Scammers tempt their victims with ads in which they inform about risk-free and high-yield investments. In their advertisements, they very often use images of well-known people, financial institutions, state-owned companies and well-known and recognizable companies. The social engineering used by criminals causes more and more people who want to get rich quickly to fall victim to their manipulation and lose their life savings.

How does the scam work?

1. Scammers post ads for fake investments on social media or popular news portals (often as sponsored material). After clicking on the advertisement, the victim is redirected to a website created by the fraudsters, containing information about the alleged investment.
   
   
    
2. Once the victim decides to invest their savings in a fictitious investment, they are asked to create an account on the investment platform. This is how scammers trick them into giving up their contact details.
   
   
    
3. After providing the details, the victim receives a call from a scammer who claims to be a broker or investment consultant and, depending on the scam scenario, persuades them to:
   - provide payment card details,
   - install a remote desktop management program (e.g. AnyDesk, TeamViewer, QuickSupport) on their device, so that fraudsters can take control of the victim's online banking and manage the funds accumulated in the bank account in any way they want,
   - send a scan of an ID card, which can be used by fraudsters to authorize a loan taken out on the victim's data,
   - transfer funds for fraudulent investments to the bank account number indicated by the scammer.
4. After subsequent transfers made by the victim, in order to lull their vigilance and whet their appetite for further profit, the fraudsters top up their account with small amounts transferred from the accounts of "pseudo-investors". In reality, the money is transferred from the accounts of other defrauded people, and the manipulated victim unknowingly participates in the crime of money laundering.
5. Regardless of the fraud scenario pursued by the criminals, the victim eventually loses their savings or is left with debts.

 
"An offer of a big and quick profit" should make you wary. Stay safe and... 

• invest only in licensed brokerage houses registered by the Polish Financial Supervision Authority (KNF),
• remember that if you transfer funds to the account of a company offering investments or to a cryptocurrency exchange, the data of the recipient of the transfer should not be the data of a natural person,
• do not install a remote desktop management application (e.g. AnyDesk, TeamViewer, Quick Support, ZOOM) at the request of a third party – fraudsters can use it to take over your login details for online banking,
• never log into online banking when you are sharing your computer screen,
• do not provide third parties with your payment card details (its number, CVV2 code, expiration date),
• read authorization prompts carefully and never authorize any transactions you did not commission.

What should you do if you suspect you may be a victim of a scam?

• Call our hotline (+48 519 222 222) to block your card and access to online banking.
• Provide us with all the necessary information about the scam through the hotline.
• Change passwords to the Pekao24 website and PeoPay application.
• Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.

 

Security Centre of Bank Pekao S.A.
 

Have you received information about a loan application submitted? Beware of scammers. Criminals often pose as well-known financial institutions, such as banks or Biuro Informacji Kredytowej (BIK). Through manipulation and sophisticated social engineering techniques, they try to phish for your data and gain access to your account. Check out how not to get scammed.

What does the scam scheme look like?

1. The scammer sends a text message to the victim's number with information about an alleged commencement of the loan application process, notifying that they will be contacted by a bank employee.
2. After the message is sent, the scammer makes an attempt to contact the victim by phone, posing as a bank employee. Usually, the scammer uses an actual phone number to lull the victim's vigilance.
3. During the conversation, the scammer tricks the victim into providing their online banking credentials or installing an application (such as Any Desk, TeamViewer, Quick Support) that allow taking control of the victim's device. 
4. Once the victim installs the app and grants remote access to their desktop, they are asked to log in to their online banking platform. The scammer then intercepts the victim's credentials, gaining full access to their bank account.
5. The scammer can now perform any operations on the victim's account, as well as open loans in their name. 

We urge you to take care of your safety and ...

• verify the identity of the caller in the PeoPay application or on the Pekao24 website – during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S.A.;
• do not act in a hurry or on impulse. If the caller puts you under time pressure, hang up and call our hotline, go to a bank branch or contact your credit advisor;
• never call back the number from which you have received a suspicious call. Verify the number on the official website of the institution that allegedly contacted you and call it by dialling the number on the phone keypad;
• do not download any application – the bank's consultants never encourage you to download any applications used to secure your account;
• never log in to your online banking while you are sharing the contents of your desktop with someone else – scammers can take over your credentials this way;
• do not share with anyone confidential data, such as your login and password, your payment card number, CVV code written on the back of the card or PESEL number – bank employees never ask for such data;
• read authorisation messages carefully and never confirm any transactions that you have not ordered;
• remember that BIK never sends text messages informing that someone is to contact you. If you get such a text message, be vigilant. If you have an account in BIK, you can verify the list of alerts after logging in to the portal.  

What should you do if you suspect you may be a victim of a scam?

• Call our hotline (+48 519 222 222) to block your card and access to online banking.
• Provide us with all the necessary information about the scam through the hotline.
• Change passwords to the Pekao24 website and PeoPay application.
• Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.

Security Centre of Bank Pekao S.A. 

Scammers impersonate Bank Pekao S.A. – beware of fake ads on social media. Do not be tempted by the alleged profits. Log in to the e-banking system only through www.pekao24.pl or in the PeoPay app (downloaded from the official source). 

                   
How does the scam work?
Scammers post a fake advertisement of the bank on social media and trick the victim into downloading a new version of the mobile app, which is actually malware. The malicious application asks the user to enter their online banking login details (customer number and password). If the victim falls for the scam and provides this information, criminals can take control of their device and, consequently, their bank account (including the ability to authorise banking operations).


