
Cybersecurity data concerning Poles is alarming. Millions fall victim to online scammers, clicking suspicious links and sharing sensitive data. The CERT Orange Polska report highlights the scale of this phenomenon.
Phishing Takes the Lead
The most popular method of online fraud remains phishing. Cybercriminals create fake websites or emails that closely mimic those of well-known companies or institutions. Their goal is to steal personal data, credit card information, or login credentials for online banking by tricking users into downloading malicious files or clicking on links to fake websites.
In 2023, CERT Orange Polska`s security systems blocked over 360,000 fake websites, and around 5.5 million Poles clicked links leading to them. Victims lost money, personal data, and even control over their online accounts.
This marks a significant shift over the past decade. In 2014, spam - unwanted messages cluttering inboxes - was the top threat with around a 40% share, while phishing accounted for just 1% of incidents recorded by CERT Orange Polska.
- "Today, the leader is multi-vector, advanced phishing targeting both users and companies, which accounted for over 44% of reports last year," says Robert Grabowski, head of CERT Orange Polska, quoted by Newseria Biznes. - "As an operator aware of these threats, we aim to block them before users even encounter them. We do this at the network level, using CyberShield."
Social Engineering, Malvertising, and DDoS Tsunami
According to the CERT report, social engineering plays an increasingly prominent role in attacks, as cybercriminals use ever more sophisticated methods to manipulate network users.
- In 2023, scammers created over 360,000 fake websites.
- A staggering 5.5 million Poles fell victim to them.
In addition to phishing, malvertising - ads with links to malicious sites - has gained popularity. In 2023, CERT Orange Polska’s security systems blocked three times as many such sites as the previous year.
CERT Orange Polska experts point to other growing threats:
- Fake investments: Scammers lure victims with promises of quick profits, encouraging them to invest in fictitious ventures.
- Fake payment links: Cybercriminals send emails or SMS messages with links to supposedly secure payment sites where victims enter credit card details.
- Buyer scams: On auction and shopping platforms, scammers send fake messages asking for deposits or credit card details.
- Spyware: Malicious software that steals confidential data from infected devices.
- DDoS attacks: Cybercriminals attempt to paralyze websites or online services by flooding them with network traffic.

- "The number of attacks exceeding 10 Gbps has doubled (from 3.8% to 7.7%), as has the number of attacks with the smallest volume - below 0.2 Gbps (from 24.3% to 40.8%). The record-breaking 93 Gbps attack in 2014 would barely raise an eyebrow today (attacks over 100 Gbps are now routine). Last year`s record hit 543 Gbps, nearly six times stronger than a decade ago," explains Robert Grabowski, quoted by Newseria. - "We’re also seeing much more advanced attacks that are harder to defend against, such as carpet bombing, which targets entire address blocks rather than single addresses, and complex attacks like Web DDoS Tsunami."
How to Protect Yourself
To guard against cybercriminals, vigilance and caution online are essential:
- Avoid clicking suspicious links: Even if an email or SMS looks legitimate, check the sender`s address and the link`s content before clicking.
- Do not provide personal information on unfamiliar websites: Websites where you share personal data should use HTTPS protocol and have SSL certificates.
- Use strong passwords: Passwords should be unique, at least 12 characters long, and include lowercase and uppercase letters, numbers, and special symbols.
- Use antivirus software: Regularly updated antivirus software can protect against malicious software.
- Familiarize yourself with online security practices: Websites like CERT Orange Polska and other cybersecurity organizations offer valuable information and tips.
- "Last year saw critical vulnerabilities in security devices and access solutions, and that trend will continue. We`ve moved a large portion of our work into the digital realm, enabling hybrid or fully remote work, which is now a primary medium for accessing companies," explains Robert Grabowski. - "For cybercriminals, discovering such vulnerabilities is a prime opportunity, and they will continue to exploit and attack these solutions."
COMMERCIAL BREAK
New articles in section Law in media
Dietary supplement ads in Poland. Who keeps influencers in check?
Newseria, KFi
One in three Polish internet users considers influencer recommendations when deciding on medicines and dietary supplements. Although promotion of such products is regulated, there are still cases of advertising that skirt the law.
SEO Poisoning. Hackers Use Search Engines to Target Businesses
Piotr Rozmiarek
Search engines help us quickly find information, but they can also be used by cybercriminals. SEO poisoning is a tactic where attackers manipulate search engine rankings to place harmful websites at the top of search results.
Phishing in the Cryptocurrency Industry. Fake Recruitments Steal Data
Piotr Rozmiarek
Security researchers have detected a social engineering campaign targeting job seekers in the Web3 industry. The attack aims to conduct fake job interviews via a meeting application that installs information-stealing malware.
See articles on a similar topic:
Cyber Attack on a Corporate Smartphone. How to Protect Yourself
KrzysztoF
Internet-connected mobile devices are an attractive target for cybercriminals. The key to protecting sensitive business data is employee awareness, hardware solutions, and appropriate software. This mini-guide provides a quick overview of how to protect each of these areas.
Hate in the Polish Internet. IRCenter Study
Krzysztof Fiedorek
The proportion of hate speech victims is inversely proportional to the age of internet users. The study authors point out that this is directly influenced by the fact that older generations are instilled with the principles of respectful discussion and use the internet less frequently.
Illusory Security. Small and Medium Enterprises Easy Targets for Cybercrime
KF
35% of micro, small, and medium enterprises (SMEs) fear the theft of their employees' personal data. This comes from research conducted on behalf of ChronPESEL.pl and the National Debt Register of Poland.
Data for Benefits: What Encourages Sharing Personal Information Online
Krzysztof Fiedorek
Most Poles are aware of the value of their personal data and do not share it without reason. However, one in five is willing to share data in exchange for benefits, and 16% of us do not remember if we have done so. These are the results of a study conducted by ChronPESEL.pl and the National Debt Register under the patronage of the UODO.