National Revenue Administration Warns Against Fake Payment Demands and QR Codes

The National Revenue Administration is sounding the alarm about an increase in cybercriminal activity, where criminals exploit the authority of public institutions to steal savings. The scam mechanism relies on mass emailing, with messages that look deceptively like official government communications. The content of these messages typically contains a payment demand or information about an alleged settlement, designed to create a sense of urgency and pressure the recipient into clicking an infected link. Upon entering the fake website, the victim is asked to provide sensitive data, leading to the takeover of their bank account. The phishing method, which involves impersonating trusted institutions, has become a key threat in the Polish cyberspace following the widespread adoption of e-administration services after 2020. A new and particularly dangerous phenomenon is the use of QR codes placed on car windshields. These documents pretend to be official parking violation tickets. Scanning the code takes the driver to a fake payment panel, where authentication data is stolen. The tax administration categorically emphasizes that it never sends payment demands via email nor issues tickets in the form of leaflets with QR codes. Officials have published a list of suspicious domains and urge people to use only the official e-Tax Office portal. „We warn against fraudsters who use fake emails to try to extort data. We ask for special vigilance and not opening links from unknown sources.” — Komunikat KAS If a suspicious message is received, citizens should immediately report the incident to CERT Polska or contact the nearest police unit. Experts remind that a moment of inattention can result in the loss of life savings. It is worth remembering that official correspondence with tax authorities always takes place by registered mail or through authenticated public administration IT systems.