Security

Safety first

Protect your data with the
InPost Mobile application

General safety rules

The more passwords,
the better

Do not use the same passwords for e-mail and other services. Using a single password may allow criminals who steal it from one page to use it to log into other services.

Send intelligently

When sending files in the form of an attachment try to (depending on their privacy level) protect them with a password. Send the password in a separate e-mail or text message.

Always lock your phone
and computer

Remember that an unlocked device is easy prey for cyber-criminals. If you can, encrypt your computer and phone with a special program. This is an additional protection for your devices.

Think twice before opening an attachment

Attachments sent by cyber-criminals contain viruses and other programs that can infect your equipment.

High level privacy

You will increase your level of security if you change the privacy settings of your web browser to more "aggressive".

Install mobile applications only
from official stores

Cyber-criminals trick victims into downloading unauthorized applications to steal data, photos, and money.

Do not send company files to a private email address

By sending files in this way, you increase the risk that corporate documents and files will fall into the wrong hands.

Anti-virus software is a must

The software will protect your device against viruses.

Always check where you enter your password

Cyber-criminals create fake websites to steal passwords.

Remember to make backups

Backups are most useful when you lose your data unexpectedly. To do this use paid services, or a portable drive or similar device. Before sending a copy of your data to the cloud, protect it with a password.

Create strong passwords that are difficult to crack

Change passwords regularly. Passwords should not refer to your personal data, e.g. name, surname, or date of birth. Do not use the same password for different services. A secure password should have a minimum of 9 characters, contain upper-case and lower-case letters, a minimum of 1 special character and 1 digit.

Updates are vital

Make sure to regularly update your operating system, anti-virus (including anti-malware and anti-spyware) software, and firewalls.

Cyber-crime

These are all the issues that relate to Internet crime.

Phishing

This is one of the most common and popular methods of deception that cyber-criminals use. Phising consists in criminals impersonating a particular institution to obtain valuable and confidential information. These could be, for instance, passwords, logins, personal data, or bank account and credit card details.

One form of phising is the so-called SMS phising (smishing), which consists in sending text messages to induce the device user to take a specific action. Phishing messages always contain a link to a fake website, where an oblivious user provides criminals with their login and password.

Spoofing

A method of internet fraud based on impersonation of a specific entity (a piece of software or another Internet user) in order to extort sensitive data, such as access to bank accounts. There are several types of spoofing: IP address spoofing, email spoofing, DMS spoofing, and caller information spoofing.

Spoofing is a relatively cheap operation that can be performed by anyone with basic IT knowledge. Own SMS gateway, fake domain, or use of technology give criminals almost unlimited possibilities of acting and extorting funds.

Malware

This is malicious software sent as an attachment, with the purpose of gaining access to your device. You should be especially careful about malware varieties such as: spyware, rootkits, Trojans, and keyloggers. Malware usually gets into your device via email. Therefore, under no circumstances should you download any attachments that you are not sure have come from an authentic and proven source.

Ransomware

A type of malware, which completely blocks access to the computer's operating system. Criminals usually demand a lot of money for unlocking the device. Ransomware can infect your computer via email or website, and the best specialists in such attacks not only encrypt the system, but also individual files and folders on your computer. This is why data backups are so important. Under no circumstances should the criminal's financial demands be met - the situation must be reported to law enforcement as soon as possible.

We recommend increased attention and caution in providing your data or "clicking"
suspicious messages. If you notice suspicious incidents, please report them to:

Learn about InPost security rules

Text messages

Check how to protect yourself against fake text messages.

Check

E-mail messages

Check how to protect yourself against fake e-mail messages.

Check

Applications

Check how to protect your applications.

Check

Devices

Check how to protect your devices.

