Messages about security
Get to know the latest messages about online threats and what actions to take when such situations arise. If you have any questions or concerns, please contact the hotline at +48 519 222 222.
-
Safe holidays with #cyberPEKAO
-
The time of Christmas shopping, Christmas fundraising and meetings with our loved ones is coming. During this special time, we should keep in mind that scammers don't take time off. While we are preparing for family celebrations, they are trying to steal our data and money. Make sure that your holidays are peaceful and safe. Find out what to do to prevent cybercriminals from spoiling them.
Don't click on links sent in text messages
Did you receive a text message about an undelivered parcel? Is your parcel stuck at the border and you need to pay extra so it can arrive on time? How about a unique promotion only available at the link you have received? Be careful. Criminals impersonate courier companies and stores. They send messages in which they encourage you to click a link. If you do this and enter your data or log in to online banking on the doctored website, you will lose money.
Remember:
- Criminals can impersonate any sender. If you receive such a message, do not click the link. Call the service provider directly and explain the situation. Never call back the number from which you have been texted.
- You can help others protect themselves from cybercriminals. If you received a similar message, report the scam attempt to CERT Poland by sending it to 8080.
Stay vigilant when using social media
The Internet knows no boundaries. During the holidays you get in touch with your friends and family from all over the world. When using instant messaging or video conferencing, don't forget about security. Scammers may impersonate your friends, acquaintances or family members and try to extort money from you.
Remember:
- When a friend or a family member asks you to transfer money or send a BLIK code through social media or instant messaging, call them and make sure they have indeed sent the message.
- If you are using the Pekao24 website, enable two-factor authentication to log in. This way, even if a fraudster acquires your e-banking login credentials, without the second authentication component they will not gain access to your account.
Beware of fake online stores
A last-minute gift? Watch out for unique bargains and unprecedented discounts. Criminals create fake online stores where they offer brand-name products at attractive prices. You can find their ads on social media and even on news sites.
Remember:
- Every time you make an online purchase, make sure to verify the business’ data: business name, registered office address, NIP/EU VAT ID and REGON, and check whether it is listed in CEIDG (Central Register and Information on Economic Activity).
- Before you pay or enter your personal details, carefully check the address of the site you are on. Make sure e.g. it does not contain any typos. If anything looks unusual and if you have any doubts, do not go through with the purchase.
Help safely and prudently
During the holiday season, we are much more willing to support those in need. Unfortunately, scammers can take advantage of this. Beware of bogus charity events on social media and requests for support sent by e-mail or in private messages. Scammers will play on your emotions and urge you to make a donation.
Remember:
- Check the credibility of the fundraising entity - whether it has an official social media account and an official website and whether it is listed in public records. Comments and feedback from other supporters can also be helpful.
- Use only trusted online platforms that organize fundraising, and carefully verify the address of the website where you want to donate. The websites prepared by criminals can resemble those of legitimate charity organisations. If you have any doubts about the correctness of the address, do not pay.
What should you do if you suspect you may have fallen victim to a scam?
- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide us with all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.
We wish you a peaceful and (cyber)safe holiday season
Security Centre of Bank Pekao S.A.
-
-
Black Week, Black Friday and Cyber Monday - safe shopping with #cyberPEKAO
-
Black Week, Black Friday and Cyber Monday are not only the time of promotions, discounts and sales, but also of increased cybercriminal activity. Attractive offers tempt us everywhere we go. In the shopping rush and in the online thicket of "unique" bargains, it is much harder to stay alert. Thus, check out how to avoid falling into the traps set by scammers and how to shop safely online.
Always verify the seller’s credibility
Does this store really exist? Criminals impersonate fictitious companies and offer attractive products at low prices on websites, sales portals or social media profiles they have created.
Remember:
- Before concluding a transaction, check the reviews of the online store or user from whom you are buying something. Reviews on sales portals, online forums and comments will be helpful.
