Kaspersky Lab experts warn of a new type of fraud, in which cybercriminals tell their victims that they should be compensated for data leak.

The potential victims are redirected to the Personal Data Protection Fund website, where they can check if their data has been leaked. For this purpose, the victim must provide their details such as name, surname, telephone number or social media account details. Then, a message appears that the above data has been leaked to the network, however, the victim can expect compensation of up to several thousand dollars. To obtain the compensation, the victim must provide a credit card number, as well as social security number (SSN). However, people outside of the USA may purchase a temporary insurance number.

If you are planning to spend your holidays in the Polish mountains, beware of false accommodation offers. Police warns that this practice is very common and only during the recent New Year’s Eve in Zakopane they have received several reports of frauds based on so called virtual accommodation.
Nevertheless, despite the fact that tourists are more cautious than in previous years, this type of fraud is reported almost on a daily basis.

Scammers place fraudulent ads on fake websites or auction sites with attractive pricing offers for accommodation in Zakopane and the surrounding area. Tourists should verify before paying for the offer, and the arrival, whether the guest house or cottage actually exists, and not just be guided by the bargain price

Postaj Ninja is popular among people who want to check the status of shipments ordered from AliExpress. However, the site could easily retrieve data on up to 800,000 shipments, which also included the name and the surname of the customer and the address to which the package is to be delivered. Tracking numbers were not randomly generated and were easy to predict.

One of the readers of the Trusted Third Party noticed a vulnerability in Postal Ninja, thanks to report from TTP it was quickly resolved. Speaking of speed, after reporting the gap, the TTP portal only had to wait three hours for Postal Ninja’s response. In their response, TTP ensured that the gap was patched within 24 hours. After removing the vulnerability, the status of the shipm

Cybercriminals are not idling by and in a span of few days have attacked Polish municipal offices in Lututów, Kościerzyna, as well as the Budzik clinic, which has also become a victim.

In the Lututów commune, data encompassing liabilities for municipal waste, water and rent were encrypted. The commune issued a statement in which it informed that in the case of payment of liabilities to the commune, it would not be possible to obtain the information on the amount of arrears. The cybercriminal demands a ransom of $6,000 for decrypting the data. The head of the commune has notified the police about the incident.

In the case of the Kościerzyna commune, the head of the commune has turned to CSIRT NASK and an external company f

Virtual New Year cards have become a phishing tools in the hands of fraudsters in order to obtain Facebook passwords.
Caution should be exercised due to the fact that we can also receive such “wishes” from our friends.

Dedicated sites can be found on the network for creating virtual cards. Entering the name in a specified field triggers the script that gains access to the victim’s Facebook account. If a takeover is successful the account begins to send out links to friends from the victim’s contact list.

If you use the same password as the one for Facebook on other websites, such as online banking or email, the situation becomes especially dangerous.

Source: Cyber Securi

Sensitive data of customers of Virgin Mobile’s cellular operator has been leaked from the database of one of its applications. Clients affected by the leak are receiving text messages informing them about the theft of personal data.

The leak occurred between 18th and 22nd of December and concerned customers using prepaid accounts. The stolen data includes full names as well as PESEL identification numbers. The operator announced the breach on December 25th.
The data of Virgin Mobile’s customers running monthly subscription plans is secure.

Virgin Mobile released a statement in which it informs that data leak concerned 12.5% of pre-paid customers registered with the company. Procedures preventing the use of subscr

Police department in Beringen, Belgium warns against incoming calls from Poland. The scammer is probably originating from Koszalin, as the prefix +48 94 points toward the town, and wants to force the victim to pay for the phone call.

The scenario is that the scammer calls once, the victim is shown an unanswered call and the scammer hopes that they will call back. According to the portal Next, the Belgian police warns not to return call and immediately block such a number. If the victim calls back, it is recommended to verify their account statement through an app or contact the mobile operator, as this connection can cost a lot.

People from Poland face similar problems, we have already warned you not to ca

Cybercriminals are again trying to extort money via a fake payment operator’s website. In this case, they used Google’s brand.
Experts from CERT Orange Poland have noticed increased traffic on the domain posing for a Google service. Cybercriminals are attempting to extort money under the guise of paying arrears on Google Play or Google Maps. The amount that is supposed to be paid is small and oscillates around PLN 1-2, the victim receives an SMS or an email about arrears.

