Do you have an account with PKO BP? Do not click on this under any circumstances
PKO BP customers are once again targeted by cybercriminals. The trick used by criminals is nothing new, but its repeatability proves its effectiveness and the threat is very serious.
Security experts from CSIRT KNFi.e. the Computer Security Incident Response Team of the Polish financial sector, are alarming that the well-known fraud motive for false advertising. The attack is aimed in customers of PKO Bank Polski.
Attention! We warn PKOBP business clients against false advertisements distributed via the Google search engine
– warns CSIRT KNF.
The example given is a fake login page to iPKO Biznes bankingalthough they should be careful all PKO customers. A link to the website created by criminals appears in Google search results as “sponsored” and leads to the website at lpkobiznes(.)info, although there may be dozens of similar domains.
Attention! We warn business customers @PKOBP against false advertisements distributed via the Google search engine.
Fake advertisements lead to dangerous electronic banking websites where fraudsters steal logins and passwords. pic.twitter.com/m6oewqbg4d
— CSIRT KNF (@CSIRT_KNF) October 8, 2024
These types of ads often appear are at the top of Google search results and absentmindedly, a customer may click on such a link, which will take him to the site to a crafted bank website. Criminals try to take advantage of the situation when someone is not at hand saved bookmark to the login page or he doesn’t feel like looking for her – however, you can retrieve the address after entering the bank’s name in the browser bar. Many customers end up in a hurry as a result to the Google websitewhere false advertising awaits them.
The consequences of clicking on such a link are easy to imagine. The fake login page looks like a real bank website. If someone provides their access details, login and password, criminals will be able to log into the victim’s account. Even if they cannot clear it immediately because additional transaction authorization will be in the way, such a hack will allow them to further surround the victim to force further actions, e.g. changing the phone number to approve the transaction or activate the application.
So it’s best to carefully check the address in your browser bar agrees with the real one. It’s also better to develop the habit of using a saved bookmark in your browser or carefully entering the address manually.
