publication
2025-10-21 06:58
There is no single “high-profile” attack on electronic banking users. There is a daily routine and consistent work of hackers. Their “plowing” brings results, but specialists do not give up. In September alone, CSIRT KNF counted 915 fake domains, and CERT Polska / CSIRT NASK added over 25,000 to the list. name. The wave of phishing is growing – they impersonate banks, streaming platforms and offer advertisements of “miracle profits”.
CSIRT KNF reported that 915 fakes were identified in September – mainly impersonations of banks, fake investments, streaming platforms, stores, surveys and courier services. This is the number from sector monitoring at the Polish Financial Supervision Authority. More extensive, nationwide data can be found in the summary of CERT Polska / CSIRT NASK: 57.3 thousand. reports, 26.4 thousand incidents handled (278% more y/y) and 25.2 thousand new domain names added to the Warning List only in September. 97 percent incidents were computer fraud, of which 11.4 thousand was a classic phishing scam.
What does this mean for users? First of all, the scale is massive, and “everyday” phishing causes greater losses than single, spectacular attacks. CERT also pays attention to the SMS channel: 25.5 thousand applications were accepted in September. smishing reports, and since the beginning of the year – over 1.5 million messages have been blocked based on patterns.
The most common patterns from recent weeks
Fake investments. “Sponsored” ads (e.g. impersonations of media or famous brands) lead to a “registration” form. After leaving your contact details, an “advisor” calls you and convinces you to make payments to the pseudo-platform. Payouts? There aren't. CSIRT KNF describes the constant presence of such campaigns and extensive impersonations of media/companies.
Electronic banking.
E-mails about “security updates” or “account verification” redirect to a confusingly similar login panel. Effect: hijacking the session, extorting BLIK codes and transfer authorizations. In September, phishing remained one of the pillars of criminal activity.
Streaming services.
The “payment failed to process” message leads to a fake login form and card details. The aim is to take over the account and payment data at the same time – a variant that appears regularly in the CSIRT KNF materials.
How to protect yourself and others?
First: always check the full URL before providing data – this is a simple technique that CERT indicates as the most effective barrier against phishing. Secondly: if you have disclosed your card details or login, block the card immediately, change the password and enable strong MFA.
Report suspicious websites via Incident.cert.pl and SMS messages to 8080. Companies and institutions can scan their domains free of charge at Moje.cert.pl. In September, 560 new users joined the website, and CSIRT sent 3.5 thousand notifications about detected vulnerabilities and incorrect configurations.
