"PIT tax fraud" under the banner of the Polish Post Office
  • Home page
  • News
  • "PIT tax fraud" under the banner of the Polish Post Office

"PIT tax fraud" under the banner of the Polish Post Office

PIT fraudCybercriminals have developed a new method of extorting sensitive data and stealing accumulated funds from taxpayer accounts. This method involves sending fake text messages claiming a tax refund from the PIT-37 tax return.

In the received message, in addition to the message "You are entitled to a tax refund from PIT 37, download online." there is a link leading to a fake Polish Post website, where the recipient is asked to provide data such as: name, surname, e-mail address, PESEL number and login details to our bank's website.

PIT 37 tax returns in 2021 had to be submitted by April 30, while the Tax Office, depending on the form of submitting the return for tax settlement and refund of the overpaid amount, has a maximum of:

  • paper version: 3 months,
  • electronic version: 45 days.

Fraudsters use the same tactics when sending text messages about unpaid electricity bills: "Electricity disconnection scheduled for October 13th! Please settle the outstanding balance" along with a fake website link.

Please note the lack of Polish diacritical marks in the messages sent, this should always raise suspicion.

Remember!

  1. Always have limited confidence in the messages you receive.
  2. If you don't know the sender, think very carefully before opening the message.
  3. Carefully read website addresses sent both in emails and text messages.
  4. Carefully read website addresses sent both in emails and text messages.
  5. Do not transmit your data (sensitive, confidential) in an open message without security.
  6. Be careful of errors in the link content (e.g. reversed letter order, grammatical errors, email in a foreign language, lack of "Polish letters"), if you find any, it is probably a scam.
  7. Always update your email program and web browser.
  8. Use strong, long passwords.

Please do not click on the links in the message under any circumstances (criminals use different website addresses in the links) and report any receipt of a similar message along with a screenshot to the PP Cybersecurity Team by writing to the following address: jakotytu@poczta-polska.pl