Wave of Scams Targeting KSeF and Mobile Banking, Cybercriminals Exploit Financial Concerns

In the final days of February 2026, Poland has seen a significant increase in sophisticated phishing attacks that directly exploit two topics popular among Poles: the mandatory National e-Invoicing System (KSeF) and widespread mobile banking. Cybercriminals, operating in coordinated campaigns, are mass-distributing fake SMS and email messages designed to mimic official communication. The goal is to steal sensitive data or infect victims' devices with malware. One of the main attack vectors has become fake notifications about unpaid road tolls or the need for a top-up for motorway travel, which redirect to spoofed pages deceptively similar to payment portals. Clicking the sent link can lead to the loss of funds from bank accounts. Phishing as a method of data theft emerged in the 1990s with the popularization of email and has been evolving ever since, adapting to new technologies and societal fears, such as pandemics or changes in tax systems.A second, equally dangerous wave of attacks directly targets users of popular financial institutions. Scammers send messages allegedly from Pekao S.A. bank or Revolut – one of the most popular neobanks in Poland. These messages contain PDF attachments or links under the pretext of "account verification," "data update," or warnings about "unusual activity." „„Klienci powinni pamiętać, że żaden bank, w tym Revolut, nie wysyła załączników z prośbą o kliknięcie w celu potwierdzenia danych. To zawsze jest próba wyłudzenia”” — Rafał Gębura, cybersecurity expert. Clicking such an attachment can result in the installation of keylogger malware, which records keystrokes, or redirection to a fake login page where the victim inadvertently provides their username and password. Losses can be immediate and severe. The situation is further complicated by the fact that the period of intensified phishing attacks coincides with announced service outages at major Polish banks. PKO BP, ING Bank Śląski, and Pekao S.A. have informed customers about planned modernization work, which will temporarily limit access to mobile apps and card payments. Criminals may try to exploit this context by impersonating banks' technical notifications to increase the credibility of their fake messages. Cybersecurity experts unanimously appeal for the highest vigilance. The fundamental rule is that banks never ask customers to provide full login credentials, one-time passwords (SMS), or card PINs via email or SMS messages. The Polish Financial Supervision Authority (KNF) and the police recommend that upon receiving a suspicious message, information should be verified directly on the institution's official website or by calling the helpline number provided on the payment card, not the one in the message. Business owners, who from July 1, 2026, will be required to use the KSeF, are particularly vulnerable to attacks exploiting this topic and should exercise special caution. In the face of growing threats, user education and raising awareness of basic cyber hygiene principles are key.

Perspektywy mediów: Commercial media and news portals (WP Info, telepolis.pl) focus on practical warnings for consumers, describing specific scammer methods and providing tips on how not to fall victim. Business-oriented portals (Biznes Wprost) and local ones (epoznan.pl) emphasize the scale of the phenomenon and its negative impact on trust in financial institutions and state systems, pointing to the need for strengthening systemic actions.