Cyberattacks in the time of coronavirus

The list of abuses during the pandemic is long – from overpricing of basic products to announcements of (allegedly) antiviral effects of ordinary vitamin C. Recently, false SMS texts, with websites specially prepared by cybercriminals, have also been particularly intense.

Another form of a cyberattack is phishing, which is a scamming method in which the offender impersonates another person or institution in order to defraud confidential information or induce the victim to perform certain activities. Such confidential information may be, for example, the login data in an online banking service or a credit card number.

In recent days, we have witnessed attacks by cybercriminals impersonating commercial banks and – for the last few days – also the Ministry of Health. The Internet links contained in the messages were used to extort money. This method, in its simplicity, is one of the most effective, dangerous and most frequently used techniques. According to the statistics conducted by CERT Polska (a team established to react to Internet security incidents), phishing accounted for as much as 45% of the abuses reported in 2012, and the number of such cases is growing every year.

Under criminal law, such false messages, which are intended to defraud money, are usually classified as fraud under Article 286 § 1 of the Penal Code. This is because it consists in “bringing about an unfavourable disposal of one’s own or someone else’s property by misleading or exploiting a mistake or inability to properly understand the action taken.”

In the 21st century, do we still need to be reminded of special caution on the Internet? Does the law protect us, despite “common knowledge” of the risks? Yes, it does. The credulity and lack of reflection of the victim does not exclude the existence of this crime. On the contrary, it is an integral part of it, because that is what misleading is all about.

The perpetrator of a crime can be punished with imprisonment of up to 8 years, even in the case of an attempt, i.e. when there is no adverse disposition of the property. In addition to imprisonment, the court may also impose a fine. The victim may, on the other hand, claim back the lost money and, in addition, if he or she submits an appropriate request in the course of the proceedings, seek redress.

So what’s the problem? According to the information provided by the Anti-Cybercrime Support Unit of the Criminal Bureau of the National Police Headquarters, the detectability of perpetrators of this type of crime is negligible and proceedings lasting months often end in discontinuance. In addition, most victims of phishing do not decide to report a suspicion of a crime, out of shame that they have been “fooled.” However, it is worth doing so, if only so that the perpetrators do not feel unpunished.

How to defend yourself? First of all, be cautious. It is also worthwhile to inform the institution under which the criminals are impersonating about the problem. If you are the victim of such a cyberattack and you have lost money or suspect that your data may have been intercepted, contact the appropriate services immediately.


Michał Korszla, attorney-at-law

Aleksandra Bętkowska, trainee