"Extortion on PIT" under the banner of Poczta Polska
  • Home
  • News
  • "Extortion on PIT" under the banner of Poczta Polska

"Extortion on PIT" under the banner of Poczta Polska

extortion at PITCybercriminals have developed a new way to extort sensitive data and to take over the finished funds from taxpayers' accounts. This method consists of sending false SMS messages with information about the return of tax on PIT 37 settlement.

In the received message in addition to the message "You have the right to refund tax from PIT 37 Download online." There is a link leading to the false page of Poczta Polska, where the recipient is asked to provide data such as: name, surname, e-mail address, PESEL and login details to our bank's website.

PIT 37 tax declarations in 2021 had to be submitted by April 30, while the tax office, depending on the form of submitting the declaration for tax settlement and refund of the overpaid sum, is maximally:

  • paper version: 3 months,
  • Electronic version: 45 days.

Fraudsters use the same scheme of operation by sending SMS messages with information about unregulated payment for electricity "On 13.10 the electricity is planned! Please regulate the accounts "along with a fake link.

Let's pay attention to the lack of Polish diacritical signs in sent messages, it should always arouse suspicion.

Remember!

  1. Always have limited confidence in the messages received.
  2. If you do not know the sender, think about opening the message very well.
  3. Carefully read the addresses of pages sent in both emails and SMS.
  4. Carefully read the addresses of pages sent in both emails and SMS.
  5. Do not provide your data (sensitive, confidential) in open messages without security.
  6. Watch out for errors in the content of the links (e.g. exchanged order of letters, lack of grammatical correctness, e -mail in a foreign language, lack of "Polish letters"), if you find such, there is probably a fraud.
  7. Always update the post to receive mail and web browser.
  8. Use strong, long passwords.

Please, do not have any circumstances in the messages contained in the message (criminals use various website addresses placed in links) and notification about the fact of receiving a similar message along with a screenshot of the PP cyber security team writing to the address: incident@poczta-polska.pl

Polish