Fake ads increasingly do not look like obvious scams. Instead, they rely on well-known services, familiar visuals and official language. That is why campaigns impersonating mObywatel are so dangerous. The Polish Ministry of Digital Affairs warned that social media platforms were displaying ads that used the image of this service. As a result, users were redirected to dangerous websites. In its statement, the ministry explained that such websites were stealing data, including PESEL numbers and online banking login credentials.
The mechanism is simple, yet very effective. First, a familiar name appears and builds trust. Then the user sees an ad or a sponsored message. After that, the user lands on a website that looks like the real service. In reality, however, the page is designed to steal data or money. The Ministry of Digital Affairs also described a version of the campaign involving a fake mObywatel 3.0 app. In that case, fraudsters claimed that the app could help users earn money. The ministry made it clear that this was a scam attempt. At the same time, it reminded users that the official name of the current app is mObywatel 2.0.
These attacks show that the threat is no longer limited to suspicious emails or poorly written text messages. More and more often, the entry point is a paid ad on a major social media platform. According to CERT Polska, fraudsters regularly use ads on popular platforms to drive users to malicious websites. Because of that, reporting such campaigns helps reduce the scale of the threat.
For this reason, it is worth adopting a few simple rules. First of all, do not install apps from ads. Instead, always download apps only from official stores and official channels. Also, do not click on messages about an “urgent verification” or a “data update” if they appear in a sponsored post. In addition, it is a good idea to set up one internal channel for reporting suspicious ads and links. This shortens reaction time and lowers the risk of a wrong decision by an employee. In this area, the recommendations from the Ministry of Digital Affairs and CERT Polska are consistent. The best protection is still caution, combined with source verification.
The danger does not end with the ad itself. In many cases, the key step in the scam is entering a website that only pretends to be a government service. CERT Polska has described phishing campaigns impersonating services in the gov.pl domain. In those campaigns, criminals used messages and fake websites to persuade victims to make contact or install malicious software. Therefore, users should not only assess the message itself. They should also check the web address and the domain carefully.
In practice, this means one thing. Cybersecurity does not begin only when an incident happens. Instead, it starts earlier, with everyday habits and simple procedures. That is why it is worth regularly refreshing the rules for spotting fake domains and suspicious messages. It is also worth reporting ads that raise doubts as quickly as possible. If you want to see more analyses and threat scenarios like this, visit the Knowledge section on the ADQ website. You can also explore the Industries section, where we present cyber risks in specific business environments.
