publication
2025-10-14 06:00
New week, old tricks with a fresh twist. This time they promise an iPhone 17 Pro Max “for a survey”, which ends with a paid subscription. There are also “Pocztex packages” with hidden malware, and classic phishing scams with the PKO BP and Play brands. Find out where it's easiest to stumble and how to defend yourself.
We start with the high-profile lure of the “free” iPhone 17 Pro Max. According to CERT Orange Polska, fraudsters send e-mails inviting you to take part in a short survey, after which you will supposedly receive a new smartphone for free. After clicking, we get to a page with surveys and a timer (this is about subconsciously rushing the victim), and the end is a “shipping fee” that you have to pay for. In fact, it is a sign-up for a paid subscription, which after a few days starts deducting large sums from the card. You won't get an iPhone for such a survey, and the link from such a message may put you in debt of several hundred zlotys.
The “Pocztex parcel” scam has also returned. According to CERT Polska, there are e-mails circulating with information about a new shipment and an attached “label”. It's not a label, just a lure to download malware. One click and malware lands on your computer, which can steal passwords or take over your mailbox. Rule: we do not open attachments from an unknown source, and we only check the status of the package on official websites – entered manually, not from links in emails.
Traditionally, customers of banks and operators are also targeted. In a fresh attack on PKO BP customers, messages and advertisements threaten with “data updates” or “blocking”. They lead to a fake website, extorting logins, passwords and authorization codes. The mechanism is known and effective because it is based on time pressure and trust in the brand.
At the same time, a campaign using the image of the Play operator appeared: e-mails about the “possibility of receiving a refund” lead to a form in which criminals want card details. Here, too, the only correct way is to access the subscriber's account via the official application or the address entered manually – never from a link in the message.
All these cases have a simple pattern in common: a well-known brand, an urgent tone, a link or attachment, and finally a data form or “payment” by card. How to defend yourself? First of all, do not click on links or open attachments containing messages about surcharges, refunds, blocks or “rewards”. Secondly, access banks, operators and shopping websites only from the application or using the address entered manually. Thirdly, do not provide card details or authorization codes on websites opened via e-mail/SMS.
