Wednesday 21 October 2020, Safety Guide

Fake apps in the Play Store


More than 200 fake applications in the Google Play Store were detected by experts from the White Ops Satori Threat and Research Team. The number of downloads is quite large and amounts to 14 million.

As experts inform, the applications were mainly copies of retro games or Nintendo NES emulators.

People who downloaded fake applications were flooded with out-of-context (OOC) ads. All rogue applications that were categorized under RAINBOWMIX group were removed from the Play Store. The creators of the fake applications have managed to place them in the Play Store thanks to the low detection rate by using the so-called packers. According to the dobrepragramy website, thanks to the use of a packer, part of the downloaded content re


Experts from CERT Poland warn against fraud related to the advertisement posted on Facebook, suggesting the possibility of getting money by updating the PKO BP application. The advertisement is not related to the official bank’s activity, and its purpose is to steal money from the victim’s bank account.

According to CERT Poland, the person that decides to download the alleged update is actually downloading malware from the Alien family related to Cerberus. The purpose of the software is to steal your online banking login details, and this to withdraw funds from the account.

At the moment, it is not known whether the fraudsters only targeted the PKO BP bank in their advertising or created similar fake advertising campaigns


PKO BP’s customers fell victim to a phishing attack. Fraudsters want to obtain login details for online banking on the pretext of activating a new online security system. The recipients of the message are informed that if they fail to update, their accounts may become inactive.

In the Bank’s announcement, PKO BP warns against clicking on a link that redirects potential victims to a fraudulent website resembling a website belonging to the Bank. As the Bank warns, clicking on the link and providing login details may result in loss of money and control over the account.

If any of you have fallen victim to this fraud, please contact your bank as soon as possible.

Monday 5 October 2020, Safety Guide

Cheap contract scam


The cheap contract scam has returned, but in a different form. Previous variant of this scam was focused on extorting personal data from older people, where the fraudster claimed to be an employee of Telekomunikacja Polska.

This time, the potential victims receive a robocall that informs them about the end of the contract. The dobreprogramy portal quotes the content of the recording “your phone contract is about to end, if you want to pay less for the subscription, press 1 to talk to a consultant, if not press 2”.

According to the portal, if you press 2, you will be redirected to an international call and incur considerable costs.
The portal gives a list of numbers that are better not be answered: 734818156, 7348

Wednesday 30 September 2020, Safety Guide

New type of scam - internet grandkid


Policemen from the cybercrime division warn against new fraud based on “internet grandkid”. The main targets are people using social networks and online banking.

As the police explain, fraud is based on the use of social engineering and time pressure.
In the first step, fraudsters send out offers of financial intermediation or investment services via social networks, and taking up the offer is to “bring” big benefits. After clicking on the advertisement, the victim is redirected to the login page of the fictitious company, for the application to pass successfully, the victim must pay any amount of mone


Data Viper’s report reveals that cybercriminals have taken interest in one of the most popular online games in the world - “Fortnite”.

Cybercriminals use automated systems to analyze the databases from various leaks towards the possibility of breaking into the “Fortnite” player’s account. Cybercriminals are able to analyze 500 accounts in one second.
The game makes its money on microtransactions for trading virtual items. Criminals are able to earn up to PLN 150,000 a week by trading stolen e-items.

It is very difficult to detect the perpetrators of thefts, as they create a network of fake connections and transactions are carried out using cryptocurrencies.


If in May 2019 you were shopping in the online store, your data may have leaked.
According to the Niebezpiecznik portal, the data of some of the customers of the shop with erotic gadgets and aphrodisiacs have been stolen.

A piece of the data is available online, according to the portal, the file weighs only 58 kilobytes and contains data from 200 orders. However, each record contains data such as: name and surname, email address, data and order ID, along with a description of the products ordered.

The store’s customers are unable to check if they have been affected because the file is not indexed in search engines.
Niebezpiecznik has confirmed that the customer data is real, and the persons


Scammers have managed to carry out a SIM Swap attack by obtaining SIM card number from the victim’s phone number. According to Polsat News, fraudsters hijacked victim’s online bank accounts and took out PLN 370,000 from them.