                       
 
How to defend yourself against scammers?

• Do not install any software on your computer or mobile device from sources you do not trust. Carefully read the reviews of other users about the app you want to install;
• Before logging in to the e-banking system, always check if the website address is correct – https://www.pekao24.pl/logowanie. If the address is different, do not attempt to log in;
• Never provide your full password to the e-banking system. The password to the Pekao24 service is masked. This means that you only need to type selected characters when logging in;
• Read authorisation messages carefully and never confirm any transactions that you have not ordered;
• Remember that over the phone, our employees never ask for a username, password or PIN. Logging in to telephone services is always done using automated services;
• If you are concerned or have any doubts about a conversation with an employee, hang up and call the bank's hotline (+48 519 222 222). Dial the hotline number on the numeric keypad instead of calling back using the list of recent calls on your phone;
• You can verify the identity of the caller in the PeoPay application or on the Pekao24 website – during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S. A.

What should you do if you suspect you may be a victim of a scam?

• Call our hotline (+48 519 222 222) to block your card and access to online banking;
• provide the hotline with all the necessary information about the fraud;
• change passwords to the Pekao24 website and PeoPay application;
• submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
• then inform the bank that you have filed a notification of a suspected crime.

Security Centre of Bank Pekao S.A.

Fraudsters impersonate employees of Bank Pekao S.A. and send text messages informing about suspicious activity on the victim's bank account. By distressing the victim, they persuade them to take part in an online meeting using popular communication platforms (e.g. ZOOM or MS Teams). During the meeting, they trick the victim into running a remote desktop service and thus take control of their device or obtain their online banking login credentials.  

Please note that our Bank does not use the remote desktop service as a tool to support and assist customers.

We urge you to stay safe and if you ever happen to be in such situation...

• Never log in to the e-banking system while you are sharing the contents of your desktop with someone else – scammers can take over your credentials this way;
• Do not download any application – a bank consultant would never encourage you to download any applications to secure your account;
• Do not share any confidential data (login and password, card number, CVV code on the back of your card, or PESEL number) with anyone – bank employees would never ask for such data;
• Never provide your full password to the e-banking system. The password to the Pekao24 service is masked. This means that you only need to type selected characters when logging in;
• Read authorisation messages carefully and never confirm any transactions that you have not ordered;
• If you are concerned about the message you have received and the sender is pressuring you to act immediately, call the bank's hotline (+48 519 222 222). Never call back the number from which you have been texted. Dial the hotline number manually using the numeric keypad.

What should you do if you suspect you may be a victim of a scam?

• Call our hotline (+48 519 222 222) to block your card and access to the e-banking system;
• provide the hotline with all the necessary information about the fraud;
• change passwords to the Pekao24 website and PeoPay application;
• submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
• then inform the bank that you have filed a notification of a suspected crime.

Security Centre of Bank Pekao S.A.

Impersonating a bank employee is a popular and, unfortunately, effective method of fraud. Scammers take advantage of your trust in the bank and impersonate its employees. Check out how such a conversation might go.

How does the scam work?

1. A bank customer receives a call from a person claiming to be an employee of the bank – the bank's security department or a hotline consultant. They know the name of the person they are calling, and the bank's hotline number is displayed on the victim's phone. 
2. Scammers (pretending to be bank employees) call about alleged suspicious transactions on the account or inform about a taken loan. They then ask the customer to enter their login details and to install an application (e.g. Any Desk, TeamViewer, Quick Support) that is supposed to help secure the account, but in fact allows remote viewing and control of the device.
3. Once the victim installs remote desktop management software, the scammers ask them to log in to their e-banking system to verify the operations on their account. The victim thus shares their authentication data. A scammer pretending to be a bank employee informs that the funds are at risk and they need to be transferred to a secure account (technical account, backup account etc., even to a different bank).
4. If there is no software installation or data theft, the customer would follow the scammers' instructions on their own. The customer may also be persuaded to take out a loan, withdraw cash at a branch and then deposit it in specific CDMs using BLIK codes.
5. Manipulated by criminals, the victim will lose the funds accumulated on the account.

How to defend yourself against scammers?

• You can verify the identity of the caller in the PeoPay application or on the Pekao24 website – during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S. A.
• Do not act in a hurry or on impulse. If the caller puts you under time pressure, hang up and call our hotline. It is easier to make ill-considered decisions in a hurry.Remember: Current technology allows scammers to impersonate any phone number, such as the hotline of any bank or even the police. A bank employee will never offer to transfer funds from your account to another unknown account and will never ask you to withdraw cash and then to deposit it into third party accounts through CDMs.
• Do not download any application – a bank employee would never encourage you to download any applications to secure your account.
• Never log in to your online banking while you are sharing the contents of your desktop with someone else – scammers can take over your credentials this way.
• Do not share confidential data, such as your login and password, your card number, CVV code on the back of your card, or your PESEL number, with anyone – bank employees would never ask for such data.
• If you are concerned or have any doubts about a conversation with an employee, hang up and call the bank or institution whom the caller allegedly represented. Make sure to dial the official number on the numeric keypad instead of calling back using the list of recent calls on your phone.

What should you do if you suspect you may be a victim of a scam?

• call our hotline (+48 519 222 222) to block your card and access to online banking;
• provide the hotline with all the necessary information about the fraud;
• change passwords to the Pekao24 website and PeoPay application;
• submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
• then inform the bank that you have filed a notification of a suspected crime.

Security Centre of Bank Pekao S.A.