Lost24

Scammers have managed to carry out a SIM Swap attack by obtaining SIM card number from the victim’s phone number. According to Polsat News, fraudsters hijacked victim’s online bank accounts and took out PLN 370,000 from them.


While talking on the phone, the connection was interrupted and the victim’s attempts to remove and insert the SIM card did not work. The victim visited the mobile network’s provided salon, where the SIM card was replaced with a new one. However, at this point the victim should have blocked the bank accounts as soon as possible, but was unaware of becoming a victim of a SIM Swap attack.


How did they manage to carry out the SIM Swap attack?
New SIM card was obtained by impersonating the vi

Lost24

Fraudsters advertise themselves on regional Facebook groups like “Ads Warsaw”, tempting people with sales of electronics at very attractive prices, such as iPhone 7 for PLN 13.


CERT Poland warns against fraudulent electronics on websites posing for Allegro Lokalnie. The equipment put up for auction is listed at very attractive prices. After clicking the “Buy now” button, the victim is redirected to a fake electronic banking panel. Cybercriminals obtain such data as PESEL identification number or mother’s maiden name.


According to the CERT, the target of the attack are owners of accounts in Millenium, mBank, Pekao, PKO and ING banks.



Tuesday 8 September 2020, Safety Guide

Phishing targeting Netflix users

Lost24

Recently, messages have been sent out in which fraudsters impersonate the Netflix platform. In the message we are informed that we need to update our billing details.


The message is confusingly similar to the Netflix notifications about payment problems, the blue and red color theme is preserved, as well as the structure of the notification. However, an attentive person will notice the wrong credit card number and expiry date.


After clicking on a link included in the email, the victim is redirected to a fake Netflix login page. The scammer’s goal is to capture as many Netflix login credentials as possible to then sell them on the black market. In addition, fraudsters try to obtain a sizable set of data, including first and

Lost24

mBank has had a serious mishap, as a result of which a group of clients could gain partial access to accounts of other users and browse their transaction history.


According to the Niebezpiecznik prota, existing mBank customers had their phone numbers changed and new clients have started to receive authentication messages intended for different users. Moreover, when logging in to the mobile app, new users could access the account history of different users, but with their own personal data.


Turns out that when setting up a new account in the branch, the bank’s system did not create new records but instead overwritten the existing ones. According to the portal, the error was probably related to comparing ID numbers, which the

Lost24

Cybercriminals have launched a new phishing campaign targeting customers of the courier company InPost.
Fraudsters send text messages in which the company name InPost is displayed in the sender’s field, but the name is spelled with 0 - “INP0ST”. The message contains information that the parcel which was “ordered” by the receiver was placed in a parcel locker, however, in order to obtain the collection code, an application must be downloaded.


According to ESET experts, the link in the message leads to a page containing the  phrase “inpost” or “in-post” and visually imitating the Google Play Store. If the person decides to download the application, they are asked to install a file from the unknown source. In fact, the v

Thursday 20 August 2020, Safety Guide

McDonald’s employee data leak

Lost24

Personal data of thousands of Polish employees of McDonald’s restaurant chain have been leaked online.


According to Niebezpiecznik, the leak was attributed to 24/7 Communication, the agency responsible for handling digital graphics for the employees of the popular fast food chain. The leak occurs as a result of files being placed in a publicly available, rather than a restricted folder. As a result, data of McDonald’s restaurant employees from the last five years was available to the public in the period from January 2019 to July 2020.


The data affected by the leak are: surnames and first names along with information related to employment, as well as PESEL or passport numbers.

Monday 17 August 2020, Safety Guide

Avon data leak

Lost24

There was a data breach from Avon Products, 19 million customer data records fell into the wrong hands.
As a result of the attack, some of the IT systems were disabled and company’s operations were disrupted.


Despite Avon’s reassuring announcements that credit card information should not be in possession of the cybercriminals, experts from SafetyDetectives believe that this is not the end of the company’s problems.
According to the AVLab, which cites SafetyDEtectives, the leak contained multiple logs that can be used to attack Avon Products customers and its IT infrastructure. The database contained personal and technical information, including: customer names and surnames with phone numbers, dates of birth, addresses o

Lost24

Fraudster has obtained data by listening to police communications channels during the control of people undergoing quarantine.


First he obtained data such as names, surnames and residential addresses, he then knocked on the door of these people claiming to be an employee of the Department of Health and Safety. He informed that he had to take a swab for coronavirus testing, in addition, the victim was to fill in the form, providing the PESEL number and the ID number.


