A trap for PKO BP customers, with the EU directive in the background
Hackers again targeted PKO BP bank customers. If you receive an email in your inbox that looks like a message from a bank, we recommend caution.
Fraudsters send e-mails resembling information from the PKO BP bank to hundreds of Poles. The content refers to the EU directive DSP2 on payment services and informs that it requires strong authentication from all banks. The message further states that specialists from PKO BP have developed a new security model and it is necessary to activate security updates on the account. Specifically… providing your personal data again.
This is intended to be a way to verify the rightful owner of the account. Here, criminals threaten consequences such as third-party abuse and financial damage. Finally, they inform you that the update is mandatory.
A trap for PKO customers
This is obviously a trap. A careful observer will notice that the message, although this time written without errors, loses meaning in its complexity. This is a signal that it was not sent by the bank. This also reveals the sender’s address, which has nothing to do with PKO BP and is registered in a foreign domain.
The e-mail contains a link to a form in which you supposedly need to enter your data to confirm your right to use the account and implement the security update. The website was built like a real website of the iPKO online banking system.
It is worth noting that the website address has nothing to do with the Polish bank. Moreover, when you try to visit the website, many browsers will block it. This is a great sign that it’s best to stay away from there.
Beware of a phishing campaign impersonating @PKOBP.
Cybercriminals send fake e-mails to users informing them that they need to update their personal data.
The link in the message leads to a dangerous website… pic.twitter.com/queOfQjnwe
— CSIRT KNF (@CSIRT_KNF) February 9, 2024
Cybercriminals try to extort login details to accounts in the iPKO system and, as a result, probably rob victims of fraud. If you receive a similar email, the best thing you can do is delete it right away. In case of doubt, it is worth contacting the PKO bank hotline. If you want to use iPKO electronic banking, enter the website address manually and make sure you do it correctly.