Hackers attacked SITA, the IT service provider for the majority of airlines. The SITA company deals with communication onboard airplanes, the security of the airport networks and airlines.

SITA company informed that the hacking attack took place on February 24th. Hackers compromised servers storing the passenger data for airlines such as: Lufthansa, United Airlines, Singapore Airlines, All Nippon Airways, Cathay Pacific, Finnair, Japan Airlines, Jeju Air, Malaysia Airlines and New Zealand Air.

As a result of the hacking attack, SITA secured the infrastructure and contacted the affected lines. At the moment, it is not known what data was intercepted. Some of the affected airlines have issued statements of their own.

A new phishing campaign in which cybercriminals pretend to be a FedEx courier company.
CERT Orange Poland warns especially users of Android smartphones. Cybercriminals send text messages that inform them about the upcoming delivery of a package, a link is attached to the message.

Content of the message: FedEx: Your package arrives, track here: https://cssincronbucuresti[.]ro/pkg/?1mrdumbk

The URL points to a Romanian domain that has nothing to do with the FedEx courier company. After clicking the link from the Android browser, a fake courier website is displayed, suggesting that you have to download the application. The website even has instructions on how to install the rogue application.

Fraudsters claiming to be ZUS employees try to extort money from seniors by offering help in obtaining the EU “500+” benefit.
Fraudsters stalk elderly people in their homes, pretending to be ZUS employees, who are joined after a while by a person claiming to be a ZUS certification doctor. Fraudsters, in order to relax the seniors' vigilance, assure that they were also at their neighbors.

During the visit, the seniors are examined and are also asked to show their medical records. They are then asked whether they are receiving a pension and whether it is paid into a bank account or whether it is delivered by the postman. Fraudsters also ask if the elderly person is living alone and how far away their family is.

Sen

A policeman has posted his phone on the auction site, he was contacted by a man that claimed that he was waiting for immediate shipment, as he had just made a transfer for the item on display.

The policeman replied to the buyer that the shipment would only take place when the transfer was credited to his bank account. Meanwhile, the buyer sent him a link to the page where the transaction confirmation was supposed to be, quoting “I paid. To receive the money, click on the link and confirm the order. The courier will contact you after confirmation.” In addition, the buyer threatened to report the matter to the police if the seller did not send him the “purchased” phone.

Remember not to rashly click on links received fro

ING Bank Śląski warns against fraudsters pretending to be bank’s employees. This type of scam is known, the scammers only change the excuse under which they call customers.

Fraudsters claiming to be a bank employee inform their victim that they have blocked a suspicious transfer and persuade them to install a special application.

Fraudsters have details such as your name and sometimes your home address if they can find it online. Cybercriminals assure their victims that the situation is under control, however, in order to improve communication with the bank or remove the virus, they encourage them to download and install an application such as Quicksupport.

ING Bank Śląski warns that if a ban

The CSIRT team (Computer Security Incident Response Team of the Polish financial sector) warns against fraudsters who have introduced a fake PKO BP IKO application.

The IKO application is offered by the PKO BP bank and can be used by up to 3.2 million bank’s customers.
According to the CSIRT, Alien malware, whose task is to steal online banking passwords, is hiding inside the malicious application.

Remember to only install the application from official sources. It is important to verify who its developer is. It is also worth looking at the number of application downloads and user reviews. It is known that the more rating and positive reviews an app has, the more downloads it gets. Unfortunately, it may happen that

CERT Poland warns against a phishing campaign targeting entrepreneurs who expect orders filled out online. The entrepreneurs receives emails with information about the delivery or order of goods, the message includes an attachment.

Cybercriminals pretend to be real entities.

The message contains multiple linguistic errors, which are typical for this type of fraud, i.e.
- "Please pay attention to the delivery order in accordance with the terms therein contained"
- "Please find the attached order of inquiry arrange the delivery express. Send us an confirmation order with terms payment."

Attached is a RAR archive which conta

As a part of the Safer Internet Day, BNP Paribas Bank decided to impersonate fraudsters. In this way, the bank wanted to make its customers aware of the threats existing online.

