DISCLAIMER: The solutions presented on this page are the property of ACME LABS Sp. z o.o. and are subject to legal protection in Poland and abroad, on the basis of intellectual and industrial property rights.

NEWS&MEDIA


eZNACZEK is the Cure for Spoofing!

Ju? jaki? czas temu informowali?my Was o g?o?nych atakach spoofingowych, kte na jaki? czas sta?y si? jednym z g?ównych tematów w mediach tradycyjnych oraz internetowych pojawiaj?cym si? od wiadomo?ci po programy ?niadaniowe a? do publikacji i wpisów na portalach. W artyku?ach i reporta?ach pada?y g?o?ne nazwiska osób na wysoko postawionych stanowiskach, a w tle panowa?a atmosfera grozy: strze?cie si?, pod (telefon) ka?dego z nas mo?na si? podszy?!

But is political reckoning an issue that we really need to be concerned about? Of course, phone calls informing about the death or illness of a close family member are (driven by hate) actions that should be stigmatized. It is unlikely that we will become a victim of such an attack, which does not mean that we are not affected by the problem. Under the mantle of the phone, which makes a hair on its head, there is a scourge of spoofing, which can also affect our bank accounts, savings and the phishing of sensitive personal data - we must not forget about it! Why? Because spoofing is not only about impersonating the phone numbers of famous people, and attacks on "famous people" are simply the use of methods and tools that have been used by fraudsters for a long time in attacks that each of us can become a victim of. And no one wants to protect us from these attacks. How is this possible?

Cybercriminals not only pretend to be consultants from mBank and ING Bank Śląski, Bank Millennium or PKO BP, but also pretend to be employees of institutions and companies such as Zakład Ubezpieczeń Społecznych, BLIK, CBA, Allegro, OLX and many others. And they make calls to us using the numbers we know and identify as trusted. For this reason, these phones put the customer against the wall - and fraudsters, for example, threaten with an attack on the account and the loss of funds, extort access and steal money from the account without leaving a trace. If, for fear, we become a victim of such an attack, then if we stand up as a customer in a duel with a supplier - e.g. a bank, we have a poor chance of winning the case. All we can count on is when we hear that we should be careful. And why did we provide data when a fraudster spoke to us? It is in vain to explain here that the methods of cyber fraud are becoming more and more advanced ... and thanks to the lack of action on the part of our provider (e.g. a bank), we did not have access to a tool that would allow us to identify the caller as a fraudster. We can only tell you that it doesn't have to be that way. How to change it?

Our goal is to protect every bank and savings account - not only corporate but also individual, as well as each of your relationships with your supplier - a financial institution, telecom or utility supplier. The implementation of the eZNACZEK as an additional security for your communication with your suppliers will not only give you a sense of security, but will actually protect you against potential network attacks and will drastically reduce their number. What's more, the eZNACZEK is a tool that will reduce the risk of becoming a victim of spoofing. The eZNACZEK is an additional layer of security, protected by a patent - it is currently the only such solution on the market. 

And we want to share this pride and effectiveness with you - so if you are interested in implementing eZNACZEK in your company and ensuring security for your clients, contact us. If your service / media provider does not provide you with the option of using the eZNACZEK - ask him about our solution. Also ask him if and how he protects telephone and electronic communication with you.

eZNACZEK supports The Great Orchestra of Christmas Charity

We will win! This is how the thanks for winning the bid for the final of the Great Orchestra of Christmas Charity in 2021 begin. By supporting the Great Orchestra of Christmas Charity, we win much more than just the auction! 😉

Podczas ostatniego fina?u WO?P, eZNACZEK (czyli ACME LABS Sp. z o.o.) na emocjonuj?cej aukcji wylicytowa? spinki do mankietów, przekazane na potrzeby WO?P przez Przemys?awa Gda?skiego, Prezesa Zarz?du BNP Paribas Bank Polska S.A.

For all those who also hunted for them - keep your head up. The cufflinks auctioned by eZNACZEK will return to the auction pool of the Great Orchestra of Christmas Charity in the final in 2022, and as you have certainly noticed in the photos attached - the cufflinks and the Great Orchestra of Christmas Charity certificate were signed by President Przemysław Gdański.

