Bank security departments regularly publish warnings to customers about the increasing attacks that are used to gain access to their money. Recent weeks have seen more alerts about frauds related to investments, platforms for booking accommodation, and criminals impersonating banks. In the first article in the series “Safe with Bankier.pl”, we look at the announcements of financial institutions, presenting the story of our reader who may have become a victim of fraudsters.
Phishing, spoofing, vishing, smishing – everyone has probably encountered these terms at least once, not necessarily knowing what they mean. They have one thing in common: an unauthorized attempt to access another person's money, based on emotions, manipulation, causing anxiety, uncertainty and fear. Criminals know well what techniques to use to weaken the vigilance of bank customers and persuade them to provide account data or install malicious software. Impersonating a bank employee, text messages and emails with messages about a blocked account, a phone call about an allegedly taken out loan or crimes on Blik are just examples of the more well-known methods.
According to NBP data, in the fourth quarter of 2024 alone, customers transferred over PLN 100 million to fraudsters. It is no wonder that banks are constantly monitoring suspicious transactions and alerting account holders to increased criminal activity. Recently, the announcements have concerned specific techniques and cases in which access to money can be lost. These include frauds on platforms for booking accommodation, investment frauds, and those with fake bank and NFC applications.
Note when booking accommodation
The holiday season is a time for booking accommodation, and therefore a real opportunity for fraudsters. According to Bank Millennium, the scheme of action begins at the stage of creating a fake offer , which promises a high standard for a low price, but on the condition of a transfer directly to the landlord's account , which in practice ends with no accommodation. There are also fake booking pages, with filled in customer data, where criminals ask to re-enter payment card details , or even requests for payment outside the service provider's platform.
When using websites to book accommodation, it is worth looking carefully at the offers and not agreeing to make transfers via links sent by landlords. If anything raises our doubts, let's not give our data or those on the payment card.
Not every investment is an opportunity
The Internet, and especially social media, are often offers of investments offering quick profits with a small investment . The website inspires trust with comments from satisfied customers, the logo of a well-known company or the image of a popular person is visible on it. Scammers contact the victim by phone, promising easy earnings for a minimal amount, later encouraging higher payments. If the customer demands payment of the profit, they usually will not see a penny; criminals may even ask to download special software that will allow them to access the computer or phone.
When encountering investment advertisements that tempt with easy profits, remember not to hastily provide any data for electronic banking, payment card or Blik code, and especially not to install software that allows remote access to a computer. We should verify the investment company in the KNF register, checking at the same time whether it is not on the warning list.
Problematic NFC
Bank BNP Paribas and Bank Millennium are alerting customers to new cases of fraud related to NFC, or proximity signal interception. Cybercriminals first encourage users to install a fake application that looks like a bank application, and then the victim is asked to place the card on the phone and enter the PIN. This allows fraudsters to withdraw funds from an ATM using proximity technology, and the customer loses money.
Banks warn to never install applications from unknown sources or to put a card on a phone. In case of a suspicious situation, contact the bank as soon as possible and block the card.
The reader was not fooled
Bank or financial company consultant scams are a real nightmare for customers who often allow themselves to be manipulated by fraudsters. Criminals impersonate employees of such institutions, trying to extort data about accounts held and convince the victim that their money is at risk . Mr. Grzegorz found himself in such a situation, he shared his story with us:
Last Wednesday morning I received a call from someone supposedly representing a loan company. The consultant first asked me to change my account number from a currency account in PKO BP to a zloty account, in connection with the loan application submitted. Since I do not have a currency account or any other account in this bank, this made me anxious, which was increased by the fact that the caller knew both my name and surname, as well as my address. However, the e-mail address did not match.
The alleged consultant made sure that I had not submitted any application and informed me that in that case he would file a case with the police. He also said that there had been “several data leaks recently, including in Santander”. Throughout the conversation I tried not to provide any additional data, but to ask for as much information as possible to be able to determine how big the damage was. For example, the “consultant” said that from his level he could not see either my PESEL number or my ID card. After hanging up, I checked my report at the Credit Information Bureau and there was no such application. I also contacted the loan company – its consultant checked the data and there was no application, he also suggested that the call to me was an attempt at fraud.
As Mr. Grzegorz notes, it was probably his curiosity about the lack of a BIK report that made the fraudster not contact him again. Our reader also claims that when criminals find out which bank we have an account in, they impersonate its employees to “secure” our funds. They then send text messages with a special link to a login page to obtain our bank details and access to funds.
The consultant can be verified
Security experts remind us that bank employees never ask customers for sensitive data, such as login or password to an account or Blik code, nor do they send links to log in to electronic banking . In the event of a suspicious phone call, it is worth disconnecting the call and contacting the hotline directly and confirming whether the person is really a bank employee and whether our funds are safe.
Banking applications increasingly often offer the option of verifying a consultant during a conversation . If we suspect a fraudster is talking to us, it is worth asking them to send a PUSH notification to our phone number, which will confirm their credibility. The bank employee's lack of such willingness should make us wary, so we should not provide any important information and end the call.
***
We are starting a series called “Safe with Bankier.pl”, in which we will discuss important issues related to financial security. Did you give your Blik number to a fraudster? Has your account been cleared? Did you receive a strange phone call from the bank? Share your story with us. We are waiting for your messages at [email protected].