- If you buy from a company or an online store, be sure to verify the entrepreneur's data: business name, registered office address, NIP/EU VAT ID and REGON, and check whether it is listed in CEIDG (Central Registration and Information on Business).
Carefully verify the address of the website where you want to make a purchase or payment
Criminals impersonate well-known online stores and offer products from recognisable brands at extremely low prices. The websites they have prepared are misleadingly similar to the real ones. Before you buy, take a close look at the store's website in terms of possible inconsistencies. Focus on mismatched fonts and on grammatical, spelling and language errors. If something looks unusual and if you have any doubts, do not go through with the purchase.
Remember:
- Before you pay for an item using a fast payment service or before you enter your online banking login information, carefully check the address of the site you are on. Make sure e.g. it does not contain any typos.
- If you have doubts about whether a store's website is real, report it to CERT Poland. Experts will verify it and you will receive an answer as to whether it is safe.
Do not be tempted by attractive ads posted on social media or sent by e-mail
Scammers create ads in which they offer high discounts and promotions. Their offers attract attention due to low prices for good quality products (often electronics or clothing/footwear), or contests with high prizes. If you fall for the criminals' manipulation and click on an ad, you will be redirected to a phishing site in an attempt to steal your data or money. Scammers may impersonate well-known online stores, e-banking login pages or fast payment services.
Remember:
- Avoid clicking on ads posted on social media (including sponsored materials) and sent by email. An offer that seems too attractive and that is limited in time is a red flag.
- When paying for purchases, pay attention to whether the transaction is processed by a recognised payment operator and whether the address of the website you are on is correct. Enter your online banking login and password, as well as your card details (number, expiration date and CVC/CVV) only when you are certain that everything is in order.
Be cautious when shopping on sales and auction portals
A great opportunity that is going to end in a few minutes? Beware, criminals like to exert pressure. Be careful, when shopping on well-known advertising portals, we may come across dishonest sellers. If you are interested in their offer and want to make a purchase, they will inform you that they will pay the shipping costs for you or send you a link for payment, where you are supposed to enter your card details, BLIK code or log in to e-banking system. All the data you enter there will be intercepted by the scammer.
Remember:
- Do not use links redirecting to payments sent in private messages. Read authorisation prompts carefully and never authorise any transactions you did not order.
- Contact the seller only through the sales portal and be cautious when someone contacts you using other channels. If you are buying something from an individual, it is worth using the options of cash on delivery or collection in person.
What should you do if you suspect you may have fallen victim to a scam?
- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide us with all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank accordingly.
Safe shopping!
Security Centre of Bank Pekao S.A.
-
-
A month of safe banking with #cyberPEKAO - check what methods cybercriminals use
-
Did you know that in October we not only celebrate European Cybersecurity Month, but also Computer Security Day? On this occasion, we would like to remind you how to safely use online banking and protect your money from cyberfraudsters.
Watch out for fake investment ads
You may encounter online advertisements for risk-free investments that guarantee high returns. Stay vigilant, that could be scammers pretending to be recognised companies or using images of famous persons. Criminals contact potential victims, posing as stockbrokers or brokerage house employees. They encourage them to invest in cryptocurrencies or listed companies, promising fast and easy profit. At first, in order to seem more convincing, they may credit the victim’s account with small amounts from the alleged investment. After a few unsuccessful investments, the fake broker will no longer respond and the investors will lose their money.
Stay safe and...
- Invest solely through licensed brokerage houses registered with the Polish Financial Supervision Authority (KNF).
- Remember that if you transfer funds to the account of a company offering investments, the details of the transfer recipient should not be the data of a natural person,
A phone call from the bank? It could be a scam
Criminals can spoof any phone number and claim to be bank employees. They will tell you they are calling about a transaction that was supposedly ordered from your account or about a bogus loan that someone took out using your personal data. They may urge you to provide personal information, e-banking login information or a BLIK code, or to withdraw money from your account to deposit it using a cash deposit machine. During the conversation, they will put pressure on you, make you anxious and encourage you to act quickly.
Stay safe and...
