Lost24

Fraudsters posing for the Polish Energy Group try to intercept your online banking credentials. Experts from CyberRescue warn against fake SMSs from “PGE”.


In the text of the SMS, the victim is informed about the need to pay the amount due via the page to which the link is provided. If the amount due is not paid, the power will be cut. In fact, the link leads to a fake quick payment service, where the victim submits his / her data directly into the hands of the scammers.


Be careful and do not click hastily on the links, by entering your data you risk losing funds from your account.


Thursday 14 January 2021, Safety Guide

Joker Trojan in the Google Play Store

Lost24

A new version of the Joker Trojan, known as Android Joker, has appeared. People who install an application for downloading wallpapers, i.e. Stock Wallpaper, unknowingly download malware on their device.


The purpose of the Trojan is to gain access to messages and, in the next step, to subscribe victim to paid subscriptions. The victim is not able to see the SMS sent and received via the application. The victim learns about the paid subscriptions when they receive their monthly statement from the network operator.


According to experts from Dr. Web the new variant of the Trojan can be used to download and execute arbitrary code, thus it is possible to install a banking Trojan.



Tuesday 12 January 2021, Safety Guide

Fraudsters are using the IKEA brand

Lost24

IKEA has issued a message warning of fraudsters pretending to be their brand in an attempt to persuade them to act so that they lose money.


IKEA warns against attempts to extort personal data or other forms of fraud, i.e. by persuading people to send Premium SMS messages or participate in lotteries, surveys and other forms of competition. Fraudsters send out messages by email or via social networks informing about the possibility of winning coupons and other IKEA-related prizes.


IKEA emphasizes that all competitions are always published on the IKEA.pl website or on official IKEA profiles on social networks.
Customers are asked not to send any SMS to confirm participation in the competition, as they may be a

Lost24

A new phishing campaign targeting people who are waiting for a message from the health department regarding the quarantine.


Cybercriminals try to trick smartphone users into installing malicious application. According to Niebezpiecznik, scammers send text messages in which they inform them about being sent to home quarantine.


Text of the SMS: “You have been selected for home quarantine. Download the application to check the next visit by the police https://kwarantanna-domowa(.)com/.”


Niebezpiecznik warns against opening the hyperlink attached to the message, which leads to a website imitating Google Play Store app marketplace. The recipient of the message is prompted to download the “Home Qua

Wednesday 30 December 2020, Safety Guide

Fraudsters are impersonating InPost

Lost24

The pre-holiday period is associated with increased shopping, which has been used by cybercriminals. CERT Poland warns against fraudsters pretending to be the InPost shipping company.


Scammers send text messages prompting users to download an app from a fake InPost website. The link included with the message leads to a fraudulent Google Play Store website.


In fact, the victim downloads Cerberus malware, which enables them to steal funds from payment cards and take complete control of the device.

According to CERT Poland, the malicious domain in the received text message is inposted[.].com. Meanwhile, the sender of the message is “ACM”.


If you have received a suspicious SMS, it

Lost24

Fraudsters send SMS messages to fake payment forms, which are supposed to let users receive money for the goods purchased on the OLX classifieds website.


One of the readers of the dobreprogramy portal has been informed about a suspicious SMS message, which informed about the sale of goods using the OLX website and that if the seller wants to receive the amount due to him, he must use the attached link.
Content of the message: “Your goods are sold using the OLX website. The amount to be collected is PLN 1200: cutt.ly/GhxygVH”. If the portal’s reader would have decided to “collect money” and have found a fabricated form asking for the payment card or online banking login details, he would have an unpleasant surprise due to the loss of m

Tuesday 15 December 2020, Safety Guide

Insurance policies leaked

Lost24

Data of customers with insurance policies concluded with various companies were available online without any additional security. The leak concerned policies within a period of 5 years from May 2015 to November 2020.


According to the Niebezpiecznik porta, the leak included names, PESEL identification numbers, photos of vehicles, tests of health insured persons, and even electronic versions of policies with the entire data package.


The data concerned clients insured through Ent Broker. According to Niebezpiecznik, dozens of directories with documents concerning the company were publicly available on the server, along with a customer policy folder, which contained 555 subdirectories, each of them related to one customer.

Lost24

Fraudsters send SMS messages to fake payment forms, which are supposed to let users receive money for the goods purchased on the OLX classifieds website.


