A yet unknown group of scammers is abusing the Biedronka discount store brand. The offer is tempting – a voucher worth of 50 PLN for shopping in the store – which can be “easily obtained” by making one single bank transfer of 5 PLN.

The security experts from Cert Polska believe that this is one of the most dangerous phishing attacks. If the victim is tempted by the offer and enters the website www.bony-biedronka.com, he or she will be asked to make the money transfer by using a fake Dotpay service. By doing so, the victim unknowingly grants the fraudsters full access to his or hers bank account.

The fake Dotpay website is confusingly similar to the original, and also uses the SSL certificate issued by Let's Encrypt. Money lose occurs after logging to the victim’s bank account and transferring the desired amount. As Cert Polska explains, a script written by the fraudsters initiates a parallel session with a given bank during logging and takes steps to withdraw money from the victim's account.

Even though the false Dotpay service has been successfully blocked, the experts recommend caution, because the fake Biedronka’s website is still available on the web.