Recent days have brought several campaigns that target simple reflexes: the desire to get money back, quickly collect a parcel or click on an “urgent” post on social media. The pattern is similar. The victim clicks on the link, goes to a page to “confirm” the data, and then someone takes over the account or takes the card details and withdraws the money.
As CERT Polska describes in a recent announcement, fraudsters impersonate energy suppliers and inform about an alleged refund, citing a “change in the law”. The link leads to a website designed to steal payment card details. Importantly, the message is written correctly and looks formal, and the website may not arouse suspicion at first glance. The key detail reveals the fraud only in the address bar, because the domain does not match the real one.
In the second campaign, criminals massively send SMS messages impersonating courier companies. The excuse is to “update data” needed to deliver the package. The link leads to websites that steal personal, address and payment card details, sometimes with a fake payment gateway that looks almost like a real one. CERT also draws attention to a clever trick with an override, i.e. the sender's name, thanks to which the phone can paste a fake message into a thread with authentic SMS messages from the courier.
Facebook, sensational post and account takeover. Then requests to friends for BLIK
In addition, there is a very loud social media thread described by the “Bankers for CyberEducation” campaign. The announcement drew attention to: emotional posts about alleged kidnappings or disappearances of children or “sensational surveillance recordings”. Such entries are accompanied by links leading to fake websites that are confusingly similar to social networking sites. The victim is asked to log in again, and in practice he gives the criminals his account details. Then the fraudsters impersonate the profile owner and start writing to friends asking for urgent financial help, often in the form of a BLIK code or a “quick transfer to the code”.
Olga Bołądź, ambassador of the campaign, warns that cyber fraudsters can use the phone number of someone we know, and in one of the described stories there is a call from a “fake policeman” and a ransom demand supported by the voice of a child cloned by AI. This shows a broader trend, which was also previously reported by the Police, pointing to the growing number of frauds combining impersonations and BLIK codes with tools based on artificial intelligence.
What to do to avoid falling and what to do once we have clicked
The simplest rule is: do not click on links that increase emotions or time pressure. In “return” and “parcel locker” campaigns, the pressure is usually “short deadline” and “small additional payment”. In social media, the pressure is fear and curiosity.
The second thing is the address bar. If a website asks for login, payment or card details, stop and check that the address is exactly the same as the real one. Scammers hope that you will see the logo and stop looking higher.
When it comes to text messages “from a courier”, CERT Polska also reminds us about the good habit of reporting such messages to the free number 8080, which allows us to confirm whether it is an attempt at fraud and helps block subsequent waves.
If you have provided your card details or logged in to a suspicious website, there is no point in waiting. You need to contact your bank as soon as possible, block the card or access, change passwords and enable two-factor authentication on services that support it. If a social media account is taken over, it is also worth warning your friends immediately that someone may be writing “on your behalf” for money.
Finally, it is worth remembering that fraudsters rarely invent something from scratch. They change the logo, the excuse and the text of the message, but the mechanics are the same. Link, fake website, data phishing, and then quick theft or hunting for new victims among friends.