Data obtained through the scam can be used to defraud the loan. According to Gazeta Wyborcza, citing data from the Polish Bank Association, a total of 5,100 loan extortion attempts amounting to over PLN 280 million were initiated in 2019.
In the

Tuesday 4 August 2020, Safety Guide

Scam using the travel voucher

Lost24

Fraudsters pretend to be employees of the Ministry of Development and try to extort money and personal data using the Polish Tourist Voucher.


According to the police and the Social Insurance Institution (ZUS), fraudsters call with an offer of a few days’ stay in good hotel, as a part of the “special offer for a vacation voucher”, the victim is to have 3 days of stay for free, for the extra 4 days an additional payment of several hundred zlotys should be made. Fraudsters also try to obtain information about the victim’s personal data. For verification, they ask for PESEL and ID card numbers.


ZUS reminds that the official travel voucher is only available in an electronic version and can only be activated on the ZUS Elec

Thursday 30 July 2020, Safety Guide

Hacker attack on Garmin

Lost24

As a result of a hacker attack, the production line and synchronization of Garmin watches and bans were stopped.
Device owners are not able to see their workouts and other device parameters. Garmin Connect is down now for several hours, as a result of which users of smart devices cannot send their data for synchronization.


According to the information provided on the company’s social media, the website and Garmin Connect app are down, call centers are also not working, it is also impossible to contact the company’s employees via email or chat.


According to the Taiwanese ITHome website, the WastedLocker ransomware is the culprit here, which was installed by hackers from Evil Corp group on Garmin’s servers. Garmi

Lost24

SMS scam is already quite common, we have written more than once about it - how fraudsters impersonate courier companies or mobile providers. This time, in addition to wiping money from the account, the fraudsters also took out a loan of 16,000 PLN on behalf of the victim, and malware was probably included in the SMS.


According to the portal legalniewsieci, the victim received an SMS from a “courier” regarding a surcharge for the parcel due to an overweight. The victim then clicked on the link provided in the message, from which it was redirected to a fraudulent PayU website, where an error appeared after selecting the ING Bank Śląski bank and entering the login details. The operation was interrupted and the victim received a text message from the

Lost24

Despite the fact that since the introduction of PlayProtect in the Google Play Store the amount of malware has significantly decreased, experts from PREBYTES Security Incident Response Team have detected dangerous Cerberus malware in one of the applications.


It was the Best Cleaner app that required permissions to access photos, multimedia, make calls or access files on the phone during installation. If the consent was not given, the application could not be used.


Clicking the “Start Cleanup” button in the application initiated the attack. The application required the installation of an additional plug-in, for this purpose, the option to allow installation of apps from unknown sources had to be enabled in the device setti

Lost24

You can find advertising “Biedronka: Take everything you want in 10 minutes” on Biedronka Polska profile. Both the profile and the post have nothing to do with the Biedronka store chain.


According to Dobre Programy, many people have been deceived by the advertising slogan above.
Post includes a link, where the victim is asked to complete a Google survey, which allegedly represents the first stage of the competition. Following the first stage the qualification for next stage is supposed to take place.


In the second stage, the victim learns that, in fact, it is no longer a contest for “Take everything you want in 10 minutes” but instead a 500 PLN voucher. In order to participate in the competition, you must pro

Thursday 9 July 2020, Safety Guide

Scammers utilize Allegro brand

Lost24

Cybercriminals are trying to extort money by impersonating Allegro, the victim may also lose login credentials for the portal.


According to the Zaufana Trzecia Strona, the victim receives a message informing that the account needs to be verified and for this purpose the account should be activated using the online payment in the amount of PLN 1.01. In addition, the recipient of the message is assured that the entire amount will be returned to the account within 3 business days, once the registration data has been verified. According to the Zaufana Trzecia Strona, the sender is admin@allegro4.pl, and the amount of  PLN 1.01 is based on the amount used in the actual Allegro account activation process.


The activation li

Monday 6 July 2020, Safety Guide

Data theft utilizing Allegro

Lost24

Allegro portal was once again used by cybercriminals, this time scammers send messages posing for those sent out by Allegro.
Potential victims are owners of Android phones that receive text messages that redirect to allegroapki.net. The goal is to trigger a download of Cerberus family malware application.


According to CERT, after installing the malware, cybercriminals have access to contacts, text messages and saved payment data stored on the phone.