Watch the video
A vacuum cleaner that will clean for you. How it’s working?
–
The period around Christmas is a time when – busy with other things – we become a little less careful. This, of course, is what fraudsters are trying to take advantage of by flooding us with another wave of scams. Now criminals are targeting the clients of the largest bank in Poland (once again).
Fraudsters impersonate PKO BP again
This time, the Computer Security Incident Response Team of the Polish Financial Supervision Authority (CSIRT KNF) is warning against another wave of fraud using the image of PKO BP. Scammers on a specially crafted website encourage installation application pretending to be a mobile application of the PKO bank.
The website appears to be a carefully counterfeit and not only praises the advantages of using the app, but also contains detailed installation instructions in the memory of the mobile device. As the rogue program (fortunately) is not available in popular app stores, the scammers explain exactly how to carry out the installation process, giving it very high privileges and unblocking the possibility of downloading programs from untrusted sources. By executing these commands, the user (unknowingly) bypasses the phone’s security and installs the malware in its memory.
It is worth noting that the graphic design of the website has been surprisingly precisely forged, which may additionally mislead unaware Internet users. According to specialists from the KNF cybersecurity team, the malicious application is in fact most likely trying to intercept login passwords entered on the screen of an infected smartphone.
Once again, they impersonate PKO BP
This is yet another wave of scams using the image of PKO BP in the recent past. A week ago bank warned against e-mails from fraudsters advising to click on an attachment containing malware under the pretext of having to confirm the operation.
Earlier in December, the bank also warned against false ones SMS– messages that were supposed to come from couriers and links to crafted websites on the Internet that non-existent customers of sellers on the Internet were sending out. The principle of operation of criminals is similar in each case. They try to take advantage of the inattention of an internet user and persuade him to transfer money to frauds himself or to provide all the data needed to perform transfer, or ATM cash withdrawals.
In recent months, criminals have also been calling unsuspecting people (usually random phone numbers) and pretending to be employees of the bank’s security department. Fraudsters usually persuade you to provide confidential information: banking login details, credit card numbers, BLIK codes or encourage you to install an application for remote smartphone control. Frequent excuses under which they call are alleged “suspicious account activity” or ever unsolicited transfers of funds that were allegedly blocked by fraudsters.
In addition, in recent months, PKO BP has also detected a wave of fake SMS messages and messages sent by instant messaging, including Messenger and WhatsApp. The criminals in the messages pretended to be customers of auction websites and persuaded people to allegedly receive payments by clicking on a link leading to a specially crafted page encouraging the provision of sensitive banking details.
How to protect yourself from fraud?
Therefore, criminals use old and well-known methods of cheating, but still very often used. Despite the – it would seem – obvious fact that we are dealing with an attempted fraud, many people are still tricked into spoofing or, more broadly, phishing. We have written many times about how to protect ourselves against this type of fraud. Two of our guides are provided below:
–