Mr. President - thank you!

We encourage you to participate in the next auction!

eZNACZEK Team.

Cybersecurity while on vacation - how to stay alert and don't get fooled! Part 1: what not to do before the going on vacation.

Powoli zapominamy o obostrzeniach i zaczynamy planowa? wakacyjne wyjazdy – przegl?damy strony w poszukiwaniu korzystnych ofert, wspólnie z rodzin? omawiamy plany i destynacje i oczami wyobra?ni widzimy, jak w ko?cu po ca?ym roku zawirowa? zwi?zanych z pandemi? – odpoczniemy!

Sounds like a perfect script, right? There is also another side for which this is a fairy-tale-like plan: for a thief who lurks for a moment of your inattention or dormant vigilance. Today we will present what you should be careful about when planning your next summer trip and what are the risks that await us when booking the desired vacation.

ATTRACTIVE OFFER - always carefully check the sender's e-mail address, the address of the website to which the offer is directed and the website domain. Often, very attractive offers are labeled with a 'post-pandemic' tag and the offers can be used as part of a phishing scenario. It is best to check the information obtained in the message in another source - e.g. on the website of the travel agency. Phishig is still the method of online theft that will be particularly popular in 2021. Our vigilance is dormant after the pandemic: an extremely cheap offer on attractive terms can be easily justified by the desire to return the tourism industry to the pre-pandemic era. That is why you absolutely need to take additional security measures.

QUICK PAYMENT - you have booked your accommodation and now it's time to book your flight and rent a car! Only the last money transfer and you think you got it all... or... something you have doubts about? Perhaps the website does not look professional, does not have the 'https' in front of the address or is loading suspiciously slow? Contact the travel agency directly and make sure that there is in reality such an offer. Thanks to this, you will be sure that your money will actually reach a safe place and you will have a well-deserved vacation, not trying to unscrew the consequences of falling victim to an internet scam.

Have you had the opportunity to come across holiday, suspiciously attractive offers? Share your experiences with us!

BEWARE OF THE NEXT FRAUD SCENARIO ON OLX

OLX od dawna próbuje ogranicza? skal? oszustw dokonywanych przez fa?szywych kupuj?cych. Próba domkni?cia ekosystemu przez ?przesy?ki OLX? nie zalicza si? chyba do sukcesów portalu. Nie dlatego, ?e to nie jest dobry pomys?, lecz dlatego, i? aktualnie jest to cz?sto wykorzystywany motyw w scenariuszach oszustw maj?cych miejsce na OLX. Ekipie eZNACZKA przytrafi?a si? dzisiaj ciekawa historia.

The message received on WhatsApp arouses curiosity - the phone number +996, which stands for Kyrgyzstan, catches the eye. The first message is from 17:11 local time in Bishkek, hence my assumption that the second troll shift arrived at the work. Or maybe their office is in Bełchatów, Poland? Who knows. They have huge chimneys over there in Bełchatów and maybe you can see Kyrgyzstan from the highest point. Anyway, it just so happens that I currently have two active offers for which the price is exactly 100 PLN, so I would like to know what shall I send to Bishkek. And that there will be a shipment, I am sure after receiving the message below containing an interesting screen, allegedly coming from OLX. Full professional work - even the font fits. I also know that, as is usually the case in this type of fraud - to get money I have to click on a fraudulent link.

The fraudsters are busy today (they must also have sales plans) and I only get the link to "receive payment" after an hour and a half. Now I know which of my offers were chosen by the fraudsters - the season for selling Communion accessories is behind us, but the displayed shoes did not find a buyer and the advertisement was hanging like that until it shall simply expire. The fact that the fraudsters became interested in this offer is another confirmation of the known pattern that they pretend to be interested in "hard-to-go goods". I can also see what interesting domain they used. Buy shoes in Warsaw? Send Bishkek? No problem.

