Treści będą dostępne po wyrażeniu zgody na stronie KLAUZULA INFORMACYJNA COOKIES

ANNOUNCEMENTS

Read the recent information about internet threats and actions you should take when they happen.

In case you have any questions or doubts, please contact our infoline at 801 365 365 (Poland only) or +48 42 683 82 32.

Remember also about the basic security rules and be sure to check our antivirus software offer for Pekao24 customers.

We warn against a new type of malicious software dedicated to mobile devices (tablets, mobile phones) which impersonates banking and other institutions applications.

We warn against a new type of malicious software dedicated to mobile devices (tablets, mobile phones). This software impersonates banking and other institutions applications and tries to extort sensitive information such as login, password, PIN or credit card information. Malicious software also allows to intercept SMS messages and incoming calls made to the infected device.

Please be careful and pay particular attention to applications that you install on your mobile devices. Infection of the device can cause serious consequences, not only in banking processes (eg. taking over SMS authorization codes), but also in everyday life (eg. interception of private conversations or SMS messages).

Particular attention should be paid to the applications for which you received a link via e-mail or SMS messages. Currently, the biggest threat of device infection is the installation of currency crypto applications.

Below is an example of the malicious software that, when activated by the user of banking application (eg. mobile application, PekaoToken) displays "overlay" used for phishing the log in information to digital banking.

We remind you that Bank never asks during logon process to provide the complete password (not masked).

Below are examples of fake screens from the application:

If you notice any unusual request to enter sensitive information please do not hesitate to contact the TelePekao (800 380 380) or Infoline (801 365 365) consultant who will who will advise how to act in a situation given.

We warn you against dangerous e-mails containing requests for fees, false invoices, warnings of mobile phone infection or blocked access to the Pekao24 service.

Please be cautious and keep limited confidence in relation to e-mails containing information with requests for fees, false invoices, warnings of mobile phone infection or blocked access to the Pekao24 service.

Recently fraudsters send out this type of false e-mails which content is focused on convincing to open attachments or use the link provided in them. Messages have been prepared in a way to make the impression of genuine, however, they contain dangerous trojan that can install itself on your computer when you try to open an attachment or link. Thanks to it the fraudsters can get the ability to track user actions on the computer or will try to take over the data allowing for login and authorization in Pekao24 service. If you install malicious software on your mobile phone fraudsters can get full control over it.

If you opened attachment or link from those type of e-mails we advise you not to login to Pekao24 service from that device, when you logged in please change the password to the Pekao24 internet service immediately from another - secure device or block the Pekao24 service.

Remember!

  • Bank never asks you for complete password during logon to the internet service.
  • Do not use any links or addresses received via e-mail to login.
  • Do not share any confidential information on websites resembling in appearance to Bank website.
  • Verify if the website for login has the https://www.pekao24.pl/address.
  • Verify if the padlock symbol, indicating an encrypted connection (address begins with https not http) is visible on the screen.

Please be aware of dangerous messages containing links to fake Pekao24

Please remain careful and have a limited trust for e-mails containing links to fake websites used for Pekao24 logging and authorization data phishing. Bank never sends e-mails with links to online banking systems, and never asks to login using links sent in e-mails .

This kind of massage is prepared by criminals in a way that gives the impression of real message sent from the Bank. In the case of opening the link contained in the message, redirection to a website resembling Pekao24 logon page may occur.

Example of a fake site with subsequent false requests below:

Phishing1
Phishing2
Phishing3
Phishing4
Phishing5
fake Pekao24

The purpose of this this attack (phishing) is interception logging data, authorization codes and personal data that can be used to execute criminals fraudulent transaction of identity theft.

Remember!

  • Bank will never ask you for the complete password during login to the internet service.
  • Do not use to logon adress or a link sent in an e-mail.
  • Bank will never contact the customer by telephone in order to ask for authorization codes (from TAN block or SMS code).
  • Do not give any confidential information on websites similar to the Bank's website.
  • Check the login page to have the address: https://www.pekao24.pl/
  • Check for the padlock symbol on the screen meaning that the encrypted connection has been established (in this case the address begins with "https", not with "http").

After locating the padlock symbol, double-click on it to check whether the displayed certificate is valid and whether it has been issued by Bank Pekao S.A. and for the address https://www.pekao24.pl/ClientLogonUK.html

Proper certyficate should contain following data:
- issaeu: Symantec Corporation,
- certyficat type: Symantec Class 3 EV SSL CA-G3,
- organization: Symantec Trust Network,
- validity: from: 2016-07-13, to: 2018-07-28.

For more information about the safety of online banking, please visit http://www.pekao.com.pl/premium/electronic_banking/Security/

We warn you against errors in some models of wireless WiFi routers. Always check the https in the website's address and correctness of the certificate.

Polish Bank Association announced a new treat to the online banking. Fraudsters use bugs in some of the popular models of WiFi routers in order to redirect users to the fake banks' websites. In this way criminals receive login data, and then through false messages, persuading customers to realize unauthorized transactions.

