Overview of selected scams - December 2024

We present the report on identified threats and the methods of operation by criminals for the month of December 2024. This document highlights selected risks to customers of Polish banks. We encourage you to review the material.
The document does not cover threats that have been known for many months and were described in an earlier report, such as the "classicscam", phishing schemes posing as streaming platforms and other. It is essential to remember, however, that these scenarios are still being used by criminals, and we must continually work against them.
FALSE INVESTMENT SCHEMESS
Criminals often use the images of well-known individuals, recognizable companies, and government-related themes to promote alleged investment opportunities. They continue to eagerly utilize deepfake technology to create fraudulent materials. The presented content aims to entice individuals into purported investments (fig 1).

Figure 1 Fake investment ads distributed on the Facebook platform 1/2
After clicking on the ads link, the victim was redirected to a website where the criminals attempted to obtain their contact information fraudulently (fig 2).
Figure 2 Fake investment ads distributed on the Facebook platform 2/2
It is also worth noting that in December 2024, the majority of detected ads were related to the second stage of the described scheme (fig 3). This involves criminals deceiving individuals who had already been scammed, under the pretense of a supposed opportunity to recover previously lost funds. In reality, this is yet another attempt to defraud individuals who had already fallen victim to this scenario.
Figure 3 Fake Invest - Second Stage of the Crime Scheme
IMPERSONATION OF BANKS
Criminals exploit the image of well-known institutions to enhance the credibility of phishing campaigns. For this reason, they regularly impersonate Polish banks. Through such schemes, they fraudulently obtain information such as payment card details, credentials for online banking, and BLIK codes. In December 2024, this method was still in use. The identified phishing campaigns utilized the branding of the following banks:
- Alior Bank,
- PKO Bank Polski (individual and business clients),
- Bank Peako S.A.,
- Santander Bank Polska.
ALIOR BANK
Phishing websites used in the described phishing campaign (fig 4-5).

Figure 4 Impersonation of Bank - phishing site 1/2

Figure 5 Impersonation of Bank - phishing site 2/2
PKO BANK POLSKI
Phishing websites used in the described phishing campaign (fig 6-7).


Figure 6 Impersonation of Bank - phishing sites 1/2

Figure 7 Impersonation of Bank - phishing site 2/2
BANK PEKAO S.A.
Phishing websites used in the described phishing campaign (fig 8-9).

Figure 8 Impersonation of Bank - email message

Figure 9 Impersonation of Bank - phishing site
SANTANDER BANK POLSKA
Example SMS messages and phishing sites (fig 10).

Figure 10 Bank impersonation - SMS messages and phishing sites
That's why news about cyber threats and fraudulent trends are also published on the following our social media platform: Twitter, LinkedIn and Facebook.