Polish Post warns against phishing attacks

CERT Poczta Polska reports an increase in phishing campaigns sent via SMS messages, in which cybercriminals, impersonating Poczta Polska, try to obtain financial benefits and personal data of citizens.

The messages are sent to random phone numbers and have nothing to do with actual shipments carried out by our company.

Text messages claiming a shipment cannot be delivered are often generated from foreign numbers (e.g., French +33, Philippine +63) . They contain a link that, when clicked, redirects the recipient to a phishing website.

Please be wary of messages with similar subject lines or content containing suspicious links or attachments. Do not click on such links or open suspicious attachments. If you receive correspondence in which the sender impersonates Poczta Polska, please report it to CERT Poczta Polska by forwarding the message to the following address: fakt@poczta-polska.pl . This will allow us to warn other web users and report the blocking of the fraudulent website to the appropriate authorities.

To verify a received SMS message, send it to the number 8080 provided for this purpose by CERT Polska. In response, you will receive information about whether the message is legitimate.

We would like to remind you that the correct website address of Poczta Polska is: https://www.poczta-polska.pl and the address for tracking parcels is: https://emonitoring.poczta-polska.pl/ and www.pocztex.pl/sledzenie-przesylek/.

Remember:

• when using the website, check if the domain is correct,
• Be vigilant when asked to provide your password, even if the message looks official,
• remember that messages containing attachments are particularly suspicious, especially archives and Office documents with a password provided in the message body,
• update the operating system and programs on the computer and phone you use,
• keep your antivirus program up to date,
• For sensitive private communications, use end-to-end encrypted messaging apps like Signal.