Using an official Facebook profile, BNP Paribas posted a scam often used by criminals. In the content of the post, the bank’s client could find information about the possibility of receiving a prize, all that was needed to do is to click the attached link, the prize would be awarded only to the first hundred people. The content of the post was written in capital letters with emoticons woven in between. The link led to the domain bnpparlbas[.]pl, one letter was changed in the bank’s name, hoping that it would not be noticed.
The link, however, in this case led to the

CERT Orange Poland warns against text messages informing about debt or underpayment of the invoice. The scam affects all mobile phone users, regardless of operator.

The goal of the phishing campaign is to steal funds from your bank account.

According to CERT, the fraudsters count on the fact that a person who receives a text message with information about the debt of the account, which is associated with the deactivation of the phone number, will simply get scared and pay a small amount of PLN 3.50.

The recipient of such an SMS should pay attention to the name of the sender, in this case it is “K0N0SIM”, so it has nothing to do with any of the operators. However, the link attached to the messag

Police warn against investments in cryptocurrency, which require you to be very careful. An example is given of a resident of Zamość poviat who lost money instead of making a quick profit.

The affected person found an advertisement for an investment platform online and provided basic contact details by completing the application form. After this step, the victim was contacted by a woman to whom he had transferred the equivalent of about PLN 930 as part of the “entry fee” that was supposed to be refunded.

In addition to transferring the money, the man also provided the woman with credit card details along with a photo of the driving license, thanks to which he obtained login details for the platform’s account. The man�

Another phishing campaign targeting Netflix users. Fraudsters pretending to be Netflix inform that the user’s account has been suspended, and that in order to unblock it, a number of details need to be provided.

The email contains a link that leads to a form in which, in addition to personal data, you must provide the payment card number along with a security code. Providing the above data is supposed to lead to unblocking of the Netflix account.

The website that imitates Netflix is carefully crafted, so be very careful and check the source of your email before clicking on the link.

The ShinyHunters hacker group has hacked the MeetMindful dating site. As a result of the hack, the data of 2.28 million users was revealed.

Hackers released a 1.2 GB database on a hacking forum.

The leaked data include: name and surname, email address, data related to residence, date of birth, location, IP address, password to the portal and Facebook identification data, as well as dating preferences.
The dobreprogramy portal suggests that the stolen data can be used in the so-called sextortion, i.e. blackmail based on the victim’s intimate materials.

You might think that the data stolen by hackers is not controversial, i.e. it does not contain any “rowdy” photos or convers

Fraudsters inform about upcoming changes to the 500+ program and impersonate the Wirtualna Polska portal.

CERT Poland warns against a new campaign, fraudsters convince their victims that the 500+ benefit program will change its form and will be paid in vouchers. However, for more information one needs to log into their Facebook account. For this purpose a fraudulent link to a login page is attached to the message. However, the website itself is under the domain wiadomosciinewsy(.)live.

The goal of fraudsters is to steal data that can be used to steal money using BLIK, i.e. by impersonating a given person and sending messages to friends asking for a loan of a given amount of money.

Fraudsters posing for the Polish Energy Group try to intercept your online banking credentials. Experts from CyberRescue warn against fake SMSs from “PGE”.

In the text of the SMS, the victim is informed about the need to pay the amount due via the page to which the link is provided. If the amount due is not paid, the power will be cut. In fact, the link leads to a fake quick payment service, where the victim submits his / her data directly into the hands of the scammers.

Be careful and do not click hastily on the links, by entering your data you risk losing funds from your account.

A new version of the Joker Trojan, known as Android Joker, has appeared. People who install an application for downloading wallpapers, i.e. Stock Wallpaper, unknowingly download malware on their device.

The purpose of the Trojan is to gain access to messages and, in the next step, to subscribe victim to paid subscriptions. The victim is not able to see the SMS sent and received via the application. The victim learns about the paid subscriptions when they receive their monthly statement from the network operator.

According to experts from Dr. Web the new variant of the Trojan can be used to download and execute arbitrary code, thus it is possible to install a banking Trojan.