Phishing attack on iPKO users - cybercriminals are phishing login details and single-use codes

Kaspersky Lab Polska informs about the appearance of a phishing attack on users of the iPKO banking website. Cybercriminals try to persuade recipients of a faked e-mail message to click on the link that opens the counterfeit login page of the iPKO website. The login details and one-time codes entered there are sent directly to the attackers. The fake website has been prepared very carefully and is a potential threat to the financial data of many users.

Messages reaching potential victims of the attack have the subject "Your account is blocked" and despite the language errors at first glance, do not arouse suspicion. The cybercriminals used the iPKO logo and a style characteristic of messages sent by financial institutions.

In the content the attackers inform that many unsuccessful login attempts have been registered, as a result of which the user account has been blocked. To regain access to the account, you need to click the link that directs the victim to the fake login page of the iPKO website. This page is a faithful copy of the real iPKO login site and nothing indicates cheating on it. If the user provides login information, another website will appear on the computer screen, where cybercriminals incite to provide one-time codes authorizing banking transactions.

All data entered on the mentioned websites goes directly to the hands of cybercriminals.

"The message contains a few language errors, however, compared to other phishing attacks falls quite professionally and convincingly. An insightful user may notice that the link leads to a website whose address has nothing to do with the iPKO service "- said Maciej Ziarek , IT security expert, Kaspersky Lab Poland. "Interestingly, the iPKO login consists of 8 characters, but after giving the victim longer, the victim will be moved to the next page in order to provide one-time codes. I would like to remind you that banks never ask clients for data authorizing transactions via e-mail or for administrative work. "

Kaspersky Lab Polska emphasizes that PKO Bank Polski has nothing to do with sending these e-mails. This is a typical phishing attack aimed at extorting information from users. Cybercriminals illegally used the bank's image.

More information about phishing attacks can be found on the official Kaspersky Lab blog: .

source: Kaspersky Lab


Learn more about our offer

If you sell security solutions, are a distributor, authorized partner or developer and would like to share your portfolio with a group of potential customers, advertise an event, software, hardware or other services on AVLab - simply write to us. Or maybe you had to deal with ransomware? We can also help you decrypt your files.
Read more

We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.