Lost24

The UNIQA company - the owner of AXA, sent emails without the BCC (blind carbon copy) field, revealing the data of 1000 customers in each email. As a reminder, the BCC option allows you to send messages to multiple recipients, preventing the disclosure of sensitive data - recipients cannot see each other's emails.


According to the Niebezpiecznik portal, UNIQA first sent out emails revealing the data of 1000 customers in each email, and then revealed the same data again, as the “email cancellation” mechanism was used.


The message concerned information about the change in the terms and conditions of using the PPK online service for the Employing Entity. It should be noted that the message recall feature

Lost24

Fraudsters send fake text messages pretending to be PGE, Polska Grupa Energetyczna. Fraudsters threaten to disconnect the electricity due to arrears of a few zlotys.


In order to settle the arrears, one needs to click on the link attached to the SMS message.


According to the portal Niebezpiecznik, messages are sent from multiple numbers and direct to various links, which are redirected through the cli.co domain. The website the victim visits poses to be the PGE’s website and redirects to the fraudulent payment gateway. Depending on the bank’s choice, the theft of funds takes place via BLIK or an attempt to intercept personal data (PESEL, mother’s maiden name) used to connect the mobile application to the appropriate acco

Monday 7 June 2021, Safety Guide

Fake WhatsApp and Anubis malware

Lost24

CERT Orange Poland warns against a fake version of the WhatsApp application for Android phones. The installation file is whatsapp.apk and within it is hidden Anubis malware. It is one of the banking Trojans, appearing most frequently on malicious websites, however, there have also been cases where it could be downloaded from the Google Play Store by downloading additional content.


As reported by the dobreprogramy portal, Anubis malware runs in the background and also hides its application icon. It is able to save all data from the phone’s keyboard, intercept text messages and calls. Of course, this is the way to hijack your online banking credentials by cybercriminals.


As suggested by CERT, cybercriminals wanting to increas

Lost24

In order to take out a loan, you usually need to present your identity card in addition to your personal data and PESEL identification number. Niebezpiecznik portal, based on the example of its reader, shows how a fraudster can take out a loan, based on publicly known data.


The reader of the portal, by including the notification from the Credit Information Bureau, found out that someone had taken a loan in the amount of PLN 5,000 in his name via the SuperGrosz.pl loan service, which is run by the AIQLabs company. The downloaded report show that the reader’s data had already been verified at the beginning of this year by AIQLabs.
On the SuperGrosz.pl website, the final verification of the borrower takes place at the agency of Polish Post or Po

Lost24

A woman from the United Kingdom lost GBP 9,000, scammers created a fake advertising campaign using the image of a famous person - Elon Musk, owner of Tesla and SpaceX.


The deceived woman came across a specially crafted BBC website, from which she found out about the said campaign. The advertising campaign assured that after making a deposit in bitcoin, a payout of double the amount would be made. The victim, after realizing that she was a victim of fraud, immediately contacted her bank. However, the money was no longer recoverable as the transaction was made voluntarily.


According to the Ladbible portal, the BBC has taken steps to close the fraudulent website.



Lost24

A woman from the United Kingdom lost GBP 9,000, scammers created a fake advertising campaign using the image of a famous person - Elon Musk, owner of Tesla and SpaceX.


The deceived woman came across a specially crafted BBC website, from which she found out about the said campaign. The advertising campaign assured that after making a deposit in bitcoin, a payout of double the amount would be made. The victim, after realizing that she was a victim of fraud, immediately contacted her bank. However, the money was no longer recoverable as the transaction was made voluntarily.


According to the Ladbible portal, the BBC has taken steps to close the fraudulent website.



Wednesday 19 May 2021, Safety Guide

WhatsApp account hacking

Lost24

Scams based on hijacking WhatsApp user accounts are becoming more and more popular.


According to CyberDefence24, fraudsters take over the accounts of randomly selected users, which is possible thanks to reading the verification code during registration. The scammers then contact the target’s WhatsApp friends impersonating the person. The scam is similar in practice to the scams utilizing Blik, which are often used after hijacking a user's Facebook account.


The above method of deception is popular in India, where the fraudsters most often suggest to their victims that money is needed to support the health service fighting the coronavirus.



Lost24

In the issued announcement, PKO BP bank warns its clients against fraudulent emails. Be careful of messages with the subject “Invalid IBAN”.


The sender of the message polisysme@pkobp.pl. In the text of the message, the victim learns that, on behalf of another bank customer, the bank tried to send a transfer that was rejected. In order to receive the payment, the victim is prompted to click on the link confirming the correctness of the attached IBAN number.


