2025-06-07 10:00
publication
2025-06-07 10:00
NASK has observed two phishing campaigns on the internet, in which scammers impersonate tourist facilities and courier to extort data. Criminals are trying to obtain login details to the bank or payment card details to steal the money victim's money.
According to Tuesday's scientific and academic computer network (NASK), a phishing campaigns have been observed on the internet, which perpetrators are impersonating tourist facilities, e.g. Energylandia and Łódź Zoo. “The fake website of the facility encourages you to buy admission tickets at promotional prices. When the user provides a payment card data, it may lose money,” explained NASK.
False pages are promoted in social media and use slightly modified advertising of tourist facilities, and the link placed in them leads to a page controlled by fraudsters. After selecting the payment method, the user is redirected to the fake payment gate of the PayU panel. This page – according to NASK – is used to extort data of the payment card, and as a result of theft of money from the victim's account.
“Watch out for advertising on the Internet – fraudsters often impersonate known names or logos, changing small elements. Every detail matters. If you click on the link, look at what the site looks like. If anything raises your doubts – do not provide login data or payment card,” NASK appealed. She added that the user can also contact the company under which the cybercriminter is impersonated to verify the truth of the advertisement.
The second campaign recently observed by NASK experts consists in impersonating DHL courier. “The action is always similar – cybercriminals send an email about a waiting shipment, which can be picked up after paying the appropriate customs duty. The goal is to extort login data to user banking and stealing money,” she explained.
According to NOK, fraudsters send false messages informing about a parcel that is waiting for pickup. In the message, fraudsters are trying to convince a potential victim that the package can be “picked up” only after transferring money and providing a redirecting link to a fake website that extorts login details to the bank. “Providing logins and passwords results in the theft of money by cyber criminals,” warns NASK.
He points out that cyber criminals play emotions and try to persuade immediate action. It is worth keeping calm and look at the message sender, because criminals impersonating specific companies often make mistakes, e.g. in the name and content of the message. You can also – as Nask adds – call a company that allegedly sent this message and verify the content.
NASK appealed to reporting suspicious sites and messages to the CERT Polska team. This can be done by free number 8080 (by sending, for example, an SMS), e-mail address: [email protected] or at: https://indent.cert.pl/#!/lang=pl.
“The described campaigns are based on current applications and analysis of cyberspace conducted by CERT Polska. They present patterns of activities of criminals who use the image of people, companies and institutions in an unauthorized manner. Our warnings are informative and serve to build awareness of cybergrozing” – explained NASK. (PAP)
JLS/ MALK/