We remind you that login to Pekao24 can be carried out only at https://www.pekao24.pl/ After logging in, make sure that lock symbol appears on the screen indicating that the encrypted connection has been established (in this case the address begins with "https", not with "http").

Connection with the Bank, always has to be protected by a valid certificate issued by Symantec Corporation for the address www.pekao24.pl on 2016-07-13 and valid until 2018-07-28 .

Read more how to check security certificates

Warned before the Trojan account number pasted from the "clipboard"

On the web there is a new version of the Trojan virus called Banapter.
ainly exposed are all of online banking users, especially those using web browsers like: Firefox, Internet Explorer, and Opera.

Banapter Banapter is distributed by criminals as an attachment to spam sent to the private e-mail box. The matter of the message and the attachment's name (for example, information about the overdue unpaid invoice vat) induce the victim to open an attachment which in turn causes an infection on your computer. Banapter allows criminals to do the remote substitution of bank account number copied by you on the "clipboard" and then "pasted" into the transfer blank.

Be watchful , before approving the transfer always make sure that the account number of the recipient of the transfer is correct.

In case of any doubt, contact your consultant TelePekao (800 380 380) or hotline (801 365 365) , who will manage how to behave in the situation.

Check out the current message of Związek Banków Polskich on the threat.

Protect confidential information about your cards

Remember!
Be very careful regarding e-mails received from unknown senders. We advise you not to answer to such e-mails or open any attachments and links provided in them, also, do not share any confidential information on websites which look similar to the Bank websites.

Never trust the e-mail sender. Fraudsters have capabilities to prepare an e-mail in a way it makes an impression as it was sent from an institution or a person which you trust.

Never send any confidential information regarding your card in an e-mail. Banks and other financial institutions never ask for sending such information via electronic correspondence.

Fraudsters prepare specially designed websites, announcements, registration forms or e-mails, which are very similar to the original. For an inexperienced internet user they look authentic. The purpose of this attack (phishing) is to manipulate the victim in a way he is not aware that the information provided are sent to the fraudsters and not to the authorized institution. Revealing confidential information about the card to an unauthorized person may result in performing a fraud transaction.

The confidential information about the card are:

  • Card number
  • Cardholder information
  • Card expirytate date
  • CVV2 (Card Verification Value 2) code
  • CVC2 (Card Verification Code 2) code
Attention!
If you revealed any confidential information about you card to unauthorized person you should restrict the card as soon as possible. Immediately call our card restriction number 801 365 365 or +48 42 68 38 232 (available 24/7).

Inform the Bank immediately about suspected situations!

If in doubt please contact the Infoline (801 365 365) consultants who will advise you on actions to take in a particular situation.

Remember - Bank never asks for the testing realize money transfers or a refund for the other Customers accounts through Pekao24

There is a new version of the virus on the Internet, which can take a control of your computer
and change the appearance of web pages. After logging into Pekao24 a user having an infected computer can see the fake message with a request to realize test transaction under false banking system update or a refund request, which was sent by an unknown person on his account. The content and appearance of the message strikingly similar to the messages of the Bank, however,
apply to these "recommendations" will result in the execution of unauthorized transactions.

We remind that the Bank never asks for the testing realize money transfers or other operations
under banking system update

Request for a refund for the other Customers accounts is never passed on to the Customer
through Pekao24.

Stay vigilant. If in any doubts please contact the consultant of TelePekao or Infoline (+48 42 683 82 32) who will advise you on actions to take.

We warn you about dangerous messages containing malware software

Please remain careful and have a limited trust for e-mails coming from unknown senders.
We advise you not to respond to such e-mails and do not open received attachments or links.

These messages are designed to collect confidential information, and by opening the link
or attachment you could infect your PC with malware software.

We also remind you that Bank Pekao S.A. never asks for confidential information,
such as your customer number, password or information about your credit card.

New version of Trojan Zeus/Zbot attacking mobile phones

Fraudsters use malware software in order to redirect customer to a phishing bank website or they are sending an e-mail with especially prepared link to that site. When an unaware customer logs into this site (entering the complete password), he will receive a message informing about the necessity of installing security certificate on the mobile phone. In order to do this, system asks about the phone model,
manufacturer and customer's phone number. Based on this information, fraudsters are sending SMS
with the link to application, and then, they can gain full control of the device - for example the ability
to send SMS codes received from the bank to the fraudster's phone.

In order to avoid the threat, we remind you about the rules of safe electronic banking browsing:

  • Bank will never ask you for the complete password during login to the internet service
    and mobile service.
  • Bank will never ask you about the phone manufacturer, phone model or phone number
    to the PekaoSMS service during login to the internet service and mobile service.
  • Bank does not require installation of an additional software on mobile phones used for
    SMS authorization.
  • Bank never sends any safety certificates via SMS.
  • Always check the details of text message containing SMS code if it is compatible
    with the operation that you are going to confirm.
  • Remain careful and have a limited trust for e-mails coming from unknown senders.
    We advise you not to respond to such e-mails and do not open received attachments or links.
  • Inform Bank about suspected situation immediately!
Toolbox
   Stored shortcuts
kontakt