The hackers impersonate Allegro. You can lose your account and money

The Polish cybersecurity team CSIRT NASK has reported another wave of scams related to the Allegro brand. Criminals impersonate the brand of an online store and are looking for victims for easy money. Here’s how they work.

New Allegro scam – beware of suspicious emails

This campaign is already known to the Computer Security Incident Response Team, but scammers are constantly modifying it in an attempt to attract more victims to the bait.

Launching the network on the victim starts with sending a fake email, like thousands of other phishing campaigns. In communication, criminals pretend to be the administration of the Allegro portal. They act in two ways – they offer benefits or scare the recipient. Emails may be about:

• providing a loyalty bonus by the site,

• possible blocking of the account due to frequent authorization attempts from the mobile application,

• updating regulations and the resulting need for their adoption.

Regardless of the content and promotion, always false, a link appears at the end of the message. It is hidden in the button of the brand’s signature orange color. This leads to a fake login page.

Do not enter your details in the form, because in this way we can lose access to the account, and attackers can potentially take over the data of our bank cards connected to the service.

Fake ticket scam – NASK warns drivers

CSIRT NASK also warns against scammers impersonating the police. This is also an old cybercrime trick with a new twist. Fraudsters initiate contact via SMS. Reports an unpaid fine (usually a small amount) and going to court.

The mobile message contains a suspicious link that directs the user to a fake online banking login site. However, when entering data, the user does not enter the bank, but transfers his confidential data and passwords to the criminals. This may end up stealing money from our online account.