I still have some time to "collect the payment" and will use this time to check if OLX protects sellers from such attacks. I have to admit that OLX website dedicated to helping users is quite extensive and contains a lot of useful information. We can also check whether the received payment link is "real".

Meanwhile, it is 1 am in Bishkek and when asked the fraudsters why I do not have received the payment yet, I do not receive an answer. I can see that the message has not reached the fraudster's device. I will not wait until morning. I'm blocking a contact on WhatsApp. Bye bye Bishkek. Good night.

The fact that I was not fooled is due to the fact that we deal with the subject of communication on a daily basis. But we must realize that many people are victims of such scams. Perhaps at the same time as I am writing this post, they are just losing money from their bank accounts. Why? 

According to research carried out on the Warsaw School of Economics only 4% of Poles frequently read warnings on banks' websites informing about fraud. The OLX security site is also certainly visited by a handful of portal users only. There is no solution that would close the OLX ecosystem, allowing portal users to definitively cut off from external - not authorized by OLX and not controlled within the ecosystem - message carriers and contact between buyers and sellers, which would allow to close communication only within the OLX ecosystem.

An eZNACZEK, which is an additional layer of security, dedicated to increase security of electronic communication, also as part of auction portals and with advertisements, would be perfect for this role. If each OLX user set their own eZNACZEK - they would know that they can take actions related to OLX only when the message they receive contains an eZNACZEK. Being a string of characters or a photo of your favorite granddaughter. A message without an eZNACZEK could end up where it should be - in the trash bin or spam folder.

YOU SHOULDN'T HAVE CLICKED ON IT

Niestety tak brzmi najcz??ciej odpowied?, kiedy poszkodowany dzwoni do podmiotu, od którego uwa?a?, ?e dosta? emaila. A przecie? zgodnie z informacj? umieszczon? na stronie internetowej w zak?adce cyberbezpiecze?stwo dok?adnie literka po literce sprawdzi?e? adres, z którego dosta?e? wiadomo?? mailow?. Wiesz te?, ?e w przypadku du?ych liter musisz sprawdzi?, czy nie jest to zamiana ma?ych liter na inne du?e litery i cyfry. Jeste? w grupie tych 4% osób, które wg raportu SGH czyta informacje i ostrze?enia o zagro?eniach. Okazuje si? jednak, ?e na wiele si? to nie zda?o. Pad?e? ofiar? phishingu. 

Now, all you can do is search for the latest backup files, if you have one, or to recover important documents and family photos, pay a ransom in bitcoin. Do you feel safely now? You think you are looked after by your suppliers? 

Why do suppliers not take responsibility for allowing someone to impersonate them and causing damage to their customers? Those who are most often impersonated by criminals are large companies that have the appropriate infrastructure, human resources and resources to ensure the security of electronic communications for our consumers, most of whom do not have the appropriate expertise. 

eZNACZEK is a solution that allows, among others the financial institutions, telecoms, courier companies and other entities communicating with the client, and enhances security of mass electronic correspondence. Thanks to it, these companies can offer their clients the security and comfort of cooperation in e-mail correspondence.

WHEN IS THE SIM-SWAP-FRAUD OVER?

Gdy zauwa?ysz, ?e Twój telefon nagle milknie i traci dost?p do sieci, a aktualnie nie odpoczywasz na pla?y na Zanzibarze, to natychmiast powiniene? podj?? zdecydowane dzia?ania i skontaktowa? si? ze swoim operatorem telekomunikacyjnym. Ze swoim Bankiem te? nie zaszkodzi. Dlaczego? Nie mo?na wykluczy?, i? sta?e? si? w?a?nie ofiar? SIM-Swap-Fraudu, czyli oszustwa bior?cego swoj? nazw? od nieautoryzowanego dost?pu do duplikatu karty SIM. Twojej karty SIM.

In order for an attack to occur, criminals need to know your phone number, some personal details and the name of the bank where you have your account. It is not difficult to obtain such a set of data, some of them are, among others, on the so-called "white list" of the Ministry of Finance, but we can also unknowingly equip the fraudster with them as a result of a phishing attack. The only thing missing for the fraudster is a false identity document with your data - despite criminal sanctions, it is still not a problem for someone who wants to obtain a collector's ID with your data and a photo of the fraudster.

