The Computer Security Incident Response Team CSIRT KNF warns against suspicious links that can be found on the Internet. This time, cybercriminals targeted mBank customers.
Fraudsters are trying to clear our accounts. This page looks almost identical
A screenshot showing the fake CSIRT website was published by the Polish Financial Supervision Authority on the X portal. As you can see, the website looks almost identical to the real mBank online banking website. Not only the appearance of the fake website was reproduced almost perfectly. The website address also looks like the real one at first glance.
However, there are differences that are worth paying attention to. There is a padlock next to the address bar indicating a secure connection, but the website is embedded in the .com domain (mbankpl.login.garzarapida[.]com). The real mBank transaction service is available at online.mbank.pl. After logging in to a fake website, our login details go directly to fraudsters, who will probably use them to try to clean out the hijacked accounts.
Cybersecurity specialists do not reveal how exactly fraudsters spread links to the website they have crafted, but it can be assumed that they do it primarily through suspicious e-mail messages and possibly social media.
This is not the only scam. Criminals prowl sales portals
In the previous days of the CSIRT, the Polish Financial Supervision Authority had already warned several times against similar frauds using the images of well-known companies. Last week, many websites impersonating clothing store chains were found on the Internet. The aim of these scams was to steal payment card data. Therefore, it is worth carefully checking the address of the website to which we intend to provide any data each time.
Interestingly, mBank itself also issued a warning against fraudsters on Tuesday. This time they were looking for victims on sales portals. Cybercriminals write to people selling or buying something online and send links through which they supposedly need to receive or send the payment. These are, of course, links to fake websites. All transactions of this type should be finalized through the official website of a given sales platform.
Source: Gazeta
Mabel is a talented author and journalist with a passion for all things technology. As an experienced writer for the 247 News Agency, she has established a reputation for her in-depth reporting and expert analysis on the latest developments in the tech industry.