- During a conversation with a bank employee, inform them that you want to verify their identity in the PeoPay mobile application or on the Pekao24 website. If the employee is unable to send you a business card, hang up and call the bank's hotline yourself. You can find out more about business cards of bank employees on the website of Bank Pekao S.A;
- Use two-factor authentication when logging in to the online banking system. Check out how to launch this service on our website.
A friend or a family member asks you to transfer funds? Check who you are actually sending your money to
Your child has broken their phone? A friend has lost their luggage while traveling? A family member urgently needs money? If a friend or a family member asks you via instant messaging or social media to transfer money or to provide a BLIK code, stay vigilant. Criminals may impersonate people you know and, playing with your emotions, try to steal your money.
Stay safe and...
- If you receive such a message, call the person who is asking you for money and verify that they are indeed the sender of the message.
Watch out for links sent in text messages
An unexpected surcharge on courier delivery? Threat of Internet or electricity disconnection due to an unpaid bill? Be careful - scammers pretend to be banks, courier and service companies, and even government institutions. Criminals send text messages (SMS) containing a link. In the body of the message, they usually inform about the need to confirm payment or surcharge, or to update your data. The link attached to the message will take you to a fake website created by the scammer, where you will be asked to log in to online banking service or to enter your details. Stay calm and don't act in haste. Scammers will threaten you with consequences and urge you to respond quickly.
Stay safe and...
- Don't click on links received in text messages, even if they appear to be from trusted institutions.
- If you find a message alarming, call the provider directly and explain the situation.
What should you do if you suspect you may be a victim of a scam?
- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and to the PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank accordingly.
Best regards,
Security Centre of Bank Pekao S.A.
-
-
Beware of text messages from scammers
-
Scammers are posing as Bank Pekao S.A. and sending text messages informing about the expiration of the PeoPay mobile app and the risk of account blocking.
Scammers urge the victim to click on a link in the message, which is supposed to lead them to instructions or a website where the user must confirm his or her identity. In reality, it directs users to a phishing site that attempts to steal their online banking login credentials. If you enter your login and password there, the scammers will gain access to your bank account.
Remember:
- Download and update the PeoPay app only from official app stores.
- Never log in to online banking from links sent in emails and text messages.
- Never provide your full password to the online banking system. The password to the Pekao24 service is masked. This means that you only need to type selected characters when logging in.
- Use two-factor authentication when logging in to the online banking system.
- Read authorisation messages carefully and never confirm any transactions that you have not ordered.
What to do if you suspect you may be a victim of scam:
- Call our hotline (+48 519 222 222) to block the card and access to electronic banking.
- Provide the hotline with all the necessary information regarding the scam.
- Change the login passwords for the Pekao24 website and PeoPay application.
- File a notice of suspected crime to law enforcement authorities, i.e. the police or the prosecutor’s office, and inform our bank.
Security Centre of Bank Pekao S.A.
-
-
A friend or a family member asks you to transfer funds? Be careful, this may be an attempted scam.
-
A child who broke their phone, a friend who lost their luggage while travelling, or a family member who urgently needs money – criminals use various scamming methods. Check what situations should make you more cautious:
- Hi, this is my new phone number.
If someone you know sends you such information, verify it, for example, by calling this number or by contacting the sender using the "old" number. In subsequent messages, you may be asked to make an urgent transfer of funds, and criminals will play on your emotions to push for quick action. - Enter the BLIK code, I'm at the ATM.
If someone you know sends you a message, e.g. via an instant messaging application, that they urgently need cash and you must enter the BLIK code and authorise the transfer – be careful. Contact the sender using other tools than the application they used, e.g. by phone. Verify whether the information they provide is true. Do not act in a hurry or on strong emotion. - I send you a link to my fundraiser.
A long-lost friend sends you a link asking you to support an initiative, or a link to a great opportunity that you will definitely be interested in? Do not click any links they send and do not be fooled. Curiosity or desire to help can make you lose your data. Contact your friend using another tool, e.g. by phone, and verify whether they sent such content at all. - Send me a picture of your card.
