Impersonating public institutions and services

In recent months, one pattern has been recurring frequently: impersonating public institutions and services—i.e., trusted sources. These are not sophisticated techniques, but rather the use of a brand that the recipient associates with and does not want to verify further.

For example, the Ministry of Digital Affairs warned against attempts to impersonate mObywatel

in social media advertisements.

CERT/CSIRT NASK also reported on further campaigns impersonating services in the gov.pl domain (e.g., “new session on the device,” “official notification”). This is a good time to remember a simple rule:

Trust in institutions ≠ trust in links

Quick cyber hygiene checklist for teams:

• only open links after verifying the domain and context,
• only install applications from official sources
• Do not provide data/login details after a supposedly “urgent” message.
• Establish a simple procedure within the organization: where to report suspicious messages.
• Practice recognizing phishing patterns (this still pays off big time).

Impersonation as a permanent feature

Remember these simple rules, because they greatly reduce the risk of incidents. Impersonating official domains is a topic that, unfortunately, will come up very often.