Protect your data with the
InPost Mobile application
General safety rules
These are all the issues that relate to Internet crime.
This is one of the most common and popular methods of deception that cyber-criminals use. Phising consists in criminals impersonating a particular institution to obtain valuable and confidential information. These could be, for instance, passwords, logins, personal data, or bank account and credit card details.
One form of phising is the so-called SMS phising (smishing), which consists in sending text messages to induce the device user to take a specific action. Phishing messages always contain a link to a fake website, where an oblivious user provides criminals with their login and password.
Phising attacks rely on emotions. The use of known social engineering techniques makes it very difficult to defend against such crimes. Watch out for attacks using the infamous 'friend method'.
A method of internet fraud based on impersonation of a specific entity (a piece of software or another Internet user) in order to extort sensitive data, such as access to bank accounts. There are several types of spoofing: IP address spoofing, email spoofing, DMS spoofing, and caller information spoofing.
Spoofing is a relatively cheap operation that can be performed by anyone with basic IT knowledge. Own SMS gateway, fake domain, or use of technology give criminals almost unlimited possibilities of acting and extorting funds.
On the website haveibeenpwned.com you can, by entering your email address, check if your data has leaked from other websites and is not in the possession of hackers. It is safe to use the site.
Malware gets into victims' devices most often via phising emails. An attachment to such an email contains a dangerous file, usually pretending to be a .zip or .doc file, but it can also be disguised as other files in a different formats.
The effects of a ransomware attacks are huge. The amounts demanded by hackers for unlocking access to the device reach thousands of dollars. A ransom demand for not disclosing the victim's private data is an increasingly popular form of this attack.
We recommend increased attention and caution in providing your data or "clicking"
suspicious messages. If you notice suspicious incidents, please report them to:
Learn about InPost security rules
- Watch out for fake text messages.
Please be advised that InPost never sends text messages with information about surcharges. All billing information appears only in the Parcel Manager or on the invoice.
- Watch out for messages that require you to send a paid SMS to "download shipment information"
Sending the text messages charges a fee that goes to the fraudsters' account.
- If the message seems suspicious to you, check it at the source, i.e. the company that sent the message.
Call, write, or ask directly. Never dial the phone number provided in such an email or text message, and instead go to the website of the company that sent the text message or email and use the contact details provided on the website.
- Make sure there is no typo in the email address.
Criminals send dangerous emails from fake but similar-sounding addresses, such as @intops.pl, @impost.pl or @inpost-eu.pl. E-mails sent by cyber-criminals differ from the originals mainly in spelling, strange, suspicious addresses and attachments.
- Real InPost notification emails never contain any attachments!
If you receive a message with an attachment, under no circumstances open the file (usually with the extension .doc, .txt, or .pdf). In addition, the phrase list przewozowy ("waybill") often appears in the content of infected messages, which we never use.
- Watch out for messages that require you to send a paid SMS to "download shipment information".
Sending the text messages charges a fee that goes to the fraudsters' account.
- Only download applications from a legal, authorized source.
Use common sense when using apps on your smartphone. You can download our InPost Mobile application (the best way to track shipments) - depending on the operating system you have - here:
- Secure access to your applications.
Protect your phone with a password or PIN (but not something like 1234, 9876) or use a fingerprint lock. Secure your computer with a password, you can also password-protect your hard drive.
- Remember to install updates, because they improve phone and application security.
Make sure they are always installed.
- Watch out for public WiFi networks.
The name of the network may be similar to the place where you are (e.g. "SafeShoppingMallNetwork"), but this does not necessarily mean that it is a network issued by the facility manager. The golden rule is: if you really don't have to, don't use it. It is much better to use a hotspot shared from your smartphone for work or entertainment on the go.
- Carefully verify the web addresses of websites that you visit from your device. A correct web address should have the HTTPS protocol, i.e. https://.
- Do not connect accidentally found external drives or other USB storage devices to your computer.
You never know if they are safe or whether they are carrying a virus. It is best to check such media on an old computer without internet connection or at a computer service shop.
Read current safety messages
Be careful when selling on-line! Criminals will forge Parcel Locker shipping labels to steal sensitive data and the valuable items you are selling. Please only use shipping solutions offered by marketplaces or the tried and tested Quick Send service or the label-less shipment service in the InPost Mobile app.
Watch out for new phishing attacks! Cybercriminals are once more pretending to be InPost and sending fake text messages in which they urge you to download an infected application. Please be especially careful - download InPost Mobile only from the official Google Play, AppStore, and Huawei AppGallery stores. We would like to remind you about the email address firstname.lastname@example.org, where you can report all suspicious messages.
We have observed dangerous phishing attacks - cybercriminals are once again trying to impersonate InPost. Pay particular attention to fake text or e-mail messages in which criminals urge you to pay extra for a larger parcel or to download the application in order to pick up the parcel. We would like to remind you about the email address email@example.com, where you can report all suspicious messages.
