Money disappears from the account, and you don't know anything. fresh BLIC code trap already in Poland

Millions of Poles benefit all day from the comfort they offer BLIC payment system. Unfortunately, where there is money, there are besides cheaters who constantly improve their methods. Cybersecurity experts are alerting about a new, highly dangerous attack method that allows criminals to confirm a high-value transaction virtually without your informed consent. This is no longer a simple request for code from a “friend” on Facebook – it is an advanced trap that uses assurance in the banking application and a minute of our indiscretion. The threat is real and affects all smartphone user in Poland. knowing the mechanics of this fraud is the first and most crucial step not to lose its savings in 2025. Not only money but besides a sense of safety in the digital planet are at stake.

How does the fresh “on-BLIK” scam work? This is no longer a request from a friend

Most of us have already learned to ignore messages asking for “lending” money utilizing BLIC code. However, the fresh method is much more sophisticated. Criminals no longer ask for code – they make You enter it yourself and then unwittingly approve the theft. The mechanics is based on malicious software or advanced phishing that infects your phone.

Everything starts innocently – with a false text message for an underpayment for electricity, a link to tracking a package or an attractive offer on social media. Clicking on the link leads to a website that resembles a bank website, a courier company or an online store. There you are asked to install a “new version of the application” or enter data. In fact, you install on your telephone overlay malware. It becomes the key to your money. From this point on, the cheater has a tool to swap the payment confirmation screen in your banking application.

Step by step: An attack script that could cost you savings

To full realize the threat, let's analyse a typical attack scenario. It is thought out to put the victim's alertness to sleep and usage its haste or distraction. The full process can take only a fewer twelve seconds, and its effects can be disastrous for the home budget.

Here's how the attack goes:

• Step 1: Infection. You receive a message (SMS, Messenger, email) with a link. After clicking it, you install a malicious application or grant dangerous permissions on a fake page.
• Stage 2: Code theft. At any point (e.g. during false “verification” on the infected page) you are asked to enter the BLIK code, allegedly to confirm the identity or pay the symbolic amount of PLN 1.
• Step 3: Take control. erstwhile you enter a code, the cheater at the same time initiates a transaction on his device for a much higher amount, e.g. payment PLN 2000 from the ATM or buying in an online shop.
• Step 4: False confirmation. There is simply a request on your telephone to confirm the transaction in the banking application. And here's the key thing: overlay malware imposes on the real screen confirmation of its fake board. You can see on it the information "confirm verification" or "Approval charge 1 PLN", while in the background there is simply a real order to approve the transaction for PLN 2000.
• Step 5: Losing money. You click “Confirm” reasoning you are authorizing a symbolic amount. In fact, you give the green light to steal. Money disappears from your account in seconds.

Who's on target? Experts warn: everyone is at risk

It is simply a mistake to think that specified fraud is directed exclusively at the aged or little acquainted with technology. On the contrary, criminals aim at a wide scope of audiences, hoping for haste and routine. The individual who does respective BLIC transactions a day can mechanically approve another, without looking at the details – and that is what frauds number for. CERT Poland regularly warns before phishing campaigns, which constitute the first step towards specified attacks.

The threat is exacerbated by the fact that false confirmation screens are prepared very carefully and can be almost indistinguishable from the original. They usage bank logos and standard communications. The key origin here is Social engineering – cheaters make time pressures (e.g. “Your package will be returned if you don’t pay 1 PLN in 5 minutes”), which leads to fast and unthinkable action. In fact, all active mobile banking user is at risk.

How do you defend yourself from a fresh method of fraud? Key safety rules

Although the fresh method is dangerous, we are not susceptible to it. Applying respective fundamental principles of cybersecurity can effectively minimize the hazard of money loss. The most crucial thing is awareness and making habits that will become your first line of defense.

These are the most crucial steps you request to take to defend your finances:

• Always verify the amount in the bank application. It's absolutely crucial. Regardless of what you see on the website, the final, real confirmation screen in the banking application always shows the real amount of the transaction. Take an extra 2 seconds to make certain the amount agrees.
• Don't click on any suspicious links. Never open links from unexpected text messages or emails about surcharges, shipments or wins. Always log in to the service supplier pages by entering the address manually in your browser.
• Install applications only from authoritative sources. usage only Google Play and Apple App Store. Avoid installing applications from unknown .apk files.
• Read application permissions. Before installing a fresh application, check what permissions it requires. If the flashlight requests access to contacts and text messages, you should have a red light.
• Use the antivirus software. A good antivirus program on your smartphone can detect and block malware before it can origin damage.

Remember, in the digital planet The best defence is your vigilance. The scammers are based on rush and deficiency of attention. Slowing down and careful checking of each BLIC transaction is the easiest and most effective way not to become another victim.