Check

Text messages

  • Watch out for fake text messages.
    Please be advised that InPost never sends text messages with information about surcharges. All billing information appears only in the Parcel Manager or on the invoice.
  • Watch out for messages that require you to send a paid SMS to "download shipment information"
    Sending the text messages charges a fee that goes to the fraudsters' account.
  • If the message seems suspicious to you, check it at the source, i.e. the company that sent the message.
    Call, write, or ask directly. Never dial the phone number provided in such an email or text message, and instead go to the website of the company that sent the text message or email and use the contact details provided on the website.
Danger sms

E-mail messages

  • Make sure there is no typo in the email address.
    Criminals send dangerous emails from fake but similar-sounding addresses, such as @intops.pl, @impost.pl or @inpost-eu.pl. E-mails sent by cyber-criminals differ from the originals mainly in spelling, strange, suspicious addresses and attachments.
  • Real InPost notification emails never contain any attachments!
    If you receive a message with an attachment, under no circumstances open the file (usually with the extension .doc, .txt, or .pdf). In addition, the phrase list przewozowy ("waybill") often appears in the content of infected messages, which we never use.
  • Watch out for messages that require you to send a paid SMS to "download shipment information".
    Sending the text messages charges a fee that goes to the fraudsters' account.
Danger mail

Applications

  • Only download applications from a legal, authorized source.
    Use common sense when using apps on your smartphone. You can download our InPost Mobile application (the best way to track shipments) - depending on the operating system you have - here:
    Google Play
    App Store
    Huawei AppGallery
  • Secure access to your applications.
    Protect your phone with a password or PIN (but not something like 1234, 9876) or use a fingerprint lock. Secure your computer with a password, you can also password-protect your hard drive.
  • Remember to install updates, because they improve phone and application security.
    Make sure they are always installed.

Devices

  • Watch out for public WiFi networks.
    The name of the network may be similar to the place where you are (e.g. "SafeShoppingMallNetwork"), but this does not necessarily mean that it is a network issued by the facility manager. The golden rule is: if you really don't have to, don't use it. It is much better to use a hotspot shared from your smartphone for work or entertainment on the go.
  • Carefully verify the web addresses of websites that you visit from your device. A correct web address should have the HTTPS protocol, i.e. https://.
  • Do not connect accidentally found external drives or other USB storage devices to your computer.
    You never know if they are safe or whether they are carrying a virus. It is best to check such media on an old computer without internet connection or at a computer service shop.

Read current safety messages

2021.04.21

Be careful when selling on-line! Criminals will forge Parcel Locker shipping labels to steal sensitive data and the valuable items you are selling. Please only use shipping solutions offered by marketplaces or the tried and tested Quick Send service or the label-less shipment service in the InPost Mobile app.

2020.03.04

Watch out for new phishing attacks! Cybercriminals are once more pretending to be InPost and sending fake text messages in which they urge you to download an infected application. Please be especially careful - download InPost Mobile only from the official Google Play, AppStore, and Huawei AppGallery stores. We would like to remind you about the email address bezpieczenstwo@paczkomaty.pl, where you can report all suspicious messages.

2020.01.25

We have observed dangerous phishing attacks - cybercriminals are once again trying to impersonate InPost. Pay particular attention to fake text or e-mail messages in which criminals urge you to pay extra for a larger parcel or to download the application in order to pick up the parcel. We would like to remind you about the email address bezpieczenstwo@paczkomaty.pl, where you can report all suspicious messages.

2021.01.11

We are seeing more attacks by cybercriminals!
Criminals are yet again trying to impersonate InPost and send you dangerous text messages, in which they direct you to a fake website for a parcel pick-up code. Clicking on the link takes the user to a fake store page and installs malware that takes complete control of the mobile device. Once again, we urge you not to click on this dangerous link!

2020.12.21

Beware of a fake InPost Mobile app!
Watch out for an infected link to a fake Google Play Store! Cybercriminals are sending out dangerous text messages with a link to download a fake InPost Mobile app from the Google Play Store. The infected website is confusingly similar to the official site of our app. Once again, we urge you not to click on this dangerous link!

2020.12.18

Watch out for fake text messages!
Cybercriminals are once again sending dangerous text messages and pretending to be InPost - in the text messages they inform you about your parcel being transferred to a warehouse because it is too large and prompting you to pay a fee. We would like to remind you that InPost never sends text messages with a request for a surcharge for your package exceeding maximum size! Please be careful.

