Another phishing attack on InPost. See how to guard against fraud!

Since the coronavirus pandemic has settled in our country for good, cybercriminals are increasingly looking for victims – especially among those placing orders online with pickup at InPost's Parcel Machines. We suggest how to protect yourself from this type of attack.

What the cybercriminal attack on InPost customers looked like?

If you have received a text message on your phone in recent months with content exactly identical or similar to one of the following:

– "InPost – your package is already in the Parcel Post! Generate pickup code: [fake web address]";

– "InPost: Your package has been placed in the Parcel Machine. You will receive the pickup code after updating the application: [fake web address]";

– "You will receive a receipt code after downloading our new app: [fake web address]."

– "IMPORTANT: the ordered shipment is withheld. Please pay PLN 0.99 for disinfecting the package. Go here [fake web address]"

and you did not click on the link contained in it, you can breathe a sigh of relief. However, if you clicked – as soon as possible you should restore the phone to factory settings. You most likely became a victim of a widespread cybercrime.

What is phishing?

Phishing is one of the most popular means of fraud used by cybercriminals. This method involves the hacker impersonating a specific entity or institution. Its purpose is to illegally obtain valuable and confidential information from an unsuspecting victim. Logins and passwords, bank details and personal information are most often phished for.

A strongly popularized form of phishing in recent times is the so-called "phishing". smishing, or SMS phishing. This method involves sending an SMS message to the victim to get them to take the action desired by the cybercriminal. A fake message always has in its content a link directing to a fake site, which is created only to phish for data. Most often, all it takes is for a device user to click on a link for a phone to be infected.

This time the scammers took on InPost, but it is worth remembering that such a situation can happen with the unlawful use of other institutions – including banks, offices, etc.

What to do to avoid becoming a victim of phishing?

Based on human emotions, phishing attacks are based on social engineering, which are difficult for most people to defend against. In the excitement caused by the received message, many people stop thinking logically – especially when they are not even aware of the lurking danger.

That's why it's so important to be aware of dangerous situations that may or may not happen to you, and to know how to respond to them correctly so you don't fall victim to scammers. To guard against phishing, it is worth following a few safety rules:

– do not click on suspicious links – especially shortened ones. When you hover your mouse over such a link – in the case of a message you received on your computer – it's worth looking at what the actual URL looks like. As for SMS messages, they too can be read on the computer screen. All you have to do is use a secure tool for this purpose and – when a link seems suspicious – verify it beforehand;

– do not open or respond to suspicious SMS messages, and check suspicious phone numbers in a search engine;

– apply the principle of limited trust – do not disclose your private sensitive data. It is worth being attentive even when such information is requested by serious institutions (e.g. bank or office) and before giving them, make sure that they are actually required.

Besides – when ordering anything online – it is a good idea to use such an option as shipment tracking . This way you know in real time where your package is and you are much more alert to "sneaky" cyber crooks.