Be careful when a “friend” asks for BLIK. Meet Jack the Impersonator

The mechanism by which fraudsters operate is very simple. The criminal only needs BLIK code and Your confirmation in the application. If you do this, the money disappears from your account in seconds. Campaign “The Impersonator Method” it is to teach us how to recognize such situations before it is too late.

It all starts with a weak password. Criminals are looking for accounts that do not have two-step login (2FA) enabled. Once they get to your profile, they get started write to friends from your contact list. They use the natural reflex to help a loved one.

The campaign raises awareness that the risk appears much earlier than at the time of payment – it begins on an unsecured social profile, which can be protected even with additional login confirmation. In our work with Kuba the Impersonator, we show this pattern step by step: from hacking into the account, through manipulation in the conversation, to the moment when the user sees the amount and the recipient of the payment in the banking application and has a chance to say “stop”. The BLIK system has been designed to protect the user as much as possible, therefore each stage is fully transparent and all operations require conscious confirmation.

The problem lies in our habits. Research shows that 8 out of 10 people have heard of two-step login. Unfortunately, as many as 20% of us still don’t know how it actually works. On Facebook or Google services, additional security is still available only an option. This is a huge convenience for thieves.

Security experts are sounding the alarm. Your data should not only be protected if you take care of it yourself. It should be the standard mandatory login confirmation on a new device. This is the easiest way to stop most attacks.

User safety should not depend solely on their knowledge and vigilance. It shouldn’t be an additional option, hidden deep in your social account settings. That’s why we believe that two-factor authentication should become a standard, especially in services such as instant messaging, e-mail and social networking sites. Each provider of such an account should initiate the need for a mandatory two-factor login. The combination of strong platform security and informed user responses would significantly reduce the effectiveness of Impersonators.

The Police Headquarters also got involved in the action. Every day, officers receive reports from people who have lost their life savings. Often, just a moment’s thought or a quick phone call to a friend would be enough to verify the request.

Scams involving impersonating friends are currently one of the most popular threats on the Internet. Every day we receive reports from people who have lost their savings as a result of manipulation by criminals. Therefore, educational activities carried out in cooperation with institutional partners and the financial sector are extremely important. An informed user is a safer user.

If you want to learn more, visit the website impersonators.pl. There you will find tips and videos that show manipulation techniques. Remember the hashtag #StopImpersonators and always check who you are really sending money to.