Polish Post warns against text message attack
Cybercriminals are sending text messages to random numbers impersonating Poczta Polska. Please be advised that Poczta Polska does not send text messages requesting additional payment to receive your shipment. Please be vigilant and carefully read any messages and any links contained within.
The attack involves sending messages containing information about a price list change that took place on November 4, 2019. Therefore, the customer is asked to make an additional payment of various amounts (e.g., PLN 1.00) via a fake link included in the message. The link directs the customer to a fake website similar to the website of a legitimate payment intermediary. After selecting the bank, the user is then redirected to the bank's website, which is also fake. The customer specifies the recipient of the transfer and approves the transfer with a code received via text message (the code is visible to the thief because the website is fake and every transaction performed on the website is monitored in real time). The amount the customer was supposed to pay in the received text message is not equivalent to the amount indicated in the text message (PLN 1.00); it may even be several hundred times higher.
Below is the content of the sent SMS:
Due to the price list change on November 4, 2019, we would like to inform you that your package requires an additional payment of PLN 1.00 to continue delivery. https://pp-sa.net/doplata
People who have just placed an order and are waiting for their delivery are most susceptible to this attack. This increases the credibility of the recipients because the SMS sent by the criminals is signed with the name "Poczta Polska," and on the phone, the fake message will be displayed under the real SMS messages received from Poczta Polska.
If you receive suspicious messages or suspect any irregularities or discrepancies, please report the matter to the police and immediately inform us at cyberbezpieczenstwo[at]poczta-polska.pl . This will allow us to warn other online users.
At the same time, we would like to inform you that Poczta Polska is not responsible for the consequences of actions taken by customers in messages disseminated by other entities, including entities impersonating Poczta Polska.