Your child messages you to inform that they urgently need to pay e.g. for a new phone and that it would be faster if you sent a picture of your card? Never send pictures of your card or any other e-banking authorisation details. Check whether it is indeed your child who is contacting you and not an imposter.
What should you do if you suspect you may be a victim of a scam?
- call our hotline (+48 519 222 222) to block your card and access to online banking;
- provide the hotline with all the necessary information about the fraud;
- change passwords to the Pekao24 website and PeoPay application;
- submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
- then inform the bank that you have filed a notification of a suspected crime.
- Hi, this is my new phone number.
-
-
Beware of fake e-mails - scammers are impersonating Bank Pekao S.A.
-
Criminals are impersonating Bank Pekao S.A. and sending fake e-mails. Through manipulation, they are trying to induce a victim to provide their personal data or electronic banking login details. Be vigilant and don’t be fooled.
What does the scamming formula look like?- A victim receives an e-mail purportedly from the bank in which they are asked to verify their banking details on a website.
- Scammers try to induce anxiety in the victim. They create time pressure and urge you to click on the link in the message. If the victim clicks on it, they will be redirected to a fake online banking login site.
- On the scammers’ crafted site, the victim will be asked to provide personal data and/or a customer number and password to log in to online banking.
- If the victim provides their data, criminals can access their electronic banking or take out a borrowing or a loan based on their data.
As a reminder, take care of your safety:- When a message from the bank makes you anxious, don’t act emotionally. Call our hotline (+48 519 222 222) and verify the information from the e-mail.
- Before logging into the Pekao24 website, always check that the website address is correct - https://www.pekao24.pl/logowanie.
- On the login website of the Pekao24 website, never enter your full password. When logging in, your password is masked - enter only single characters in the blanks.
- Read authorization messages carefully and do not confirm transactions that were not ordered by you.
- If you have an active PeoPay application, use two-factor login when logging into the Pekao24 website. Check out how to enable two-factor authentication on our website.
- Remember that you can withhold your PESEL number in the mObywatel service, then no one will be able to use it without your knowledge. You will be able to revoke the withholding of your PESEL number at any time indefinitely or by specifying the date and time when the system will automatically withhold it again (for example, until you finalize the agreement with the bank that you want to conclude through remote communication channels).
What to do if you suspect you may be a victim of scam:- Call our hotline (+48 519 222 222) to block the card and access to electronic banking.
- Provide the hotline with all the necessary information regarding the scam.
- Change the login passwords for the Pekao24 website and PeoPay application.
- File a notice of suspected crime to law enforcement authorities, i.e. the police or the prosecutor’s office, and inform our bank.
Bank Pekao S. A. Security Centre
- A victim receives an e-mail purportedly from the bank in which they are asked to verify their banking details on a website.
-
-
Watch out for phone calls or messages about credits and loans – scammers often pretend to be Bank Pekao S.A.
-
Criminals impersonate employees of Bank Pekao S.A. They send fake e-mails or call bank customers informing them about a taken loan or credit or about a submitted loan application. Fraudsters will want to alarm you and persuade you to provide your online banking login details, card number and CVV/CVC, BLIK code or PIN. Be careful and do not let yourself be scammed.
How does the scam work?- The victim receives an automated call informing them about an incurred liability or an opened loan application. They are then either redirected to a scammer pretending to be a bank employee, or informed about another call. In order to make the scam more realistic, the criminal sends a text message containing the details of a bank employee who is supposed to contact the victim. As they may already know the victim's name or other information about them, it is easier to lull the victim into a false sense of security.
- Then the scammer tries to make the victim feel alarmed in order to convince them to provide their personal data, login and password to the online banking system, card number and CVV/CVC on the back of the card, BLIK code or PIN. Criminals may also persuade the victim to transfer money to a specific bank account.
- When the victim falls prey to manipulation, they lose their money or a loan or credit is taken out using their data.