One of the readers of the dobreprogramy portal has been informed about a suspicious SMS message, which informed about the sale of goods using the OLX website and that if the seller wants to receive the amount due to him, he must use the attached link.


Content of the message: “Your goods are sold using the OLX website. The amount to be collected is PLN 1200: cutt.ly/GhxygVH”. If the portal’s reader would have decided to “collect money” and have found a fabricated form asking for the payment card or online banking login details, he would have an unpleasant surprise d

Tuesday 8 December 2020, Safety Guide

Cybercriminals attack on CoffeeDesk

Lost24

Cybercriminals attacked one of the largest Polish online stores, CoffeDesk, selling coffee along with accessories.


As a result of the attack on IT systems, some of the store’s services were unavailable. In the store’s press release, we can read that third parties have gained access to the store’s server as well as the data located on it. CoffeeDesk ensures that user data is neither lost nor exported. The store ensures its customers that payment card details have not been tampered with. However, the store recommends that all its customers change their password for online store, as well as email, online banking and social media.


On the CoffeDesk website, information has been posted that customer login data have been deact

Lost24

PKO BP Bank has issued a warning message in which it warns against fraudsters posing as the bank’s employees. Under the pretext of security reasons, scammers trick potential victims into submitting confidential data to online banking and installing a remote verification application.


PKO BP Bank reminds its clients that during a phone call bank employees do not ask for passwords to any of its services, i.e. online, mobile, phone and they do not ask to install additional software from the Google Play Store, such as TeamViewer, QuickSupport, AnyDesk, which claim to increase the level of security of operations or access to the website.


Remember that the fraudulent data can be used for unauthorized transactions on your bank acco

Monday 23 November 2020, Safety Guide

Data leak from the upacjenta.pl website

Lost24

The upacjenta.pl website, which offers medical services at home, has informed about a hack into their information and communications services, specifically access to the database of the RIOT Agency, which is the service provider.


As a result of the hack patient data was leaked, such as: personal data along with PESEL identification number, information on health (diseases, test results), contact details.


Customers have been informed about the risk of data theft, and the owners of the website conduct activities together with the Office for Personal Data Protection. However, it was not stated how many records were intercepted by cybercriminals.



Lost24

Experts from CERT Poland warn against a campaign organized by fraudsters who want to obtain login details to the Allegro portal.


The scam concerns the attractive sale offers for iPhone X on Facebook social network. The cost of the phone is one thousand PLN.


The scammers explain such an attractive price as the last item in stock.
The link in the ad leads to a website that visually resembles the Allegro platform. The person who will try to log in on the fake portal page will provide the credentials to fraudsters. 



Lost24

Experts from CERT Poland warn PKO BP’s clients against a campaign in which cybercriminals try to obtain login details for online banking.


The bank’s customers receive emails with information about the account being blocked. In order to restore access to the account, the victim has to click on the link included in the message, which leads to the fake website of the PKO BP bank.


According to CERT, the potential victim is asked to log into his account, in fact, the data is transferred to cybercriminals. In the next step, the fraudsters will try to intercept an SMS code from the victim in order to change the transfer authorization number.


The entire campaign is conducted in such a way tha

Lost24

Experts from CERT Poland warn against scammers pretending to be InPost. Fraudsters send messages in which they inform them about the required payment, surcharges for a parcel that is already “waiting” in a parcel locker. In fact, scammers want to extort login details for online banking from potential victims.


According to CERT Poland, fraudsters also use the image of the eCard company through a specially fabricated payment form. If the victim enters their bank login details on the form, they will unknowingly pass them directly into the hands of cybercriminals. A potential victim should be concerned about a redirect to .uno and .life domains, which are in no way related to InPost.


According to CERT Poland, the above mentio

Lost24

Apps dedicated to children that ran on Android devices stole data.


According to the experts from TechCrunch, Google has removed three well-known applications with more than 20 million downloads from the Google Play Store - Princess Salon, Number Coloring Cats & Cosplay.
Google has removed these applications after analyzing a report compiled by the IDAC organization.


Apps collected Android ID data and personalized advertising identification (AAID) data.
According to the portal dobreprogramy, when information from Android ID and AAID are processed simultaneously, Google’s security mechanisms can be bypassed.