The person that wants to settle the payment is redirected to a website posing for the payment operator’s site. Scammers hope that the victim will not double check the website address, enter the login and password for electronic banking and confirm the “transf

Expert from the portal Niebezpiecznik have received messages from their readers in which owners of phones running Android and iOS were concerned that their smartphone “sent out SMS’ to a strange Polish number”.
In this situation, you would expect they are premium SMS’ or a virus.

Niebezpiecznik reassures that the phone had not been hacked in this case.

If the phone sends an SMS to one of the following numbers:
732232988, 732232988, 732232986, 732232984, 732100230 with the text:
- Google is verifying phone # of this device Learn more: https://goo.gl/LHCS9W

It means that it is standard verification of the phone number listed under user�

Polish branch of the BNP Paribas bank warns of a site impersonating their own website. The fraudsters have created a logotype that resembles bank’s official ones, and the name of the website suggests that it is associated with the BNP Paribas Bank.

In the statement bank explains that it has no association with paribagroup.com platform. The fraudsters have used bank’s image to extort money. On the site one could find offers related to currency exchange, high-risk investments, as well as an option to setup a dedicated account, where victims were to transfer their savings. Cybercriminals promised high profits, asked for scan of ID’s and installed an application that allowed them to take control of the device.

In the statem

Data Viper, a company dealing with monitoring threats, data leaks and cybersecurity breaches, announced the leak of 1.2 billion users that hit the black market, the so-called darknet.

The database contains 4 terabytes of data, which includes names, surnames, phone numbers as well as Facebook, Twitter and LinkedIn profiles.
It may seem that the leak is quite serious, however, the collected data comes from data scraping, i.e. technique for collecting information from public profiles that is shared by users themselves.

According to the Data Viper assessment, the data comes from two different companies dealing with expanding of personal data, i.e. having one information such as name and surname and su

The ai.type application with 40 million download has been identified as malware by Upstream experts.
The application modifies the appearance of the virtual keyboard, learns the user’s writing style and applies automatic spelling correction.

Malicious software sends users request for premium digital services. Upstream experts have noted that ai.type delivers millions of invisible ads, and one of the modules makes false clicks. In addition, the app uses authentic user data related to the displayed pages, clicks and purchases, and forwards the collected data to online advertising companies. It is estimated that the value of purchases of unwanted digital services generated through the ai.type application totals almost 19 million dollars

Cybercriminals have exploited the release of another Windows update to launch an attack.
According to the experts from Trustwave, Internet users receive emails in which they are informed about the need to install an important system update.

Email content: “Please install the latest critical update Microsoft attached to this email”

Attached to the message is a fabricated file with *.JPG extension, which is actually a script that launches the download of the Cyborg ransomware.
Ransomware encrypts data on the disk, thus forcing a ransom. The data decryption value is estimated at $500. 

Cybercriminals have once again used Lidl and Auchan brands. Multiple users are receiving SMS phishing, where potential victims are informed about a lottery in which they can win iPhone 11.

According to CERT Orange Poland, if the victim decides to participate in the lottery, after four questions, 9 boxes appear, in which the prize should be hidden. When victims see the icon of iPhone 11 in one of the boxes, they are informed that they were selected for pre-release testing of the smartphone. There is only one step necessary to receive the phone - a bank transfer of 1-2 euros to cover ‘shipping cost’.

As experts from CERT warn, participation in the lottery can cost us all the savings from the bank account

Telephone fraud scam where fraudsters make money on inter-operator charges, is becoming more and more popular.

The scammers have gone so far as to pick their phone number, so that it looks like the call is originating from Polish area code, while in fact it is an international prefix. This is, of course, related to the appropriate charge for the connection. A person who will try to call back on such a phone number may be unpleasantly surprised once monthly bill arrives with charges of up tens of PLN.

Recently, the Office of Electronic Communications has warned against fraudster from Africa, such connections, with multiple connections in the Śląskie Voivodeship.

Area