Stay safe and...- do not forget that Bank Pekao S.A. consultants do not send business cards using text messages. In order to verify the identity of the caller in the PeoPay application or on the Pekao24 website, during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S.A;
- do not transfer money to a bank account indicated by a person claiming to be a bank employee – a bank employee will never indicate a substitute/backup account for an emergency transfer of funds;
- do not act in a hurry or on impulse.If the caller puts you under time pressure, hang up and call our hotline, go to a bank branch or contact your credit advisor;
- do not share confidential data, such as your login and password, your card number, CVV/CVC code on the back of your card, or your PESEL number, with anyone – bank employees would never ask for such data;
- read authorisation messages carefully and never confirm any transactions that you have not ordered;
- remember that you can reserve your PESEL number through MObywatel portal so that no one will be able to use it without your knowledge. You will be able to revoke the reservation of your PESEL at any time indefinitely or by specifying the date and time when the system will automatically reserve it again (e.g. until the finalisation of the agreement with the bank that you want to conclude via remote communication channels).
What should you do if you suspect you may have fallen victim to a scam?- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide us with all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.
Security Centre of Bank Pekao S.A.
-
-
Safe holidays with #cyberPEKAO
-
Cybercriminals don't take a vacation. During the holiday season, when we are busy planning our trips, we spend more time online and we become less careful and more relaxed, they use every possible way to steal our money. Be vigilant. Do not let criminals ruin your vacation.
Do not trust overly attractive holiday deals
Scammers pretend to be travel agencies and create websites that look like the real thing. They tempt us with discounts on luxury "Last Minute" holidays. On social networks and advertising sites, they offer non-existent accommodation at extremely low prices or very urgently want to resell previously purchased package tours. Once you give them your details or send them money, the stop contacting you.
Remember:- Always verify offers with attractive discounts. Before you pay, check whether the accommodation exists. Use only authorised travel agencies.
- Contact the service provider only through the application or website you use. Do not click on any links they send, in particular if you are supposed to pay through them.
- Before logging in to the e-banking system, always check if the website address is correct – https://www.pekao24.pl/logowanie. If the address is different, do not attempt to log in
Check who you buy tickets from
Often people interested in a concert, festival or other cultural or sports event, who could not buy tickets, decide to purchase them from third parties. Unfortunately, this is a good opportunity for scammers to fraudulently obtain money or data from us.
Remember:- Buy legally – check the organiser's official website to see if "resale" of tickets is permitted.
- Make settlements directly through the application or website you use – avoid indirect transactions, in particular on unknown websites which addresses are sent via text or instant messages.
Beware of fake job offers
Seasonal job offers, in particular the ones that promise "fast and easy money", can be not only untrue, but also dangerous. By responding to such advertisements, we may provide criminals with our data, money or unknowingly take part in money laundering.
Remember:- Check whether the employer is registered in CEIDG and KRS. Avoid offers that do not have a company address and that alleged employers only contact you by e-mail or phone.
- Never transfer any money to a potential employer and do not provide your bank card number, CVV/CVC code or login details for your e-banking system.
- Do not pay any commission for access to job offers. If you are not sure whether the organisation you are dealing with operates legally, check whether it is listed in the Register of Employment Agencies.
Keep your payment card safe
Card payments are increasingly replacing traditional money, and they also enable quick online transactions. We can use them not only in Poland, but also around the world. During the holidays, we focus on comfort, but let us not forget about safety.
Remember:- Protect your card details and PIN – sharing your card details allows anyone to pay with it. Enter these data online only when you want to pay by card.
- When withdrawing cash, take a good look at the ATM. If you notice damage or dirt, traces of adhesive substances in the area of the card reader or cash dispenser, it will be best not to use it.
- Never let your card out of your sight. When you enter your PIN at an ATM or payment terminal, cover the keyboard.
- Define the limits for your payment card. You can change the amount of the limits on your own on the website or using the application, through the hotline and at the branch.
Keep your devices safe
During the holidays, we spend even more time online than usual and more often use our mobile devices. Keep them safe and protect your data.