The link in the email leads to malware. Clicking on a link may result in loss of money and control of your bank account.



Saturday 8 May 2021, Safety Guide

Fraudsters pretend to be PGNiG

Lost24

Polish Oil Mining and Gas Extraction (PGNiG) warns against fraudulent SMS messages, scammers suggest the need to settle a payment.


Example of the text message: PGNIG: Please be advised that due to debt in the amount of PLN 12.45, we ordered the gas to be disconnected for the next working day.


According to PGNiG, text messages are sent from different phone numbers and should be considered as SPAM. Moreover, PGNiG customers may receive fake emails where the subject of the email concerns information on arrears. The victim, as in the text message, is informed about the debt, which should be settled as soon as possible, using the link to eBOK (the message contains a hyperlink). Fraudulent emails come from no-reply@epgnig.pl, and t

Lost24

Persons who have used Passwordstate’s password manager must be careful as there has been a large data leak.


Hackers placed malicious files inside the application, breaching the security of 29,000 companies and 370,000 employees using Passwordstate.


According to the dobreprogramy portal, the scale of the leak is so huge, because the malicious code planted by hackers on Click Studios’ servers was sent as part of the update. The update was automatic and the malicious code made it possible to download information about the victim’s computers along with passwords from Passwordstate application.


The data leak is serious due to the fact that Passwordstate is used by many of the largest companies in

Sunday 2 May 2021, Safety Guide

Package seized by customs fraud

Lost24

Niebezpiecznik portal warns against text messages about the parcel being detained by the customs services.


The text of the message does not change: “Your package has been seized by the customs services: [LINK]”. However, messages are sent from different numbers and contain different links.


According to Niebezpiecznik, the link redirects you to a website claiming to be a courier company. Clicking on the link leads to the download of a malicious application on your Android device. Cybercriminals have one goal - to steal money from a bank account. According to the portal dobreprogramy, it is probably a FluBot Trojan. The goal of the malware is to hijack passwords and logins to the online banking application. The transaction

Wednesday 28 April 2021, Safety Guide

Fraudsters are impersonating InPost

Lost24

Fraudsters used the image of InPost to create a fake page, demanding payment for a courier delivery.


Potential victims are convinced that InPost branches have been closed to the coronavirus pandemic. The victim is encouraged to pay for the shipping in order to deliver it home by courier, rather than waiting for pickup at an InPost branch.


The scammers inform that after making the payment, the victim will receive an SMS notification along with a courier number. Additionally, we are assured that the package will be delivered within 24 hours.


According to the experts from Threat Labs, fraudsters have created a fake BNP Paribas payment gateway to extort money.



Monday 26 April 2021, Safety Guide

Anti-crisis shield SMS

Lost24

In connection with the new wave of benefits planned by the government the fraudsters decided to use the excuse and execute attacks utilizing so-called anti-crisis shield.


Niebiezpiecznik portal warns against a scam in which scammers try to rob victims of their savings accumulated on a bank account.


Fraudsters send SMS messages that read as follows:
"Sender: Shield You can collect PLN 800 from the anti-crisis shield. To pick up, make a identity confirmation transfer of PLN 1. You will receive the funds within 24 hours. www.urzedy9 [.] net / XXXX ”.


Clicking on the link leads to a fraudulent page with PayU payment gateway. If the login and password are provided, the victim is asked to

Monday 19 April 2021, Safety Guide

Cryptocurrency scam

Lost24

The police from Złotów, Greater Poland Voivodeship, were informed about a cryptocurrency fraud.

A 24-year old man that invested in cryptocurrencies has let down his guard when he was contacted by a “broker”. He was informed that he had earned a considerable amount of money on cryptocurrencies. In order to gain the caller’s trust scammer was stalling the conversation, explaining slowly the operation of the system.

The “broker” requested the victim to provide a credit card number, which was to be necessary to transfer the money earned in the amount of several thousand zlotys to the victim’s account. In the next step, the victim was asked to log into their bank account. At this point, the victim noticed that control of his account h

Thursday 15 April 2021, Safety Guide

Investor fraud - PKN Orlen

Lost24

The Computer Security Incident Response Team of the Polish Financial Supervision Authority (KNF CSIRT) warns against false investments. Fraudsters pretend to be PKN Orlen. Scammers tempt with promises of fast and high earnings, without any risk.


For this purpose, a fraudulent website and a Facebook profile have been created, where an attempt is made to trick users into fake investments in gas and oil trading. There is a “calculator” on the website, which displays the amount of investment we are able to earn.


In order to start the “investment”, you need to register by filling out the application form by providing your personal data, email address and phone number. In the next step, you must confirm the registration by