Did you get that text? It's a trap! CSIRT KNF issue urgent warning

Watch out for a new, highly dangerous phishing run that floods the phones of Poles. Cybercriminals impersonating National wellness Fund (NFZ)They're trying to extort individual information and money from bank accounts. squad of Responses to Computer safety Incidents of the Polish financial sector, CSIRT KNF, he issued an urgent message informing of false SMS messages. The scammers are tempted by the promise of a expected reimbursement of treatment costs, and their goal is to completely clear the victim's account.

The attack mechanics is simple but dangerously effective due to the fact that it is based on trust in a public institution. Addressees shall receive a text message informing them of the anticipation of receiving reimbursement. The key component is the link contained in the SMS, which leads to a fake website. That's where criminals set the digital trap. Anyone who has received specified a message should stay at maximum alert and do not click on the attached links under any circumstances.

How does the fresh fraud work on the "fundation with the NFZ"?

The cybercrime pattern has been precisely planned to put the victim's vigilance to sleep. It all starts with an innocent-looking text message that the broadcaster suggests is the authoritative cell of the National wellness Fund. The text of the Communication is short and specific, informing about the granting of refunds and the request for fast action to be taken to take it away.

The key component is the force of time. Cheaters frequently propose that the offer is limited in time, prompting the recipient to act impulsively without further analysis. The message contains a link which allegedly leads to a form for receiving funds. In fact, it redirects to fake websitewhich visually is almost identical to the authoritative NFZ portal. It features logotypes and graphic plan to make fraud credible.

On the fake page, the user is asked to complete the form. This is the most crucial phase of the attack. Criminals request full individual data, the PESEL number, and then, under the pretext of verification and payment, ask for the introduction of payment card data, including its number, expiry date and CVV/CVC code. Giving this information is simply a simple way to lose all the money from your bank account.

CSIRT KNF is on alert. This is simply a robbery attempt!

Experts from the consequence squad to the Computer safety Incidents in the financial sector have no doubt. “Don’t trust specified offers – it’s an effort to cheat!” – CSIRT KNF thunders in the authoritative release. Experts published screenshots of fake messages and a fake page to make Poles aware of the scale of the threat and show what the trap looks like.

The institution underlines the fundamental rule of network security: no office, bank or public institution, including the NFZ, never ask for confidential data via SMS. authoritative communications never include links to websites where full log-in data should be entered into banking or payment card information to receive any benefits. specified requests are a 100% signal that we are dealing with an effort to extort.

The only intent of criminals is to steal. Acquired card data can be utilized immediately for unauthorized online transactions or added to digital wallets specified as Google Pay or Apple Pay, allowing you to make close-up payments at the victim's expense. individual data may in turn be utilized for further fraud, specified as borrowing.

Step by step: How to defend yourself from phishing attack?

In the face of increasingly advanced methods utilized by cyber criminals, education and the application of basic safety principles are crucial. In order not to be the victim of fraud “for the refund of NFZ” or akin campaigns, it is imperative to follow respective rules:

• Never click on links from suspicious texts. If you receive an unexpected message from the office, bank or courier company, consider it a possible threat. alternatively of clicking on the link, go to the authoritative website of the institution, entering its address manually in your browser.
• Check the page address (URL) carefully. Before you enter anything, look at the address bar in your browser. Phishing sites frequently have deluded addresses akin to first ones, but contain insignificant errors, typos or usage another domain (e.g. .com alternatively of .gov.pl).
• Protect your data as a treasure. delight note that card data (especially CVV/CVC code) and banking login data are strictly confidential. No institution has the right to request them in an email or text.
• Report attempted fraud. all suspicious text message you can submit to CERT Polska analysts. simply usage the “Transmit” option and send the content to the number 8080. It's a free service that helps block malicious websites.

Were you a victim of fraud? Here's what you gotta do right now.

If you realize that you may have fallen victim to phishing and given your data on a fake page, all second counts. A fast reaction can minimize or completely prevent losses. Follow the following steps:

First of all, contact your bank immediately. Call the authoritative hotline and study the situation. The consultant will immediately block your payment card, preventing thieves from further transactions. It is besides worth considering temporarily blocking access to online banking.

Second, if you utilized the same login data on another websites, change passwords immediately. Criminals frequently check whether stolen data matches another popular portals. Third, Call the police.. safe all evidence – take screenshots of the fake page and SMS. An authoritative notification is crucial in the case of redress.

Remember that vigilance and the rule of limited trust are the most effective weapons in the fight against cyber criminals. all message promising easy money should light a red light in your head.