Remember:- Use antivirus software and keep it updated.
- Keep your operating system and software up to date.
- Carefully review your phone's privacy settings and verify the permissions of the applications you use.
What should you do if you suspect you may have fallen victim to a scam?
- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide us with all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.
Security Centre of Bank Pekao S.A.
-
-
Beware of fake investment ads – check who you trust your money to
-
Scammers tempt their victims with ads in which they inform about risk-free and high-yield investments. In their advertisements, they very often use images of well-known people, financial institutions, state-owned companies and well-known and recognizable companies. The social engineering used by criminals causes more and more people who want to get rich quickly to fall victim to their manipulation and lose their life savings.
How does the scam work?
- Scammers post ads for fake investments on social media or popular news portals (often as sponsored material). After clicking on the advertisement, the victim is redirected to a website created by the fraudsters, containing information about the alleged investment.
- Once the victim decides to invest their savings in a fictitious investment, they are asked to create an account on the investment platform. This is how scammers trick them into giving up their contact details.
- After providing the details, the victim receives a call from a scammer who claims to be a broker or investment consultant and, depending on the scam scenario, persuades them to:
- provide payment card details,
- install a remote desktop management program (e.g. AnyDesk, TeamViewer, QuickSupport) on their device, so that fraudsters can take control of the victim's online banking and manage the funds accumulated in the bank account in any way they want,
- send a scan of an ID card, which can be used by fraudsters to authorize a loan taken out on the victim's data,
- transfer funds for fraudulent investments to the bank account number indicated by the scammer. - After subsequent transfers made by the victim, in order to lull their vigilance and whet their appetite for further profit, the fraudsters top up their account with small amounts transferred from the accounts of "pseudo-investors". In reality, the money is transferred from the accounts of other defrauded people, and the manipulated victim unknowingly participates in the crime of money laundering.
- Regardless of the fraud scenario pursued by the criminals, the victim eventually loses their savings or is left with debts.
"An offer of a big and quick profit" should make you wary. Stay safe and...- invest only in licensed brokerage houses registered by the Polish Financial Supervision Authority (KNF),
- remember that if you transfer funds to the account of a company offering investments or to a cryptocurrency exchange, the data of the recipient of the transfer should not be the data of a natural person,
- do not install a remote desktop management application (e.g. AnyDesk, TeamViewer, Quick Support, ZOOM) at the request of a third party – fraudsters can use it to take over your login details for online banking,
- never log into online banking when you are sharing your computer screen,
- do not provide third parties with your payment card details (its number, CVV2 code, expiration date),
- read authorization prompts carefully and never authorize any transactions you did not commission.
What should you do if you suspect you may be a victim of a scam?- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide us with all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.
Security Centre of Bank Pekao S.A.
- Scammers post ads for fake investments on social media or popular news portals (often as sponsored material). After clicking on the advertisement, the victim is redirected to a website created by the fraudsters, containing information about the alleged investment.
-
-
#cyberPEKAO warns: have you received a text message about a loan application submitted? It could be a scam.
-
Have you received information about a loan application submitted? Beware of scammers. Criminals often pose as well-known financial institutions, such as banks or Biuro Informacji Kredytowej (BIK). Through manipulation and sophisticated social engineering techniques, they try to phish for your data and gain access to your account. Check out how not to get scammed.
What does the scam scheme look like?- The scammer sends a text message to the victim's number with information about an alleged commencement of the loan application process, notifying that they will be contacted by a bank employee.
- After the message is sent, the scammer makes an attempt to contact the victim by phone, posing as a bank employee. Usually, the scammer uses an actual phone number to lull the victim's vigilance.
- During the conversation, the scammer tricks the victim into providing their online banking credentials or installing an application (such as Any Desk, TeamViewer, Quick Support) that allow taking control of the victim's device.
- Once the victim installs the app and grants remote access to their desktop, they are asked to log in to their online banking platform. The scammer then intercepts the victim's credentials, gaining full access to their bank account.
