Facebook announces the start of identity verification of popular profiles, and those whose owners cannot be verified will be blocked.

According to Cyberdefence24, this will mainly concern profiles that have reported some patterns of suspicious behavior, i.e. submitting content that quickly spreads across the site. The purpose of this is to detect people or groups running a propaganda campaign.

Account owners that refuse to verify or their identity will not coincide with their profile will be blocked or their post’s reach will be severely limited.

Currently, the verification will apply only to residents of the United States. This is related to this year’s presidential election and the goal is to


British airline EasyJet has become a victim of cyber criminals, resulting in data leak of over 9 million customers.

Hackers managed to intercept email addresses along with details of their travels. For 2,200 customers, hackers were also able to intercept credit card numbers.

Customers whose data has been stolen are to be informed immediately. According to EasyJet, there is currently no evidence that the captured data was used.

The airline reported the incident to the authorities and the National Center for Cyber Security. Meanwhile customers are to be sensitive to emails signed with EasyJet or EasyJet Holidays.


Cybercriminals organized a phishing campaign targeted at clients of two mobile networks. CERT Poland warns against fraudsters impersonating Play and Orange.

Scammers send emails with an attachment that is supposed to be the invoice for mobile services. The message itself contains a summary of the invoice, i.e. the invoice number, date of issue and invoice payment date. Cybercriminals have not forgotten to provide the correspondence address, and in the case of an invoice from Play they included a note, which the victim can use to manually check the authenticity of the invoice in the Play application.

The attachment is in .xlsm format and contains the well-known DanaBot banking Trojan, which is then used to steal funds from the


Beware of fake SMS from the sender Pogodynka, which are sent to owners of mobiles phones all over Poland. An SMS informs you that you have purchased a costly weather alarm service.

According to the portal Niebiezpiecznik, the sender of the SMS threatens with a high fee for the subscription and informs about the possibility of canceling it.

SMS content:
“WEATHER service has been activated! Every day you will receive 1 SMS with weather for the next day. The cost is PLN 30.77 / SMS. To opt out go to www.p***damateo.net?r=Y9N”

In fact, the goal is to get the recipient to cancel the alleged subscription in order to gain access to online banking.


A tempting offer for the Samsung Galaxy S20 flagship smartphone, which at a regular price costs almost PLN 4,000, has appeared online.

According to the Niebezpiecznik website, a Facebook post appeared online which claimed that there is a pricebug in Samsung online store, as a result of which the Galaxy S20 smartphone can be bought for 2 euros. In order to find this tempting offer, you had to enter the phrase SGAL2077B in Google.

The person who was tempted by the offer was directed to the fabricated website, in which the data had to be provided in a specially prepared form. The form concerned a lottery in which you could win a Samsung Galaxy S20 smartphone for 2 euros.

If someone did not read the te


The vulnerability discovered in Samsung security is quite serious, as it allows using the malicious MMS code to take control of the device. The victim does not even have to open the message, it is enough that it is delivered to the phone.

The hacker has the ability to read text messages, view photos, launch applications, also has access to contacts, microphone and conversation history.

According to Sekurak website, most probably every Samsung smartphone released after 2014 is affected by some variant of this vulnerability.

In May, Samsung released an update that removes this vulnerability but the update has not yet reached all smartphones. 


Warsaw University of Technology has informed that a data leak has occurred on the Remote Learning Center (OKNO), which may cause a breach of personal data.

Warsaw University of Technology recommends that persons using the platform should report the leak of personal details, mainly ID card number and PESEL identification number. It is recommended to file a credit block to the Credit Information Bureau (BIK), which guarantees that users will receive alerts if someone tries to obtain a loan using the stolen personal data.

The Trusted Third Party portal was the first to inform about the incident thanks to a tipper who sent a copy of the database from the OKNO platform. Data leak may affect up to 5,000 people.



Zippo.pl store fell victim to cybercriminals, the site stopped working, and its customer data fell into the wrong hands.

Cybercriminals managed to intercept data related to the credit card numbers used in Zippo.pl store along with CVV codes and used them to link them with Glovo and Uber applications, thus stealing from the shop’s customers.

