmin Connect app are down, call centers are also not working, it is also impossible to contact the company’s employees via email or chat.

According to the Taiwanese ITHome website, the WastedLocker ransomware is the culprit here, which was installed by hackers from Evil Corp group on Garmin’s servers. Garmi


SMS scam is already quite common, we have written more than once about it - how fraudsters impersonate courier companies or mobile providers. This time, in addition to wiping money from the account, the fraudsters also took out a loan of 16,000 PLN on behalf of the victim, and malware was probably included in the SMS.

According to the portal legalniewsieci, the victim received an SMS from a “courier” regarding a surcharge for the parcel due to an overweight. The victim then clicked on the link provided in the message, from which it was redirected to a fraudulent PayU website, where an error appeared after selecting the ING Bank Śląski bank and entering the login details. The operation was interrupted and the victim received a text message from the


Despite the fact that since the introduction of PlayProtect in the Google Play Store the amount of malware has significantly decreased, experts from PREBYTES Security Incident Response Team have detected dangerous Cerberus malware in one of the applications.

It was the Best Cleaner app that required permissions to access photos, multimedia, make calls or access files on the phone during installation. If the consent was not given, the application could not be used.

Clicking the “Start Cleanup” button in the application initiated the attack. The application required the installation of an additional plug-in, for this purpose, the option to allow installation of apps from unknown sources had to be enabled in the device setti


You can find advertising “Biedronka: Take everything you want in 10 minutes” on Biedronka Polska profile. Both the profile and the post have nothing to do with the Biedronka store chain.

According to Dobre Programy, many people have been deceived by the advertising slogan above.
Post includes a link, where the victim is asked to complete a Google survey, which allegedly represents the first stage of the competition. Following the first stage the qualification for next stage is supposed to take place.

In the second stage, the victim learns that, in fact, it is no longer a contest for “Take everything you want in 10 minutes” but instead a 500 PLN voucher. In order to participate in the competition, you must pro

Thursday 9 July 2020, Safety Guide

Scammers utilize Allegro brand


Cybercriminals are trying to extort money by impersonating Allegro, the victim may also lose login credentials for the portal.

According to the Zaufana Trzecia Strona, the victim receives a message informing that the account needs to be verified and for this purpose the account should be activated using the online payment in the amount of PLN 1.01. In addition, the recipient of the message is assured that the entire amount will be returned to the account within 3 business days, once the registration data has been verified. According to the Zaufana Trzecia Strona, the sender is admin@allegro4.pl, and the amount of  PLN 1.01 is based on the amount used in the actual Allegro account activation process.

The activation li

Monday 6 July 2020, Safety Guide

Data theft utilizing Allegro


Allegro portal was once again used by cybercriminals, this time scammers send messages posing for those sent out by Allegro.
Potential victims are owners of Android phones that receive text messages that redirect to allegroapki.net. The goal is to trigger a download of Cerberus family malware application.

According to CERT, after installing the malware, cybercriminals have access to contacts, text messages and saved payment data stored on the phone.


Cybercriminals have launched a new phishing campaign that uses Facebook’s brand. Fraudsters mislead Facebook users by tricking them into opening an alleged updated privacy policy.

The potential victims are intimidated by a warning that unless they accept updated policy, their account will be suspended and then irrevocably deleted.

According to CERT Poland, the goal of the fake emails is to download Anubis malware to android. After installation, cybercriminals have full access to contacts, text messages, saved payment details and make phone calls on the infected device.


Beware of fake phone bills, cybercriminals are impersonating Play’s mobile network, once again.
Fraudsters send “invoices” with a phone bill, the message includes an Excel file, that once activated, installs Zloader malware on the device.

According to CERT Poland, Zloader will then attempt to install the Zeus banking Trojan on the device. Trojan can steal credentials used for your online banking.

The content of the message should raise suspicion in the person that receives it, due to the fact that it does not contain Polish characters, as well as the fact that customers of Play network can find their invoices in the client’s panel on the website or in the application.

Thursday 18 June 2020, Safety Guide

Scammers are impersonating InPost


Scammers are attempting to trick people into installing malicious application by impersonating InPost. If you receive an SMS in which 0 appears instead of “o” in the InPost name, beware of fraud.

Fraudulent SMS are signed as “INP0ST” and suggest that we will not receive a package collection code without downloading a new application.

According to Niebezpiecznik, after activating the link we are transferred to the page where users are prompted to download the application in order to receive a package collection code. We receive information that after downloading the app, we will automatically receive a text message on the device. In fact, we’re being tricked into downloading malicious .apk file.



Decathlon sport goods store reported a leak of data related to customer orders.
Cybercriminals have managed to generate a report on store’s activities in the February 23rd - April 24th period, as a result of which they were able to intercept customer’s phone numbers along with order numbers and pickup codes.

According to the portal Niebiezpiecznik, Decathlon sent an email to victims with apologies and extensive information about the leak.

According to Decathlon, the report did not include the client’s name, surname or address. The entire incident was reported to the President of the Office for Personal Data Protection. However, the store itself plans to implement additional security measures in their IT system.


Facebook announces the start of identity verification of popular profiles, and those whose owners cannot be verified will be blocked.

According to Cyberdefence24, this will mainly concern profiles that have reported some patterns of suspicious behavior, i.e. submitting content that quickly spreads across the site. The purpose of this is to detect people or groups running a propaganda campaign.

Account owners that refuse to verify or their identity will not coincide with their profile will be blocked or their post’s reach will be severely limited.

Currently, the verification will apply only to residents of the United States. This is related to this year’s presidential election and the goal is to


British airline EasyJet has become a victim of cyber criminals, resulting in data leak of over 9 million customers.

Hackers managed to intercept email addresses along with details of their travels. For 2,200 customers, hackers were also able to intercept credit card numbers.

Customers whose data has been stolen are to be informed immediately. According to EasyJet, there is currently no evidence that the captured data was used.

The airline reported the incident to the authorities and the National Center for Cyber Security. Meanwhile customers are to be sensitive to emails signed with EasyJet or EasyJet Holidays.


Cybercriminals organized a phishing campaign targeted at clients of two mobile networks. CERT Poland warns against fraudsters impersonating Play and Orange.

Scammers send emails with an attachment that is supposed to be the invoice for mobile services. The message itself contains a summary of the invoice, i.e. the invoice number, date of issue and invoice payment date. Cybercriminals have not forgotten to provide the correspondence address, and in the case of an invoice from Play they included a note, which the victim can use to manually check the authenticity of the invoice in the Play application.

The attachment is in .xlsm format and contains the well-known DanaBot banking Trojan, which is then used to steal funds from the


Beware of fake SMS from the sender Pogodynka, which are sent to owners of mobiles phones all over Poland. An SMS informs you that you have purchased a costly weather alarm service.

According to the portal Niebiezpiecznik, the sender of the SMS threatens with a high fee for the subscription and informs about the possibility of canceling it.

SMS content:
“WEATHER service has been activated! Every day you will receive 1 SMS with weather for the next day. The cost is PLN 30.77 / SMS. To opt out go to www.p***damateo.net?r=Y9N”

In fact, the goal is to get the recipient to cancel the alleged subscription in order to gain access to online banking.