- The scammer can now perform any operations on the victim's account, as well as open loans in their name.
We urge you to take care of your safety and ...- verify the identity of the caller in the PeoPay application or on the Pekao24 website – during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S.A.;
- do not act in a hurry or on impulse. If the caller puts you under time pressure, hang up and call our hotline, go to a bank branch or contact your credit advisor;
- never call back the number from which you have received a suspicious call. Verify the number on the official website of the institution that allegedly contacted you and call it by dialling the number on the phone keypad;
- do not download any application – the bank's consultants never encourage you to download any applications used to secure your account;
- never log in to your online banking while you are sharing the contents of your desktop with someone else – scammers can take over your credentials this way;
- do not share with anyone confidential data, such as your login and password, your payment card number, CVV code written on the back of the card or PESEL number – bank employees never ask for such data;
- read authorisation messages carefully and never confirm any transactions that you have not ordered;
- remember that BIK never sends text messages informing that someone is to contact you. If you get such a text message, be vigilant. If you have an account in BIK, you can verify the list of alerts after logging in to the portal.
What should you do if you suspect you may be a victim of a scam?- Call our hotline (+48 519 222 222) to block your card and access to online banking.
- Provide us with all the necessary information about the scam through the hotline.
- Change passwords to the Pekao24 website and PeoPay application.
- Submit a notification of a suspected crime to law enforcement authorities, such as the police or public prosecutor's office, and inform our bank.
Security Centre of Bank Pekao S.A.
-
-
Scammers impersonate Bank Pekao S.A. Be vigilant!
-
Scammers impersonate Bank Pekao S.A. – beware of fake ads on social media. Do not be tempted by the alleged profits. Log in to the e-banking system only through www.pekao24.pl or in the PeoPay app (downloaded from the official source).
How does the scam work?
Scammers post a fake advertisement of the bank on social media and trick the victim into downloading a new version of the mobile app, which is actually malware. The malicious application asks the user to enter their online banking login details (customer number and password). If the victim falls for the scam and provides this information, criminals can take control of their device and, consequently, their bank account (including the ability to authorise banking operations).
How to defend yourself against scammers?- Do not install any software on your computer or mobile device from sources you do not trust. Carefully read the reviews of other users about the app you want to install;
- Before logging in to the e-banking system, always check if the website address is correct – https://www.pekao24.pl/logowanie. If the address is different, do not attempt to log in;
- Never provide your full password to the e-banking system. The password to the Pekao24 service is masked. This means that you only need to type selected characters when logging in;
- Read authorisation messages carefully and never confirm any transactions that you have not ordered;
- Remember that over the phone, our employees never ask for a username, password or PIN. Logging in to telephone services is always done using automated services;
- If you are concerned or have any doubts about a conversation with an employee, hang up and call the bank's hotline (+48 519 222 222). Dial the hotline number on the numeric keypad instead of calling back using the list of recent calls on your phone;
- You can verify the identity of the caller in the PeoPay application or on the Pekao24 website – during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S. A.
What should you do if you suspect you may be a victim of a scam?- Call our hotline (+48 519 222 222) to block your card and access to online banking;
- provide the hotline with all the necessary information about the fraud;
- change passwords to the Pekao24 website and PeoPay application;
- submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
- then inform the bank that you have filed a notification of a suspected crime.
Security Centre of Bank Pekao S.A.
-
-
Have you received a text message informing you about suspicious activity on your account? Be careful – it's a scam!
-
Fraudsters impersonate employees of Bank Pekao S.A. and send text messages informing about suspicious activity on the victim's bank account. By distressing the victim, they persuade them to take part in an online meeting using popular communication platforms (e.g. ZOOM or MS Teams). During the meeting, they trick the victim into running a remote desktop service and thus take control of their device or obtain their online banking login credentials.
Please note that our Bank does not use the remote desktop service as a tool to support and assist customers.
