• Tomasz Chróstny, President of UOKiK warns consumers during a campaign “Losing data means losing money!”.
• Suspicious text messages with links for payments, additional payments for consignments, or prompts to download an app. Contact by telephone and masquerading as an employee of a bank, the police, or administrative body. All that in the atmosphere of pressure and danger, with no time to think and objectively assess the situation.
• Note! UOKiK, experts, and the media – that are already involved in the campaign – warn: it could be an attempt at extortion.

- A consumer answers a phone call, receives SMS messages or emails with a payment link. Add to that, a fear of losing money, prompting to take action and provide data as soon as possible. In the “Losing data means losing money!” campaign, UOKiK reminds consumers to exercise limited trust when providing their data. We issue warnings concerning the loss of money after the consumer provides their data, e.g. the login and password to their accounts, or when they visit a suspicious website. Data loss may result in your lifetime savings being stolen. Anyone can fall victim to cyber-criminals, which is why it’s so important to inform as many consumers as we can about these threats – says Tomasz Chróstny, President of the Office for Competition and Consumer Protection.

In order to avoid the traps set by cyber-criminals, UOKiK prepared two commercials as part of the “Losing data means losing money!” campaign. Since December 5^th of this year, they have been broadcasted free of charge by public media pursuant to Article 31c of the Competition and Consumer Protection Act, as well as by commercial broadcasters - Radio ESKA, RMF FM, Radio ZET, Radio Centrum Rzeszów, Radio Kraków and Radio Olsztyn who have agreed to support the campaign without charging a fee.

The campaign ads are available at the Losing data means losing money! website. The material presents selected situations where extortion could occur, possibly resulting in stealing the consumer’s money. It is also prudent to visit uokik.gov.pl and finanse.uokik.gov.pl. Those sites include answers prepared by the UOKiK and Financial Ombudsman’s Office to frequently asked questions concerning unauthorised transactions: FAQ tab - finanse.uokik.gov.pl/faq/

- Criminals are constantly improving their methods. Every year, we see an increase of extortion attempts. This applies not only to false websites of well-known institutions (phishing), but also sending out text messages and making phone calls masquerading as someone else (spoofing) – the victim will see the bank’s number instead of the actual one calling. The scale of this procedure is shown in our data. In 2021, the number of reported attempts at data theft increased three-fold in comparison to the previous year. During their attacks, scammers use remote access to the desktop, imperfections in the structure of the telecommunications network, but mainly simple sociotechnical tricks such as intimidation and pressuring consumers to act hastily - says Szymon Sidoruk, threat analyst at CERT Polska.

Data theft takes on various forms, and they are constantly changing. The most notorious include:

1. Posing as a bank employee, referring to an esteemed institution – police, administrative bodies

Scammers contact bank customers in a variety of ways, most often through the phone. Their aim is to extort money. They introduce themselves as employees of the bank, police, or financial institutions. They usually inform the consumer about the need to take swift action to protect money in the account or the possibility of receiving additional money. They then try to convince the consumer to provide their account login and password. They encourage their victim to install software granting them remote access to the desktop in order to make a transfer to an account where the consumer’s funds will be “safe”. Criminals often create a sense of threat and leave no time for the account holder to think about and analyse the situation.

Do you think, your data or money was extorted? You need to:

• contact the bank, using a verified channels,
• report the case to the police.

2. Applications for receiving consignments, voicemail, MMS

Cybercriminals send out SMS messages calling the recipient to act, e.g. additional payment for a consignment in order to be able to collect it. The text message may also contain information about receiving an MMS or voicemail. The content is structured specifically to convince the recipient that they need to quickly click the provided link to take care of the pressing matter. The link will transfer the consumer to a false website. In order to perform the operation, the user is encouraged to download and install the application which is in fact malware.

After downloading and installing this app, it takes over the device. Deleting it is not easy, and it can steal data from the phone as soon as it’s installed. There is a huge risk of theft of funds from the bank account.

You received a text message and wonder if your phone is safe? You need to:

• send a text to CERT Polska – +48 799 448 084,
• if you read the message but didn’t click the link – be careful and do not click the link,
• if you displayed the website, but didn’t download the app – be careful and close the page immediately, 
• if you downloaded the app, but didn’t install it – do not install it and delete the downloaded file,
• if you installed the app – you should immediately:
  • turn on aircraft mode – malicious software will not be able to send SMS message or contact the scammers’ websites,
  • check your account balance, whether any unauthorised operation was conducted - do not log in from an infected device, use another one. If you notice money missing, contact the bank and police.
  • check your account balance, whether any unauthorised operation was conducted. Do not use the infected device to it. If you notice money missing, contact the bank and police.
  • copy the data from your phone - such as pictures or downloaded documents - e.g. via a USB cable,
  • restore to phone to factory settings. This will delete all data from the phone, so it’s important to make backup copies first,
  • change passwords to all accounts which were accessed via the phone.

Malware can steal your contacts and attempt to spread itself further. It would be prudent to inform your contacts about the risk of receiving text messages containing malware.

3. Gas, power, and TV payments

Criminals sent out SMS messages informing about an alleged overdue payment for gas, power, and other utilities. They include a threat that a lack of payment will result in power or TV being cut off. They insist that the payment should be made by clicking the provided link. Clicking it will redirect the user to a false payment gateway, masquerading as a legitimate service. The data provided on that site do not reach the bank but is instead sent to the scammers. Thanks to that, they can get access to the consumer’s bank account login data, and then perform operations on their behalf. This in turn causes text messages to be sent from the bank, containing confirmation codes.

Power and gas companies sent out SMS messages reminding about paying their bills. However, they ask the customer to call the Customer Service Office or visit e-BOK, where they have an account. After logging in, the consumer can check their account balance and decide on the method of payment, e.g. for the overdue electrical bill, they want to use.

Do you suspect, your data or money was extorted? You should immediately: 

• contact the bank, using a verified channels,
• next, change your Internet banking password,
• send a text to CERT Polska – +48 799 448 084.

If money was extorted, report it to the police.

- Using psychological tricks is one element of the criminals’ strategy. They contact their victim and inform them about an alleged threat to the life or health of their kin, an attempt to steal money from the bank account, or an urgent need to aid the police. The consumer is cornered by the criminals, so that they can’t contact their family, their bank, or the police. The victim has no time to think or verify the information. Rational thinking is put on a backburner. That is why it is so important to constantly stigmatise these practices and issue relevant warnings. It bears constant reminding that the bank employee will never ask the customer for their account login and password. It’s worth to remain vigilant and not act on impulse, verify information in several sources, and if needed, call 112 and notify the nearest police precinct – says junior inspector Wanda Mende, Head of Social Prevention Department at the National Police HQ Prevention Bureau.  

The President of UOKiK invites other media outlets, social organisations and institutions to take part in the “Lose Your Data, Lose Your Money!” campaign. All the materials are available at the Losing data means losing money! website.

Consumer Support:

Phone: +48 801 440 220 or +48 222 66 76 76 – consumer helpline
E-mail: porady@dlakonsumentow.pl
Consumer Ombudsmen – in your town or district
Financial Ombudsman – when a complaint has been rejected by a financial institution

Additional information for the media:

UOKiK Press Office
pl. Powstańców Warszawy 1, 00-950 Warszawa, Poland
Phone: 22 55 60 246
Email: biuroprasowe@uokik.gov.pl
Twitter: @UOKiKgovPL
You can also follow us on Instagram: @uokikgovpl