Fraudsters impersonate a government website. This is how they want to extort money

– We are receiving reports that an SMS campaign is being sent to Polish telephone numbers, in which criminals send SMSes using the name “mObywatel” – exactly the same name used by the official government system. The messages sound credible and concern “detection of a traffic offense” – alerts the niebezpiecznik.pl website.

Fraudsters impersonate mObywatel

More and more users are receiving text messages informing them about the need to pay an alleged fine. We are dealing here with another fraud attempt. Cybercriminals impersonate trusted services to extort data.

The fake message, in addition to information about the fine and possible consequences, contains a link that leads to a fake website resembling the mObywatel website. After entering the website, the user is asked to provide, among others: vehicle registration number, PESEL and payment card details.

Clicking on the SMS link redirects the victim to a website where he can check his penalty points. Of course, the check always ends with information about an unpaid fine of PLN 200. Attempting to pay will display a form asking you to enter your payment card details. If someone enters them and confirms the “payment” transaction in his bank’s application, his payment card will be added to Google wallet, thanks to which criminals will be able to pay with it without having to ask for transaction confirmation and they will reset the victim’s account.

— Entering this information may result in data being taken over by cybercriminals and the loss of funds accumulated in your bank account – warns Karolina Kmak, a cybersecurity expert.

How to protect yourself from fraud? Niebezpiecznik.pl advises you to pay attention to the link in the SMS message – the link from fraudsters is not a valid government service link, although it has “gov” and “pl” in its name, the domain does not end with gov.pl). When paying by card online, it is always worth paying attention to the message in the banking application – is it a payment or maybe adding it to the “Google Pay wallet”? What is the transaction amount? Who is the party to the transaction?

– If you haven’t completed the forms with your card details, you can rest easy. However, if you have provided your card details, please contact your bank immediately – radzi service.