Massive Wave of Phishing Scams Targeting Customers of Pekao Bank, PKO BP, and Netflix Service

The last 48 hours have brought an unprecedented intensification of disinformation and technical campaigns targeting users of electronic banking. The main target of attacks in Poland has become customers of Bank Pekao S.A., who are receiving email messages with dangerous attachments. Opening the file can lead to the installation of malware that takes control of the device. Similar warnings have been issued by PKO BP, pointing to attempts to steal data through fake login panels. These institutions appeal to ignore messages forcing immediate action under the threat of blocking funds. Simultaneously on an international scale, particularly in Spain, cybersecurity experts warn against a wave of phishing attacks targeting customers of ING and Abanca banks. Criminals there use advanced social engineering techniques, informing about alleged unauthorized transactions, which is meant to prompt the victim to quickly log in to a spoofed website. Concern is also raised by the growing number of scams in internet messengers, where criminals pressure victims into making quick transfers or sharing authorization codes. These methods are becoming increasingly sophisticated, utilizing spelling errors in domain names, which is particularly visible in the campaign regarding fake highway toll charges. The first phishing attacks date back to the mid-1990s, when criminals stole passwords from AOL service users. Since then, these methods have evolved from simple text messages to technically advanced websites imitating banking systems.Another significant threat is the use of the image of the Netflix service. Users receive notifications about alleged subscription expiration or payment problems. Links contained in these messages lead to forms where victims voluntarily provide full details of their payment cards. Police emphasize that official services never ask for passwords or CVV codes via email. The threat also concerns users of the Revolut application, where scammers attempt to gain access to digital wallets. Security experts point out that the most effective defense remains the principle of limited trust and verifying every suspicious message directly in the bank's official app. „Zachowaj szczególną ostrożność i nie klikaj w linki przesyłane w wiadomościach, które budzą Twoje wątpliwości. Pamiętaj, że bank nigdy nie poprosi Cię o podanie loginu i hasła w ten sposób.” (Exercise particular caution and do not click on links sent in messages that raise your doubts. Remember that a bank will never ask you for your login and password in this way.) — Police Statement In the corporate sector, the Business Email Compromise method, which involves impersonating management staff, is currently breaking popularity records. Employees receive orders to execute urgent transfers, which, in the absence of verification procedures, leads to huge financial losses for companies.