Having a complete set of information, the fraudsters report to the operator a desire to get a duplicate of your SIM card, and then use the phony card to authorize the transfer of funds from your bank account. In the case of this type of attack, time is of great importance, so we should act quickly so that there is no worst-case scenario, i.e. withdrawing funds from our account. 

Is there a way to protect yourself from these types of attacks? We should protect our data, especially related to logging in to electronic banking, and not share it with anyone. It is also worth getting acquainted with the procedures of contacting the bank and telecom in the event of such a "failure". 

The eZNACZEK is a solution that provides an additional layer to protect your electronic communications, reducing the risk of becoming a victim of phishing. The eZNACZEK is also an additional option to verify the customer's identity in the operator's showroom or bank branch.

If you want to minimize the above mentioned risk, ask your service provider (bank, telecom, media, etc.) to ensure that the messages sent to you are additionally secured and that you can additionally authorize with an eZNACZEK at the point of sale.

DEADLY ATTACHMENTS

90% of malware is sent by cybercriminals as attachments in e-mail, and, as a consequence lack of our attention, can destroy our data and deprive us of money. If we add that 90% of hacker attacks are successful due to human error, then we have a recipe for a fraud scenario. 

Virus scanning mechanisms in place that scan our email are not effective enough to catch all messages containing attachments infected with malware. Our vigilance is dormant when we are dealing with attachments in the known file formats generated in business applications or by data compressing programs, but we are more vigilant when we have to run an executable file - e.g. exe. 

In the case of popular office application files, we do not always take into account that, for example, you can enter the macros. If, after running such a file, the program asks us if we agree to enable macros, then a red light should light up in our head when we are not 100% sure of the origin of the message. Consent may mean running a script that installs malicious software. 

In the case of compressed data archives, i.e. popular ZIP, RAR, 7ZIP and others, the virus is usually activated after unpacking the archive contents. 

Each of the above file types can only pretend to be a format file, or it can simply be a hidden .exe format file. It may happen that you receive an unexpected invoice in PDF format, but its full name that you may not notice is, for example, "Invoice_25 / 04.pdf.exe". After downloading and running such an attachment, which looks like a "regular" PDF, your device is infected with malware. 

There is another threat hidden in PDF files that most of us are not aware of. PDFs have a specific layered nature and therefore are not completely safe as criminals can manipulate the layer of the file we see. A scam using this feature of PDFs is that, for example, we can electronically sign a PDF document, the real content of which is different from the one we see at the time of signing. There are three types of manipulation of the content of such a PDF document: hiding a document layer, replacing it with a modified version, or hiding and replacing it in one. 

As you can see from the above list, our email correspondence is not secure and even if we are careful, we may become the next victim of the attack, as fraudsters keep coming up with new ways and methods of cyber attacks. 

Therefore, it is worth using additional solutions that increase the security of electronic communication. eMARKER (eZNACZEK in Poland) is a solution that gives credibility to the sender of the message and allows you to trust its content. If you use the eMARKER the dilemmas described above regarding popular file types may become a thing of the past. The eMARKER should soon become a good market standard in terms of security, distinguishing messages we receive from trusted sources. 

GODFATHERS OF THE CYBER CRIME

W ?wiecie rzeczywistym mafi? rz?dz? siln? r?k? ojcowie chrzestni. W ?wiecie cyberprzest?pczo?ci takimi ojcami chrzestnymi s? Phishing i Vishing. Dranie jakich ma?o. Nikt im nie mo?e dorówna? w zasi?gu i rozmachu z jakim dzia?aj?. Malware i Ransomware s? ich bezwzgl?dnymi ?o?nierzami ?lepo wykonuj?cymi rozkazy. Na rozkaz szefów wal? gdzie popadnie. Bez zgody Phishingu i Vishingu  wi?kszo?? z przest?pstw cyfrowych nie mog?aby si? powie??. Dlaczego wi?c, wiedz?c kim s? te najpot??niejsze figury w ?wiecie cyberprzest?pczo?ci, do tej pory nie uda?o si? ograniczy? ich wp?ywów? Czy dzieje si? tak dlatego, ?e wiemy kto pada g?ownie ich ofiar?? Ale po kolei.

