SMS scam is already quite common, we have written more than once about it - how fraudsters impersonate courier companies or mobile providers. This time, in addition to wiping money from the account, the fraudsters also took out a loan of 16,000 PLN on behalf of the victim, and malware was probably included in the SMS.

According to the portal legalniewsieci, the victim received an SMS from a “courier” regarding a surcharge for the parcel due to an overweight. The victim then clicked on the link provided in the message, from which it was redirected to a fraudulent PayU website, where an error appeared after selecting the ING Bank Śląski bank and entering the login details. The operation was interrupted and the victim received a text message from the bank with information about temporary problems. The victim, after re-entering the link included in the SMS was able to proceed without problems and was redirected to the actual login page. It is worth mentioning that IGN Bank uses masked password mechanics, where the user does not input the entire password but only individual “fragments”. In this case, this security feature did not help, because the victim, apart from losing 20,000 PLN from the account, also has a consumer loan to pay off.

According to the portal, malware was injected onto the victim’s smartphone, which took over the session, and then the authorization codes.