The CSIRT NASK team has observed an email campaign impersonating Pekao. Fraudsters send messages that allegedly come from the bank support team.
NASK explains step by step how the mechanism of this fraud takes place.
In the first step, the attackers send emails in which They impersonate the support team of Bank Pekao. In the content of the message, fraudsters inform about the alleged expiry of banking access password internet.
An example of a false email
The message contains a link that will lead to the phishing page (containing a deceptively similar URL to the one that the bank has). And this step can enable fraudsters extortion of our login data for online banking.
How not to be fooled?
After receiving a suspicious message, NASK advises to follow the following steps:
- Call your bank. When you get an unexpected message, make sure that it has actually been sent by your bank.
- Rush is a bad adviser. If reading a message you feel the pressure of time, if it encourages you or urges you to quickly perform a surgery, this is probably a false message. Fraudsters hope that in fear of losing access to your account, you will act quickly and abandon checking.
- Watch out for links in messages. Fraudsters often impersonate banks to get you to click on the link leading to the bank's false website and extort your data there.
- Clicking alone usually does not have negative consequences. However, it takes you to a page that can be a gate for your money for a fraudster if you enter your data there. Therefore, log in to online banking directly – through the application or via the bank, entering the address by hand and check if everything works as it should.
- Read carefully in the address bar address page, to which the link redirected you. The address often reveals fraudsters – there are a lot of strange characters or phrases that are not related to your bank.
- Put the suspected email to evaluate experts from the CERT Polska team by reporting an incident through this page or sending it to: cert@cert.pl.
What is phishing?
PhishingThis is one of the most popular types of attacks based on e-mails or SMS. Uses social engineering, i.e. a technique of the fact that online criminals are trying to deceive you and make you act as intention to you – explains NASK
Cybercriminals impersonating, among others Under courier companies, administration offices, telecommunications operators or even our friends, they try to extort our login data, e.g. to bank accounts or social accounts we use, or business systems.
About NASK
NASK is a state research institute supervised by the Minister of Digitization. He conducts scientific research and development work for the security of network systems, as well as on technologies based on the latest solutions, using artificial intelligence and advanced data analysis.
It also has an important function in the national cyber security system, acting as one of the three CSIRT (Computer Security Incident Response Team) in Poland. He also conducts expert educational, training and popularizing activities.
Source of the main photo: Shutterstock