Cybercriminals have also stolen clients’ personal data such as name, address and phone number.
According to the Niebezpiecznik portal, owners of the stolen credit cards can be calm, as unrecognized transactions can be undone. However, you should carefully track your credit card statements and in the event of an unrecognized transaction, please report it to your bank.


Fraudsters send text messages suggesting the possibility of receiving non-returnable cash in the amount of PLN 5,000 or 10,000 as part of the anti-crisis shield. In order to “receive” this amount, the potential victim is to confirm their details by making a small money transfer.

If the victims click on the link included in the SMS, they will be redirected to a fake PayU payment form to make a transfer of PLN 1, which is necessary to confirm the identity of the person. By default, scammers want to extort the electronic banking login credentials, but also attempt to obtain data such as PESEL identification number, the maiden name of the victim's mother - data which are necessary to verify the identity during a phone conversation with the bank's repres

Thursday 30 April 2020, Safety Guide

BLIK scam - mBank warns its clients


mBank warns its clients against fraudsters impersonating friends and bank employees. According to the bank, two types of scams have recently become quite popular, including a BLIK one.

In the first scenario, fraudsters impersonating a friend try to extort money under the pretext of paying overdue bills, for this they ask the victims for a BLIK code.

In another scenario, fraudsters posing for the bank’s employees attempt to “block” a transfer from the victim’s account to an unknown recipient. The scammers ask users to install the application so that the transfer is blocked and in order to do so they send the link to the application via an SMS. In addition, they inform the victims that if they do not complete the instal


The attractive rental price for the apartment and the time pressure can fool many. According to the Trusted Third Party one of its readers was scammed by the apartment rental listing on the OLX portal.

The vigilance of the victim was dormant, the alleged owner of the apartment was familiar with the location and was listing the nearby shops and bus lines to the victim. However, one thing that could raise doubts was the price, which was very attractive in comparison to regular prices in Warsaw.

The scammer without hesitation agreed to the reservation of the apartment in the form of a civil law contract, which he sent by email and also asked for a security deposit in the amount of a monthly rent - a transfer of PLN 1750 to an ac

Friday 24 April 2020, Safety Guide

Infected E-pity software variant


CERT Poland warns people who have not yet settled their accounts with the tax authorities about a modified software for filling in the PIT declaration - E-pity.

Cybercriminals have modified the E-pity software and embedded in it an additional module from the Zloader family. Accessing the epity2020[.]pl domain is associated with an attempt to install banker type malware which targets online banking. According to CERT the malware contains fabricated schemas for multiple Polish banks.

According to CERT Poland, after visiting the site from an Android device, an attempt is made to instal an application containing malicious code on the platform - malware from the Cerberus family.
The “password for archive” bit on the E


Leak of personal data does not necessarily have to be associated with the activities of hackers. According to Sekurak people who migrated the training platform system or were testing the new environment were responsible for the data leak.

The data leakage concerns prosecutors, judges and court staff. Leaked records contain personal data, phone numbers, email addresses, places of residence and encrypted passwords.

As Sekurak portal emphasizes, the situation is dangerous because it is also possible to exclude leakage of PESEL identification numbers. It should also be taken into account that many people use the same login and password for multiple systems.


Cybercriminals hacked Italian provider of email services - Email.it. The data leak affected more than 600,000 people, and the offer for the data from the last two years was listed on the dark web. However, the data offered for sale only includes persons who have used the free version of Email.it.

The group that stole the data presents themselves as NN Hacking Group has provided the evidence of the attack on Twitter. According to Cyberdefence24, the data that was put up for sale includes 44 collections, valued at $22,000. The scope of the stolen data includes account usernames, passwords, content of the email messages and attachments, as well as phone numbers associated with the service, SMSes and faxes broadcasted from them.


Recently, we wrote to you about the Zoom video conferencing sending telemetry data of users to the Facebook servers. Despite the fact that the application has been updated and the error has been corrected, security experts once again have reservations about this software.

First of all, conversations in the application are not covered by controlled encryption. In addition, Zoom installs a hidden network server on computers of Mac users, which remains on the device even after the software has been uninstalled. This involves the risk that a third party may turn on the camera remotely on your computer without permission.

The application is criticized for its user tracking function, a significant number of hacked conference calls