The Polish Post Office warns against money fraud
Cybercriminals, in order to obtain specific information, send text messages to random numbers, impersonating Poczta Polska. Please be advised that Poczta Polska does not send text messages requesting additional payment to receive a package. Please be vigilant and carefully read any messages and the links contained within.
The attack involves sending messages containing information about a suspended shipment. To ensure delivery, the customer is asked to make a payment of various amounts (e.g., PLN 1.40) via a fake link included in the message. The link directs the customer to a fake website similar to the website of a legitimate payment intermediary. After selecting a bank, the customer is then redirected to the bank's website, which is also fake. The customer is led to believe they are logging into their bank's website, but this website is also fake (the link in the address is different from the bank's address). The customer identifies the person to whom the amount is to be transferred and approves the transfer using a code received via text message (the code is visible to the thief because the website is fake and every transaction performed on the website is monitored in real time). The amount the customer was supposed to pay in the received text message is not equivalent to the amount contained in the text message (PLN 1.40); it may even be several hundred times higher.
People who have just placed an order and are waiting for their delivery are most susceptible to this attack. This increases the credibility of the recipients because the SMS sent by the criminals is signed with the name "Poczta Polska," and on the phone, the fake message will be displayed under the real SMS messages received from Poczta Polska.
If you receive suspicious messages or suspect any irregularities or discrepancies, please report the matter to the police and immediately inform us at cyberbezpieczenstwo[at]poczta-polska.pl . This will allow us to warn other online users.
At the same time, we would like to inform you that Poczta Polska is not responsible for the consequences of actions taken by Customers in messages disseminated by other entities, including entities impersonating Poczta Polska.