We urge you to stay safe and if you ever happen to be in such situation...- Never log in to the e-banking system while you are sharing the contents of your desktop with someone else – scammers can take over your credentials this way;
- Do not download any application – a bank consultant would never encourage you to download any applications to secure your account;
- Do not share any confidential data (login and password, card number, CVV code on the back of your card, or PESEL number) with anyone – bank employees would never ask for such data;
- Never provide your full password to the e-banking system. The password to the Pekao24 service is masked. This means that you only need to type selected characters when logging in;
- Read authorisation messages carefully and never confirm any transactions that you have not ordered;
- If you are concerned about the message you have received and the sender is pressuring you to act immediately, call the bank's hotline (+48 519 222 222). Never call back the number from which you have been texted. Dial the hotline number manually using the numeric keypad.
What should you do if you suspect you may be a victim of a scam?- Call our hotline (+48 519 222 222) to block your card and access to the e-banking system;
- provide the hotline with all the necessary information about the fraud;
- change passwords to the Pekao24 website and PeoPay application;
- submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
- then inform the bank that you have filed a notification of a suspected crime.
Security Centre of Bank Pekao S.A.
-
-
Save yourself the worry
-
Impersonating a bank employee is a popular and, unfortunately, effective method of fraud. Scammers take advantage of your trust in the bank and impersonate its employees. Check out how such a conversation might go.
How does the scam work?- A bank customer receives a call from a person claiming to be an employee of the bank – the bank's security department or a hotline consultant. They know the name of the person they are calling, and the bank's hotline number is displayed on the victim's phone.
- Scammers (pretending to be bank employees) call about alleged suspicious transactions on the account or inform about a taken loan. They then ask the customer to enter their login details and to install an application (e.g. Any Desk, TeamViewer, Quick Support) that is supposed to help secure the account, but in fact allows remote viewing and control of the device.
- Once the victim installs remote desktop management software, the scammers ask them to log in to their e-banking system to verify the operations on their account. The victim thus shares their authentication data. A scammer pretending to be a bank employee informs that the funds are at risk and they need to be transferred to a secure account (technical account, backup account etc., even to a different bank).
- If there is no software installation or data theft, the customer would follow the scammers' instructions on their own. The customer may also be persuaded to take out a loan, withdraw cash at a branch and then deposit it in specific CDMs using BLIK codes.
- Manipulated by criminals, the victim will lose the funds accumulated on the account.
How to defend yourself against scammers?- You can verify the identity of the caller in the PeoPay application or on the Pekao24 website – during a conversation with a bank employee, inform them that you want to verify their identity in the application or website. The employee will send their business card to you. Remember, it will not be sent via a text message. You can find out more about business cards on the website of Bank Pekao S. A.
- Do not act in a hurry or on impulse. If the caller puts you under time pressure, hang up and call our hotline. It is easier to make ill-considered decisions in a hurry.Remember: Current technology allows scammers to impersonate any phone number, such as the hotline of any bank or even the police. A bank employee will never offer to transfer funds from your account to another unknown account and will never ask you to withdraw cash and then to deposit it into third party accounts through CDMs.
- Do not download any application – a bank employee would never encourage you to download any applications to secure your account.
- Never log in to your online banking while you are sharing the contents of your desktop with someone else – scammers can take over your credentials this way.
- Do not share confidential data, such as your login and password, your card number, CVV code on the back of your card, or your PESEL number, with anyone – bank employees would never ask for such data.
- If you are concerned or have any doubts about a conversation with an employee, hang up and call the bank or institution whom the caller allegedly represented. Make sure to dial the official number on the numeric keypad instead of calling back using the list of recent calls on your phone.
What should you do if you suspect you may be a victim of a scam?- call our hotline (+48 519 222 222) to block your card and access to online banking;
- provide the hotline with all the necessary information about the fraud;
- change passwords to the Pekao24 website and PeoPay application;
- submit a notification of a suspected crime to law enforcement authorities, i.e. the police or public prosecutor's office;
- then inform the bank that you have filed a notification of a suspected crime.
Security Centre of Bank Pekao S.A.
-