Warning against phishing campaign
CERT Poczta Polska warns against another phishing campaign, addressed to e -mail users, aimed at stealing data.
As part of the campaign, messages impersonating known public figures are sent. Messages contain content regarding an invitation to meetings or events, the details of which are available in the correspondence attachment. Information can also be sent out of trusted websites of Polish e -mail operators.
The opening of the attachment can lead to the infection of the device and - as a consequence - to take over login data, documents and other files on the device, as well as obtaining constant access to the attacker.
Please be particularly careful when opening this type of correspondence coming to private or business boxes. If you receive suspicious messages, please inform us to incident@poczta-polska.pl
We also remind you of the basic rules for using e -mail and social media:
- When logging into the account, check that the domain of the portal is correct,
- Ignore all other requests to provide your password, even if the message looks officially, requires immediate reaction and threatens the deactivation of the account,
- report all suspicious messages on the service box to incident@poczta-polska.pl ,
- Remember that messages are particularly suspected: containing attachments, especially the Office archives and documents with the slogan given in the message,
- Use long passwords (above 14 characters):
- - A good method for a long password is to come up with a whole phrase, consisting of a few words, e.g. 2 reds@lineb@rdzosm@kow@ly,
- - Avoid passwords that are easy to link to your person - containing surname, date of birth, etc.,
- - Do not use the same password more than once. If possible, use password managers. Those built into a browser or phone are safe and easy to use,
- – Turn on two -component authentication (so -called 2FA) where it is possible two -component authentication in the e -mail and social accounts is necessary,
- - If you suspect a break -in, change your password, check the login history available in the profile and finish all active sessions,
- Update the operating system and programs on the used computer, phone,
- keep your anti -virus program in the news,
- For sensitive private communication, use End-to-End encrypted messengers, e.g. Signal.