Cybercriminals try to fool Polish Post’s customers. They send text messages, in which they inform about changes in service fees, due to which an additional payment is required.

The surcharges are as small as PLN 1, so many people may try to make the payment in order to have their debt cleared.

The content of the SMS is as follows:
“In connection with the change in the service fees on 04.11.19, we inform that your parcel requires a surcharge of PLN 1.00 to continue the delivery. https://pp-sa.net/doplata”

The text message is signed as “Polish Post”, it is also listed under real messages from the company, if the victim received any in the past.

The link in the text message directs to the page imitating the online payment service. The victim, after selecting the bank, is redirected to its fake page. Next, victim has to define the recipient of the transfer and, by default, must confirm the transfer with a code received in SMS. After receiving the SMS, the amount that the victim has to pay does not match the amount in the message received, exceeding it by several hundred times. The received code is also visible to cyber criminals and the operation of making the transfer is monitored in real time.

As Polish Post emphasizes, people who are awaiting parcel collection are particularly vulnerable to the attack. It reminds its users that it does not send text messages in which it informs about surcharges for the service and indicates that it is not responsible for the effects of fraudulent activity. The case was reported to the police.