Mailboxes of internet users were targeted with e-mails, allegedly from ING Bank Śląski, in which they were notified about freezing of their accounts. The alleged reason for freezing of the account was hacking and in order to unlock the access to the account user had to verify it by clicking on the provided link.

By clicking at the link victim was forwarded to the bank’s login page, unless he realizes that it’s actually a fake page in the next step he was asked to provide full password for the banking service. At this point, the cybercriminals used the login information provided by the victim at the real ING site, while victim sees “Please wait” message on the screen.

Thanks to this criminal can define a trusted recipient or swap the phone number to clean up our bank account in the next steps.

According to Niebezpiecznik, phishing attack was not accidental and it could be linked to the long downtime of the ING banking service, which took place on November 29, 2018. As a result of this downtime customers did not have the access to the website and the applications, which suggested to them that it might be a result of a hacking attempt that was mentioned in the e-mail.