Polish Post warns against a new QR code scam

Updated on: March 22, 2023

The Polish Post Office is once again warning against fraudsters. An increasingly popular fraud method involves sending out QR codes, purportedly sent by the postal operator. The code is intended to complete a fictitious transaction. The link from the QR code leads to a fake website, posing as a Polish Post e-shop, where you can buy boxes, envelopes, foil, and postage filler.

On the fake website, scammers ask for personal information and payment card details to pay for products. These details are then used to steal from the account, and the product never reaches the buyer.

Phishing is a method of impersonating well-known companies in order to obtain confidential information, such as login credentials, personal data, and, above all, access to online banking accounts. One way to misappropriate Internet users' personal data and their accounts is to use a human manipulation technique, which involves exerting specific influence and behavior through the sending of electronic messages.

To avoid falling victim to cybercriminals and protect your data and assets, you should follow a few rules:

1. Carefully read website addresses sent both in emails and text messages;
2. Do not click on links received from unknown senders;
3. Never respond to requests for personal information, passwords and/or account logins;
4. Beware of errors in the link content (e.g., reversed letter order or substitution of different letters or numbers). If you find one, it's probably a scam. Be careful, don't click on things like:

rn as m (lowercase R and N as lowercase M) cl as d (lowercase C and L as lowercase D) q as g (lowercase Q as lowercase G) cj as g (lowercase C and J as lowercase G) vv as w (double V as W) ci as a (lowercase C and I as lowercase A); I as l (capital letter i as lowercase L) l as I (lowercase L as uppercase i) 1 as l (digit 1 as lowercase L) 1 as I (digit 1 as uppercase i) l as 1 (lowercase L as digit 1) I as 1 (capital letter i as digit 1)

5. Some links included in messages from unknown senders may install unwanted malware;
6. Use antivirus software, check it is up to date and install updates, and scan your computer regularly;
7. Change your passwords regularly and make sure they are strong enough, avoiding passwords like: 12345, QWERTY, name, date of birth, Spring2021.

If you receive a suspicious email or suspect any irregularities or discrepancies, please report the incident immediately to the following email address: procent@poczta-polska.pl.