Polish Post warns against fake emails

We're receiving reports of fraudulent emails with unusual content, allegedly from the Polish Post Office. This is a form of phishing attack*, so please be vigilant.

The sender of the message is impersonating Poczta Polska (Polish Post) using an invalid email address: notify[at]poczta-poI-ska.pl. The address substitutes a capital "i" for a lowercase "l" – poczta-poi-ska.pl. When you hover your mouse over the email address, a completely different address appears than the one in the email.

Other emails with delivery notifications contain a link to a fake website, very often with a similar name to the domain used by Poczta Polska.

If you receive suspicious messages, please forward them to cyberbezpieczenstwo[at]poczta-polska.pl , including the sender's actual and displayed address, the subject line, and the attachment name or message body. This will allow us to warn other users.

At the same time, we would like to inform you that Poczta Polska SA is not responsible for the consequences of opening links and attachments in messages distributed by other entities, including entities impersonating Poczta Polska SA

* Phishing – a method of online fraud that involves obtaining personal information from users (e.g., passwords, logins, credit card numbers, PESEL numbers, ID card numbers, or bank account numbers) by impersonating well-known institutions, especially those characterized by high public trust or high visibility. Phishing messages are deceptively similar to genuine emails. They contain as many elements as possible that identify them with the organization they are impersonating. They are presented as a courtesy and always contain interesting, very attractive offers (usually offering something for free). The main characteristic of such messages is an attempt to obtain sensitive data, which is not obtained in this way by legitimate organizations.

How to avoid phishing?

  1. Always have limited confidence in the messages you receive.
  2. Do not open attachments unless you were expecting a message from the sender.
  3. If you do not know the sender of the message, think very carefully before opening the message.
  4. Do not transmit your data (sensitive, confidential) in an open message without security.
  5. Carefully check any links contained in the message you receive or posted on the website.
  6. Always update your email program and web browser.
  7. Install add-ons for your email client or browser that increase their security.
  8. Always install add-ons from original suppliers, recommended by the manufacturers of the software.