2020.11.24

More phishing attacks!
Text messages informing you that a package has been held up and prompting you to pay a fee for its release. Fraudsters are once again - this time taking advantage of the difficult situation in the country caused by the pandemic - impersonating InPost and informing our customers in text messages that their parcels have been held up and demanding an extra fee for its release. Please be advised that InPost never holds up the delivery of shipments due to lack of disinfection or insurance. Be careful!

2020.11.12

Watch out for a new type of phishing attack!
Yet again, conmen are impersonating InPost, this time taking advantage of the difficult situation created by the pandemic. They are sending out text messages asking people to pay for the disinfection of their package by clicking on a link. We hereby inform that InPost never impounds packages because they have not been disinfected or insured. Be careful!

2020.10.28

Customers, watch out for phishing attacks!
Fraudsters are once again impersonating InPost and sending text messages demanding on-line payment for a shipment that has been held up. Please be advised that InPost never holds up the delivery of parcels which are "overweight" and does not require additional charges from customers via a link included in a text message. Watch out for fake text messages!

2020.09.18

Customers, watch out for phishing attacks!
We are receiving information about more scammers pretending to be InPost. This time, the criminals ask you to download our application in order to receive a parcel pick-up code. Let us remind you: InPost never sends links to download pick-up codes - we always send them directly via email, text message, or the InPost Mobile application. Do not click on the link received in the message!

2020.09.09

Warning! We have found out about new dangerous phishing attacks. Cybercriminals trying to impersonate InPost and sending dangerous messages with a link to download or update applications from a fake domain. Under no circumstances should you click on the link you receive in these text messages - it may lead to infecting your phone with malware. Let us remind you: InPost NEVER makes the receipt of a pick-up code conditional on downloading an InPost Mobile update. Remember to download InPost Mobile only from official stores: Google Play, App Store, and Huawei AppGallery.

2020.08.26

Watch out for dangerous messages!
We are seeing new dangerous phishing attacks. We must remind you: InPost never sends a message with a request to provide a delivery address and does not ask you to download the application in order to speed up the delivery of a shipment! Additionally, we never hold up deliveries of parcels until the address is confirmed - it has nothing to do with security procedures.

2020.07.24

In connection with the recent text message phishing attacks, we would like to remind you that InPost never sends a message asking you to generate a pick-up code by clicking on a link! Also pay attention to the sender of the message - InPost never sends messages with a sender's name such as IN4921PL or similar. Clicking on the link in the message may infect your phone with malware.

2020.06.23

Watch out for dangerous text messages with a link to download or update the application from a fake domain. InPost NEVER makes the receipt of a pick-up code conditional on downloading an InPost Mobile update. Under no circumstances should you click on the link received in these text messages. Remember to download InPost Mobile only from official stores: Google Play, App Store, and Huawei AppGallery.

2020.06.02

Watch out for fake messages!
In connection with the increasingly frequent SMS phishing attacks, in which cybercriminals pretend to be InPost and send dangerous links to download the application, we would like to remind you that we never send messages with addresses pointing to .com domains. Clicking on the link in the message may infect your phone with malware. Please be advised that the InPost Mobile application should be installed only from official sources, i.e. Google Play and App Store.

2020.03.26

Beware of fake phishing emails!
A new wave of fake messages has appeared in which cyber-criminals impersonate InPost, informing customers about surcharges for shipments, caused by their disinfection. Please be careful and remember that InPost never sends text messages with information about surcharges! Clicking on the link threatens to infect your phone with malware. We would also like to inform you that we do not send any information to verify shipments due to the coronavirus threat.

2020.03.21

WARNING! Cyber-criminals once again try to impersonate InPost. They send text messages informing about the possibility of tracking shipments via a mobile application with a link to a malicious domain attached. Clicking on the link threatens to infect your phone with malware. InPost NEVER sends text messages with links to websites outside the inpost.pl domain. We remind you that for your own safety you should only install software from the official sources - Google Play, App Store and Huawei AppGallery. If you have installed the application from another source, you should immediately restore your phone to its factory settings. We would also like to inform you that we do not send any information to verify shipments due to the coronavirus threat