Zawartość kursu
Introduction
0/2
What exactly is phishing
How do criminals operate?
Types of phishing
Depending on the communication channel through which the attack is conducted, we distinguish several specific forms of phishing, which demonstrates the continuous adaptation of cybercriminals to new technologies:
0/5
Phishing (Email Phishing)
Smishing (SMS Phishing) – Fraud hidden in SMS messages
Vishing (Voice Phishing) – voice phishing
Quishing (QR Code Phishing)
Spear Phishing
Why is phishing so dangerous?
0/3
Global Services
Use of emotions: positive emotions
Strategies based on negative emotions
Examples of phishing attacks
0/6
Phishing using email: „Tax refund” attack
Phishing using email: Alleged shipment attack
Smishing – scam using SMS
Quishing – an attack using QR Code
Vishing – voice attack
Spear phishing
Principles of protection against phishing
0/6
General rules to protect
Phishing via e-mail
Smishing – SMS Phishing
Vishing – voice phishing
Quishing
Spear phishing
Phishing – don’t fall for internet scammers!

The year 2021 brought a significant increase in the number of online scams in Poland. This was largely due to the shift of many services to cyberspace in order to limit face-to-face contact during the pandemic. The „tax refund” scam proved to be one of the most frequently reported and most effective.

How did the scam work? Scammers massively sent emails to many people. In these messages, they informed recipients that there was an alleged overpayment in their account, which resulted from the annual tax settlement.

Why was it so effective? The key to success was credibility. The emails were very carefully prepared to look like genuine messages from the tax office:

  1. Appearance: Scammers copied the logo, colors, and graphic layout of the Ministry of Finance, so the message looked almost identical to official correspondence.
  2. Language: They used formal language, which further assured victims that they were dealing with a government office.

What did the scammers do next? The message contained a clear instruction: to receive the promised overpayment, one had to click on a special button or link. However, this link did not lead to the real website of the Ministry of Finance or the e-Tax Office, but to a fake, bogus website that looked like a login panel for the government service.

What was required on the fake website?

After going to this fake website, users were asked to log in. Then, under the pretext of verification necessary to process the refund, victims were urged to provide their sensitive personal and financial data. These could include:

  • Full personal data (first name, last name, PESEL number).
  • Online banking login details (login, password, one-time codes).
  • Payment card number.

What was the result?

Instead of receiving the promised tax refund, victims lost access to their bank accounts or their data was used for identity theft. The entire promise of a refund was false. This attack is a typical example of phishing, exploiting the trust we place in state institutions.

Source: https://www.forbes.com/sites/kellyphillipserb/2013/04/09/dont-fall-for-refund-related-email-phishing-scams/

Poprzedni
Dalej