Policemen from the cybercrime division warn against new fraud based on “internet grandkid”. The main targets are people using social networks and online banking.

As the police explain, fraud is based on the use of social engineering and time pressure.

In the first step, fraudsters send out offers of financial intermediation or investment services via social networks, and taking up the offer is to “bring” big benefits. After clicking on the advertisement, the victim is redirected to the login page of the fictitious company, for the application to pass successfully, the victim must pay any amount of money. However, at this stage there are technical problems with the victim’s account management and in order to fix them

The latest “lost wallet” SMS campaign is designed not only to steal data from the phone, but also to access your bank account.
Fraudsters send an SMS in which they inform about the alleged finding of a wallet with money and documents.

Content of the SMS:
Hello, today I found a wallet with money and documents, there was this phone number inside. Here is a picture of your wallet, is that yours? https://cutt.ly/REzv2Pb

The scammer’s goal is for the potential victim to activate the link attached to the message which leads to the fake Adobe Flash Players website. In order to see the picture of the walled that was found, the victim must install the fake application. According to TECHNOSenior, inst

Two new types of scams have emerged, aimed at extorting money.

Cybercriminals have created a fake Google Play Store page that leads you to download a fake BLIK.apk application. According to the Computer Security Response Team of the Polish financial sector warns, the malware contained therein is able to steal online banking login details. Moreover, the BLIKmobile app does not exist.

The second type of fraud that the CSIRT of Financial Super

Fraudsters pretend to be a bank and try to extort money from bank accounts. In the text message sent, they inform about an attempt by the Ministry of Finance to take over funds from the account. The chance to save the money is a fraudulent “overnight deposit”.

According to the Computer Security Response Team of the Polish financial sector, fraudsters pretend to be the ING Poland bank. The text of the SMS sent by the fraudsters reads that due to an extraordinary order of the Minister of Finance on saving the economy, funds on the corporate checking and saving accounts will be nationalized in the amount of 30% of the balances. Savings

Fraudsters send emails to corporate addresses of Polish companies claiming to be Spirotech.
The content of the message prompts you to click on the image that imitates the typical attachment from Gmail. The message is sent from Jarosław Kowalczyk, an “employee” of Spirotech. However, the domain from which the message has been sent is angst-pflstar.com, at this time this should trigger a red flag.

The content of the message is as follows:
Please note the following inquiry received from the owners. We kindly ask you for a refund with a quote with 5% commission for our office and 30 days credit as payment terms. Your quote should include shipping costs, customs or other fees and a total cost estimate. Please also send the co

Clients of Bank Polskiej Społdzielczości (BPS) S.A. receive fraudulent messages with notices of received transfer.

According to CERT Poland, a link confirming the transfer is attached to the message. The fake message originated from the cobra-europa.eu domain, fraudsters inform in the message about the money transfer of over PLN 70,000 as well as inform who the sender of the transfer is.

According to Komputer Św

A fake version of WhatsApp – one of the most popular messenger apps – has been found on the web.
According to Kaspersky experts, the installation of the fake version of WhatsApp messenger on Android leads to device being infected with the Triada Trojan.

The application is listed under the name FMWhatsApp, after its installation, identifiers are collected from the device, which are then sent to a remote server, after which the Triada Trojan is installed.
The Trojan is able to subscribe the victim to premium services or install addition modules that allow the injection of additional malicious code.

According to

Read more

0 - Comment

Payment card details stolen in 2018-2019 were made available online, the leak affects people from all over the world.

According to Komputer Świat, which references Bleeping Computer, payment cards were made available online as part of the promotion for the new carding market. Leaked data includes information about the card user, address, place of residence, email, phone number and CVV number.

A hospital in the United States – Eskenazi Health, fell victim to cybercriminals, as a result of a ransomware attack there was no access to the hospital’s key systems.

It should be remembered that the purpose of the ransomware attack is to block access to computer system to prevent reading of data stored on it. As soon as the attack was detected by the hospital, all ambulances were redirected to other locations. Hospital turned off some of its services, such as access to email and medical records, and started to verify which parts of its system were compromised. In addition, the website of the hospital was disabled.

The hospital has issued a statement informing that no breach of patients and employees data had been detect

The leak of customer data from Tauron, which we informed about a few days ago, has its continuation. Niebezpiecznik portal was contacted by a hacker who came into possession of the files of Tauron’s clients.

A hacker named Edison claims he was provoked to attack because he was attacked himself. Edison detected the attack from the addresses 93.105.88.X and 93.105.88.Y, and then traced the IP carefully. The script came across a server that had a directory listing of numerous files, a total of 200 GB. The files contained recordings of conversation with Tauron’s clients and entries regarding 2 million unique numbers.

The hacker, realizing what data he was dealing with, made several phone calls informing the owners of the numb

The Polish company grouping companies from the energy sector – Tauron – informed its clients about the data leak.
According to Tauron, cybercriminals could take possession of phone calls, and thus obtain information such as: name, surname, date of birth, PESEL number, address of the energy collection point, phone number with email address.

In the announcement issued by Tauron, it can be read that there has been unauthorized access to customer data located in the technical infrastructure of external partners cooperating with Tauron.

Tauron informed its clients about the consequences of a data leak, such as attempts to obtain a loan by a third party or attempts to extort funds accumulated in the account by imperson

New Vultur malware is spreading via the Google Play Store. Malware intercepts login details for online banking and cryptocurrency applications by recording device’s screen.

According to experts from ThreatFabric, Vultur monitors the screen of the device after launching the online banking application. This is possible thanks to an overlay that looks like the user interface of the actual banking application. The victims are convinced that they are entering the data into the actual app, while in fact they pass it to the scammers. According to the experts, malware is able to apply a window overlay to over 100 official applications of banks and supported wallets.

According to the dobreprogramy portal, attempting to remove Vultur

Access to test builds of Windows through Windows Insider Program channel has been used by cybercriminals. According to Kaspersky, more and more people are downloading and installing application posing to be Windows 11 installer, which in fact is a camouflaged malware.

According to Kaspersky’s malware experts, it contains a file which matches the size of Windows 11 installer - 1.75GB and name matches the actual Windows 11 build number 86307_windows 11 build 21996.1 x64 + activator.exe. However, there is one but - the file contains a single DLL file that is tasked with downloading another file. This file then displays the “License Agreement” dialog box where in its summary you can read that “sponsored applications” will be installed on the compu

Pegasus is a software used by government agencies of multiple countries, which allows to take control of almost any smartphone. For this purpose, it is sufficient, for example, to receive a message sent via WhatsApp messenger. Pegasus is software marketed by the Isreali company NSO.

According to the Niebezpiecznik website, journalists from the Forbidden Stories and Amnesty International have obtained a list of 50,000 personal phone numbers from around 40 countries that were targeted by Pegasus.

Unfortunately, Pegasus has not been used only for fighting criminals, the obtained list includes journalists, activists, businessmen, academics, government officials and lawyers that are inconvenient for individual countries.

In order to encourage Poles to vaccinate against COVID-19, the government has organized a lottery, and from July 1st, 2021, vaccinated people can take part in the draw by registering on the patient’s online account or via the hotline, a fact that fraudsters will certainly not miss.

According to Computer World, phishing campaigns based on the National Vaccination Program Lottery should be expected soon. As you can find out from the gov.pl website, the system of informing about the winnings is to be done via SMS from the number marked as “Lottery”. After receiving the information of winning, go to the lottery website and check if your details: masked phone number, first name, first letter of the family name are on the list of winners. The lottery pr