Each of us is the greatest asset, the most valuable asset - of companies, corporations and institutions. Yes we are their key assets – we, their clients. At least that's what they tell us when advertising their products and services. But are you sure that’s the truth? We use the services of and utilities (gas, electricity, water, television, internet, telephony), provided by institutions (banks, insurance companies) and corporations (postal and courier services), and offices (patent office, tax office, social security office, etc.). We sign contracts. We promise to fulfill our duties with due diligence. We pay for the purchased services and goods. This is our responsibility as a customer, isn’t it? If we do not comply with contracts we are part of, we are threatened with various types of sanctions, that cover most of the text of the contracts that bind us. Also, the tariffs of fees and commissions are also constructed in a way that is not so friendly to us. We pay for foods and services on the basis of the invoices and bills we get.

What shall we do if Phishing and Vishing imitate our suppler? Why are we still responsible for the fact that our supplier has let Phishing and Vishing cheat on us? Do suppliers protect us against Phishing’s and Vishing’s attacks and how they do that? They mostly run social awareness campaigns and post warnings on their websites. Cool. We can feel safe right away. Anyway, the ineffectiveness of this security measures is such that it is not surprising that, according to research conducted at the Warsaw School of Economics, only 4% of bank customers read warnings posted on banking websites.

Campaigns and warnings suggest that in order to verify the sender of the message it is enough to carefully check the address from which we received the message(we know that this "security measure" is easy to get around),or we should check whether the data (e.g. personal) in the invoice attached in the message concern us the and whether attached file is in a safe PDF format. Or, we just have to click the link in the message to go to the supplier's website to log in. Are these really all possible security measures that protect us? Unfortunately, following the above advice may lead us to the fact that in many cases we get something that we did not necessarily expect. We are cheated on. We are mislead by Phishing and Vishing.  

Phishing knows how to do this. So, are these the only possible guidelines for message validation? We often hear that they are effective. Then why do our suppliers organize internal cybersecurity training for their employees? Not that we have a problem with training their own employees. Praise them for that. But the question arises whether the employees of our esteemed suppliers are not able to understand the message that is also directed to us - customers? Do they need a special explanation and knowledge of defense methods against cyber attacks? Is there really logic between social campaigns targeting the masses and the special actions of suppliers towards their employees? Unfortunately, it is not about logic here, but about the fact that the sactions undertaken by the suppliers are mostly aimed at ensuring the security of their own organizations. And Phishing and Vishing know very well how we are secured by our suppliers, and that is why we still may lose our data, savings, dreams and memories (photos, videos). Yes, mostly the individual customers of companies, corporations, institutions and offices, are anonymous victims of Phishing’s and Vishing’s attacks.

Is this supposed to be the way things are? Or maybe it is time to apply new solutions that increase our chances in the fight against Phishing and Vishing? Wouldn't it be safer if each of us would receive messages from suppliers containing a personalized eMARKER, which would be known only to each of us individually. There would be as many eMARKERS as there are clients (of a single suppler). Could Phishing guess our eMARKERs? Wouldn't it be safer if the consultant's phone call would be announced with a message containing information about the willingness to talk, and would also be secured with an eMARKER? Could Vishing be able to find all the eMARKERs?

Would the eMARKER, if used and personalized by each of us to secure communication with our suppliers of goods and services defeat Phishing and Vishing? We will be able to find out when, in accordance with the planned NIS2 EU directive , the entities listed in the directive will be required to apply appropriate security measures to protect communication with us. Most likely, our suppliers will time until end of 2022 to implement measures to comply with the provisions of the NIS2 directive. Shall we wait that long? Maybe not, if one of your suppliers will defeat cybercriminals in cooperation with eMARKER and will offer you greater security of electronic communication. So that we will not say again that "you shouldn’t have clicked that link/file or you should have hung up".    

CONTACT US