Beware of fake "Pocztex" messages - a dangerous phishing campaign
  • Home page
  • News
  • Beware of fake "Pocztex" messages - a dangerous phishing campaign

Beware of fake "Pocztex" messages - a dangerous phishing campaign

In recent days, we've seen another wave of cyberattacks targeting users waiting for courier shipments. Cybercriminals are impersonating Pocztex, the courier service of Poczta Polska, and sending fake text messages claiming a failed delivery attempt. 

The messages contain links to websites with names resembling a real domain, such as: 

  • pocxte.com-cvciz[.]vip 
  • pocxte.shjdk[.]vip 
  • pocztex.com-emrhb[.]vip 
     

These are not official Pocztex addresses! 

Fraudsters send text messages to random numbers, informing them of an undelivered package and directing users to a fake website pretending to be Pocztex. The aim of the attack is to obtain personal and payment card information.  

What does fake news look like? 

An example message might sound very credible: 

"We attempted to deliver the Pocztex parcel on February 1st, but it was unsuccessful. Please schedule a new delivery date. Click the link below..." 

There is also often an instruction to: 

  • click on a suspicious link, 
  • reply "Y" to activate the link, 
  • paste the link in your browser, 
  • act quickly, because the parcel is supposedly going to be returned to the sender. 

These are typical techniques used in phishing campaigns – cybercriminals exploit emotions and time pressure. Sample message: 

Sample message

What's under the link? 

The link leads to a fake website that looks very similar to the official Pocztex website. The website encourages: 

  • providing personal data, 
  • entering payment card information (number, expiration date, CVV), 
  • "pay" a small additional fee or set a delivery date. 

In reality, all this data goes directly to criminals who can: 

  • steal funds from a bank account, 
  • take over the victim's identity, 
  • use the data for further fraud. 

How to recognize fraud? 

Pay special attention to: 

  • Unusual website address 

Fake domains often contain typos, extra strings, or mismatched extensions (.vip, .top, .space). 

  • Linguistic errors and unnatural wording 

This is a common element of fake news. 

  • Suspicious sender numbers 

Foreign prefixes, unknown formats, no sender ID. 

  • Emphasis on quick action 

"The parcel will be returned to the sender", "click immediately", "last chance". 

We would like to remind you that Pocztex does not send payment links or ask for payment card details via SMS.  

How to protect yourself? 

CERT Poczta Polska recommends: 

  • Never click on links from suspicious messages. 
  • Do not respond to such text messages. 
  • Always verify the website address – the official tracking addresses of Poczta Polska are:  
  • www.poczta-polska.pl/sledzenie-przesylek 
  • www.pocztex.pl/sledzenie-przesylek 
  • Do not provide payment card details in response to SMS. 
  • Report suspicious messages to: CSIRT NASK at fakt.cert.pl or number 8080. 

Please remember to contact Poczta Polska only through official channels:  

Phones: 

  • 801 333 444 (for landlines, charges according to the operator's price list). 
  • 438 420 600 (for mobile and landline calls, charges according to the operator's price list). 

E-mail: kontakt@poczta-polska.pl.

Undelivered parcels: 438 420 800 or kontakt.niedoreczalne@poczta-polska.pl.

Fake Pocztex undeliverable messages are currently one of the most common phishing methods in Poland. Criminals exploit the natural waiting period for parcels, apply time pressure, and impersonate a trusted institution. 

Be extremely careful – any carelessly clicked link could lead to the theft of your money or personal data.