We are seeing more attacks by cybercriminals!
Criminals are yet again trying to impersonate InPost and send you dangerous text messages, in which they direct you to a fake website for a parcel pick-up code. Clicking on the link takes the user to a fake store page and installs malware that takes complete control of the mobile device. Once again, we urge you not to click on this dangerous link!
Beware of a fake InPost Mobile app!
Watch out for an infected link to a fake Google Play Store! Cybercriminals are sending out dangerous text messages with a link to download a fake InPost Mobile app from the Google Play Store. The infected website is confusingly similar to the official site of our app. Once again, we urge you not to click on this dangerous link!
Watch out for fake text messages!
Cybercriminals are once again sending dangerous text messages and pretending to be InPost - in the text messages they inform you about your parcel being transferred to a warehouse because it is too large and prompting you to pay a fee. We would like to remind you that InPost never sends text messages with a request for a surcharge for your package exceeding maximum size! Please be careful.
More phishing attacks!
Text messages informing you that a package has been held up and prompting you to pay a fee for its release. Fraudsters are once again - this time taking advantage of the difficult situation in the country caused by the pandemic - impersonating InPost and informing our customers in text messages that their parcels have been held up and demanding an extra fee for its release. Please be advised that InPost never holds up the delivery of shipments due to lack of disinfection or insurance. Be careful!
Watch out for a new type of phishing attack!
Yet again, conmen are impersonating InPost, this time taking advantage of the difficult situation created by the pandemic. They are sending out text messages asking people to pay for the disinfection of their package by clicking on a link. We hereby inform that InPost never impounds packages because they have not been disinfected or insured. Be careful!
Customers, watch out for phishing attacks!
Fraudsters are once again impersonating InPost and sending text messages demanding on-line payment for a shipment that has been held up. Please be advised that InPost never holds up the delivery of parcels which are "overweight" and does not require additional charges from customers via a link included in a text message. Watch out for fake text messages!
Customers, watch out for phishing attacks!
We are receiving information about more scammers pretending to be InPost. This time, the criminals ask you to download our application in order to receive a parcel pick-up code. Let us remind you: InPost never sends links to download pick-up codes - we always send them directly via email, text message, or the InPost Mobile application. Do not click on the link received in the message!
Warning! We have found out about new dangerous phishing attacks. Cybercriminals trying to impersonate InPost and sending dangerous messages with a link to download or update applications from a fake domain. Under no circumstances should you click on the link you receive in these text messages - it may lead to infecting your phone with malware. Let us remind you: InPost NEVER makes the receipt of a pick-up code conditional on downloading an InPost Mobile update. Remember to download InPost Mobile only from official stores: Google Play, App Store, and Huawei AppGallery.
Watch out for dangerous messages!
We are seeing new dangerous phishing attacks. We must remind you: InPost never sends a message with a request to provide a delivery address and does not ask you to download the application in order to speed up the delivery of a shipment! Additionally, we never hold up deliveries of parcels until the address is confirmed - it has nothing to do with security procedures.
In connection with the recent text message phishing attacks, we would like to remind you that InPost never sends a message asking you to generate a pick-up code by clicking on a link! Also pay attention to the sender of the message - InPost never sends messages with a sender's name such as IN4921PL or similar. Clicking on the link in the message may infect your phone with malware.
Watch out for dangerous text messages with a link to download or update the application from a fake domain. InPost NEVER makes the receipt of a pick-up code conditional on downloading an InPost Mobile update. Under no circumstances should you click on the link received in these text messages. Remember to download InPost Mobile only from official stores: Google Play, App Store, and Huawei AppGallery.
Watch out for fake messages!
In connection with the increasingly frequent SMS phishing attacks, in which cybercriminals pretend to be InPost and send dangerous links to download the application, we would like to remind you that we never send messages with addresses pointing to .com domains. Clicking on the link in the message may infect your phone with malware. Please be advised that the InPost Mobile application should be installed only from official sources, i.e. Google Play and App Store.
Beware of fake phishing emails!
A new wave of fake messages has appeared in which cyber-criminals impersonate InPost, informing customers about surcharges for shipments, caused by their disinfection. Please be careful and remember that InPost never sends text messages with information about surcharges! Clicking on the link threatens to infect your phone with malware. We would also like to inform you that we do not send any information to verify shipments due to the coronavirus threat.
WARNING! Cyber-criminals once again try to impersonate InPost. They send text messages informing about the possibility of tracking shipments via a mobile application with a link to a malicious domain attached. Clicking on the link threatens to infect your phone with malware. InPost NEVER sends text messages with links to websites outside the inpost.pl domain. We remind you that for your own safety you should only install software from the official sources - Google Play, App Store and Huawei AppGallery. If you have installed the application from another source, you should immediately restore your phone to its factory settings. We would also like to inform you that we do not send any information to verify shipments due to the coronavirus threat