Attention, Android! Fraudsters impersonate the bank’s application

Bank Millennium informs about a new wave of frauds targeting people using Android phones. Criminals send text messages and e-mails with a link leading to a fake version of the banking applicationimpersonating “update necessary” messages. After clicking, the victim lands on a fake installation page and is then drawn into a procedure that is supposed to “verify the card” using NFC. For this purpose, criminals order bring the card close to the phone and enter the PIN code. This scenario allows them to obtain sensitive data and use it for execution unauthorized transactions.

How the “update” scam works

The attack begins with a message with a link that pretends to be an official bank announcement. The pretext is to quickly update the application. After installing the alleged “update”, the user is asked to: card verification: to place it on the phone and enter the PIN. This is not standard bank operation – it is a method of extorting card data and code, which later allows criminals to debit the customer’s account.

Official bank recommendations

Bank Millennium clearly shows how avoid problems: :

• Install the application and its updates only from Google Play.
• A real application does not ask for a card PIN or to place the card on the phone.
• A bank consultant never requests confidential dataincluding the card PIN.
• Don’t click on links from unknown senders in text messages or e-mails.
• React immediatelywhen the application requires unusual information, e.g. PESEL number, electronic banking password or card PIN.

What to pay attention to

Messages encouraging quick installation outside the official store, time pressure and unusual data requests are red flags. The bank emphasizes that authorization of activities and updates take place in secure channeland the real application not required entering the card PIN. Each request for card verification via NFC and entering the PIN in the “update application” should be treated as attempted fraud.

If you have installed an application from outside Google Play or provided any sensitive data in it, you should react immediately: uninstall suspicious software, secure access to banking and contact the bank to verify the operation and possibly block payment instruments. Quick action reduces the risk of loss and makes it more difficult for criminals to access funds.

Why Android is the target

Fraudsters focus on Android users because they are the ones targeted by fake messages about app “updates”. Impersonating Bank Millennium, they try to convince the customer to download it unauthorized installation file and entering data that enables the transfer of funds. The bank reminds that exclusive source there are real updates Google Playand any other channel should be treated as suspicious.