As recently as 2021, the number of phishing domains reported to be blocked was just under 11,500
Experts of the Polish Financial Supervision Authority's CSIRT (Computer Security Incident Response Team in the Polish financial sector) have published an annual report summarising the activities of this unit. One can learn from it, among other things, that the number of phishing domains reported to be blocked by the Team is growing rapidly. In 2021, there were less than 11,500 of them, in the following year 17,200 and in 2023 already more than 30,100.
See also: Allegro begins building a network of parcel vending machines in the Czech Republic
The vast majority of the domains reported, almost 26,800, were related to fake investments. This type of fraud involves getting the victim to invest money in non-existent projects or investment products. Experts explain in the report that in the last two years there has been a shift away from high-tech attacks using, for example, malware. Instead, social engineering is being used much more widely.
Criminals have realised that false promises of high profits with minimal risk work better. It is not uncommon to use images of well-known people or companies, including those belonging to the state, to lend credibility to these attacks.
Last year, the CSIRT of the FSA also reported nearly 8,000 fraudulent advertisements on social media to be blocked. The largest number of fraudulent cases involved the use of the image of the Baltic Pipe project (more than one-third). The second most frequently used brand name was PGNiG (nearly one fifth of the adverts). But fraudsters also use foreign labels - one in ten advertisements for fake investments used the Tesla brand. In addition to social media, criminals also use emails, text messages, phone calls, search engines and even national news portals to distribute advertisements for fake investments.
See also: Germany's largest health insurer to use the tool of Polish fintech Signius
Experts in the report also highlight the growing threat from so-called deepfake. This technique makes it possible to create, for example, recordings that look real, but are in fact fraudulent. Using this, it is possible, for example, to convince the victim that a popular actor, politician or sportsman has benefited from a particular investment. We recently reported on cashless.pl about the use of a popular YouTube artist's image in this procedure.