While talking on the phone, the connection was interrupted and the victim’s attempts to remove and insert the SIM card did not work. The victim visited the mobile network’s provided salon, where the SIM card was replaced with a new one. However, at this point the victim should have blocked the bank accounts as soon as possible, but was unaware of becoming a victim of a SIM Swap attack.

How did they manage to carry out the SIM Swap attack?
New SIM card was obtained by impersonating the vi


Fraudsters advertise themselves on regional Facebook groups like “Ads Warsaw”, tempting people with sales of electronics at very attractive prices, such as iPhone 7 for PLN 13.

CERT Poland warns against fraudulent electronics on websites posing for Allegro Lokalnie. The equipment put up for auction is listed at very attractive prices. After clicking the “Buy now” button, the victim is redirected to a fake electronic banking panel. Cybercriminals obtain such data as PESEL identification number or mother’s maiden name.

According to the CERT, the target of the attack are owners of accounts in Millenium, mBank, Pekao, PKO and ING banks.

Tuesday 8 September 2020, Safety Guide

Phishing targeting Netflix users


Recently, messages have been sent out in which fraudsters impersonate the Netflix platform. In the message we are informed that we need to update our billing details.

The message is confusingly similar to the Netflix notifications about payment problems, the blue and red color theme is preserved, as well as the structure of the notification. However, an attentive person will notice the wrong credit card number and expiry date.

After clicking on a link included in the email, the victim is redirected to a fake Netflix login page. The scammer’s goal is to capture as many Netflix login credentials as possible to then sell them on the black market. In addition, fraudsters try to obtain a sizable set of data, including first and


mBank has had a serious mishap, as a result of which a group of clients could gain partial access to accounts of other users and browse their transaction history.

According to the Niebezpiecznik prota, existing mBank customers had their phone numbers changed and new clients have started to receive authentication messages intended for different users. Moreover, when logging in to the mobile app, new users could access the account history of different users, but with their own personal data.

Turns out that when setting up a new account in the branch, the bank’s system did not create new records but instead overwritten the existing ones. According to the portal, the error was probably related to comparing ID numbers, which the


Cybercriminals have launched a new phishing campaign targeting customers of the courier company InPost.
Fraudsters send text messages in which the company name InPost is displayed in the sender’s field, but the name is spelled with 0 - “INP0ST”. The message contains information that the parcel which was “ordered” by the receiver was placed in a parcel locker, however, in order to obtain the collection code, an application must be downloaded.

According to ESET experts, the link in the message leads to a page containing the  phrase “inpost” or “in-post” and visually imitating the Google Play Store. If the person decides to download the application, they are asked to install a file from the unknown source. In fact, the v

Thursday 20 August 2020, Safety Guide

McDonald’s employee data leak


Personal data of thousands of Polish employees of McDonald’s restaurant chain have been leaked online.

According to Niebezpiecznik, the leak was attributed to 24/7 Communication, the agency responsible for handling digital graphics for the employees of the popular fast food chain. The leak occurs as a result of files being placed in a publicly available, rather than a restricted folder. As a result, data of McDonald’s restaurant employees from the last five years was available to the public in the period from January 2019 to July 2020.

The data affected by the leak are: surnames and first names along with information related to employment, as well as PESEL or passport numbers.

Monday 17 August 2020, Safety Guide

Avon data leak


There was a data breach from Avon Products, 19 million customer data records fell into the wrong hands.
As a result of the attack, some of the IT systems were disabled and company’s operations were disrupted.

Despite Avon’s reassuring announcements that credit card information should not be in possession of the cybercriminals, experts from SafetyDetectives believe that this is not the end of the company’s problems.
According to the AVLab, which cites SafetyDEtectives, the leak contained multiple logs that can be used to attack Avon Products customers and its IT infrastructure. The database contained personal and technical information, including: customer names and surnames with phone numbers, dates of birth, addresses o


Fraudster has obtained data by listening to police communications channels during the control of people undergoing quarantine.

First he obtained data such as names, surnames and residential addresses, he then knocked on the door of these people claiming to be an employee of the Department of Health and Safety. He informed that he had to take a swab for coronavirus testing, in addition, the victim was to fill in the form, providing the PESEL number and the ID number.

Data obtained through the scam can be used to defraud the loan. According to Gazeta Wyborcza, citing data from the Polish Bank Association, a total of 5,100 loan extortion attempts amounting to over PLN 280 million were initiated in 2019.
In the