CERT Polska warns: attention to fake vouchers to the Biedronka store

A new phishing campaign has started. Criminals have targeted potential customers of Biedronka stores by offering fake vouchers. In recent days, both Biedronka and Tesco have been fighting a marketing fight, who will offer a better price for smartphones or computer games. Increased customer interest in the range of these stores is used by scammers.

On the website bony-biedronka.com can see a banner advertising a voucher worth PLN 50, which costs PLN 5 ...


Most of the links in the page menu work correctly - they redirect the lured reader to the biedronka.pl domain with a real offer. However, the main decoy is the advertisement " kliknij, aby kupic karty na zakupy z biedronka 50zł za 5zł! "

As it happens in such cases (and as CERT Polska explains) - after clicking on the banner, the victim is redirected to the page that impersonates the Dotpay payment gateway. The phishing page is very similar to the original one and additionally uses the SSL certificate issued by Let's Encrypt.


Universal access to free SSL and Universal SSL certificates (thanks to CLoudFlare) can have an impact on better preparation of campaigns that will inspire more confidence than non-encrypted sites.

When using online payments, it's a good idea to verify the issued certificate and its expiration date. A green padlock is not enough, as shown in this example. The certificate should be issued to the company that gives access to the Internet service.

As CERT Polska points out, the true version of Dotpay is located at ssl.dotpay.pl and has an OV (Organization Validation) SSL certificate with extended validation that certifies the subject's identity. The issue of such a certificate for a domain must be verified in advance by the appropriate authority. It is also a much more expensive option than DV (Domain Validation) type SSL certificates. We recommend paying attention to this, especially for online bank transfers and card payments with the participation of payment services, such as DotPay, PayU or Przelewy24.

Although the current phishing campaign has already been removed, it is worth to be on your guard and warn your friends. These types of actions can appear at any time, like mushrooms after rain.


Add new comment

The content of this field is kept private and will not be shown publicly.

Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.