Thousands of Polish businesses registered in the Waste Data Bank (BDO) system have received fraudulent payment requests from cybercriminals impersonating the Ministry of Climate and Environment.
New “Waste Database” Scam Targets Businesses
Cybercriminals are targeting Polish businesses with a new phishing scam centered around the Waste Data Bank (BDO) system. Thousands of companies registered in the BDO may have received false payment demands.
The scammers are impersonating the Ministry of Climate and Environment, threatening consequences for unpaid fees related to the waste registry. The Ministry confirms it has no involvement with these emails and urges recipients not to pay.
Ministry Issues Phishing Warning
The Ministry of Climate and Environment (MKiŚ) is alerting businesses to a new phishing campaign. Fraudulent emails are being sent, falsely claiming to be from the Ministry and requesting payment for updating entries in the Database of Products and Packaging and Waste Management (BDO).
The Ministry explicitly states it has never sent such emails.
Broad Reach of the Scam
The BDO registry includes over 670,000 active entities – virtually every company that generates waste, introduces packaged products to the market, or engages in recycling is required to be registered. This makes the phishing campaign potentially far-reaching.
How the Scam Works
The fraudulent messages appear convincing, often containing the real names of public officials, including ministry leaders. Some emails include a purported certificate bearing the signature of a Deputy Minister of Climate and Environment, which the Ministry confirms is forged.
Identifying Fraudulent Emails
The emails are sent from addresses outside the government domain. Official government communications are exclusively conducted from addresses ending in gov.pl, providing a simple way to verify the sender.
Scammers Exploit Lack of Knowledge
The scam relies on recipients – businesses registered in the BDO – lacking complete knowledge of the registry’s operating principles. Under pressure or fear of consequences, they may transfer funds or provide login credentials.
False Urgency and Incorrect Payment Methods
The scam suggests that updating a BDO entry requires immediate payment. This is false. All BDO-related fees are paid according to regulations to the appropriate regional marshal’s office, and correspondence is conducted through the government’s BDO IT system – not email.
Ministry Reports Scam to Authorities
The MKiŚ has reported the campaign to the relevant authorities, stating the actions constitute criminal offenses, including fraud and the unlawful use of official imagery and personal data.
Protecting Against Phishing: What to Look For
The Ministry advises businesses to verify several things before making any payment or providing data.
Verification Checklist
• **Sender Address:** The absence of “gov.pl” should immediately raise suspicion.
• **Language Quality:** Errors, typos, and strange syntax are characteristic of cheap machine translation used by scammers.
• **Links:** Instead of clicking links in the email, manually type the official website address into your browser.
What to Do If You Receive a Suspicious Email
First, do not pay or click any links. Report any attempted fraud to law enforcement. IT incidents can also be reported directly to CERT Polska at: incydent.cert.pl.
. **Sources:**
