Biznes Fakty
PIT settlements for 2024. Cybercriminals are taking advantage of the hectic period
The increasing acceptance of electronic tax settlements through „Your e-PIT” is being ruthlessly exploited by cybercriminals, as highlighted by a study from the ChronPESEL.pl website and the National Debt Register. Scammers are posing as tax offices, the Ministry of Finance, or the National Revenue Administration, claiming to facilitate refunds for overpaid taxes. „Their objective is to acquire millions of PESEL numbers,” caution the report’s authors.
Cybercriminals are employing the most prevalent fraud tactic: phishing.
„This method involves masquerading as trusted individuals or organizations through deceptive emails, text messages, or websites. Their aim is to extract sensitive information necessary for stealing funds from bank accounts or securing loans in the victim’s name. In 2024, CERT Polska recorded more than 40,000 phishing-related incidents, accounting for 39 percent of all reported violations,” the report states.
How scammers operate
The report’s authors emphasize that many individuals are currently eagerly anticipating a refund for their tax overpayment.
„Cybercriminals are capitalizing on this situation, hoping to catch us off guard in our eagerness. Consequently, instead of celebrating the arrival of extra funds, we could find our bank accounts completely drained of savings. This is particularly concerning as fraudsters are highly strategic, sending fake emails to millions of Poles, impersonating the tax office and notifying them about a PIT overpayment,” the authors note.
– They then request confirmation of identification details and bank account information for transferring funds via a link embedded in the message. Should we click on this link and fall for the deceitful scheme, we would be providing the fraudsters with a complete set of information required to steal our identity. This enables them to easily gain access to online banking credentials and withdraw funds from the account, or obtain the PESEL number necessary for incurring financial obligations against our account, explains Bartłomiej Drozd, an expert from the ChronPESEL.pl website.
„However, the tactics used by fraudsters do not stop there. Cybercriminals also impersonate the Ministry of Finance and the National Revenue Administration. To achieve this, they create counterfeit websites that closely resemble the official sites of these entities. Consequently, distinguishing between them at first glance is quite challenging. This represents another method for tricking individuals into revealing personal data under the guise of accessing a PIT overpayment,” the report highlights.
The extent of the threat
The study indicates that 18% of Poles have encountered attempts to extract personal data, with a successful theft occurring in 5% of those cases. Additionally, 7% of respondents report experiencing both an attempt at extortion and actual identity theft. This implies that nearly one in three PESEL numbers has either already been compromised or is on the verge of being accessed by cybercriminals.
„Nonetheless, the true scale of the threat is likely much larger. Only 11 percent of Poles who experienced personal data theft reported the incident to law enforcement or CERT Polska. This lack of reporting only serves to embolden cybercriminals further,” the report’s authors emphasize.
What you must avoid
– To prevent falling victim to fraud, one should never click on links or open attachments in dubious tax refund messages. Tax offices, the Ministry of Finance, and the National Revenue Administration do not send emails asking taxpayers to verify their PIT declarations or urging them to confirm their accounts for fund transfers using online banking, states Bartłomiej Drozd.
„Moreover, it is essential to carefully check whether the website address in your browser matches the official site of the tax office, the Ministry of Finance, or the National Revenue Administration. If it does not, you should absolutely refrain from providing any personal information, including your PESEL number, bank account details, e-Tax Office login, or e-Tax Office application PIN. If you have any doubts, it is advisable to contact the office directly or clarify the situation through the KAS hotline,” experts advise.
