Thousands of Polish businesses registered in the Waste Data Bank (BDO) system have received fraudulent payment requests from cybercriminals impersonating the Ministry of Climate and Environment.
New Scam Targets Waste Database Users
Cybercriminals are targeting businesses registered in Poland’s Waste Data Bank (BDO) with a new phishing scam, sending fake payment demands.
The scammers are posing as the Ministry of Climate and Environment, threatening consequences for unpaid fees related to the waste registry. The Ministry confirms it has no involvement with these emails and urges recipients not to pay.
Ministry Issues Phishing Alert
The Ministry of Climate and Environment (MKiŚ) is warning businesses about a new phishing campaign. Fraudulent emails are being sent, falsely claiming to be from the Ministry and requesting payment for updating entries in the Database of Products and Packaging and Waste Management (BDO).
The Ministry explicitly states it has never sent such emails.
Broad Reach of the Scam
The BDO registry includes over 670,000 active entities – virtually every company that generates waste, introduces packaged products to the market, or engages in recycling is required to be registered. This makes the phishing campaign potentially far-reaching.
How the Scam Works
The fraudulent messages appear convincing, containing the real names of public officials, including ministry leaders. Some emails include a purported certificate bearing the signature of a Deputy Minister of Climate and Environment, which the Ministry confirms is forged.
Identifying Fraudulent Emails
The scam emails are sent from email addresses outside the government domain. Official government communications are exclusively conducted from addresses within the gov.pl domain – a simple way to verify the sender.
Scam Mechanism Explained
The scam relies on the assumption that recipients – businesses registered in the BDO – may lack full knowledge of the registry’s operating principles and, under pressure or fear of consequences, will transfer funds or provide login credentials.
False Urgency and Payment Details
The scam suggests that updating a BDO entry requires immediate payment. This is false. All BDO-related fees are paid according to regulations to the appropriate regional marshal’s office, and correspondence is conducted through the government’s BDO IT system – not via email.
Ministry Reports Scam to Authorities
The MKiŚ has reported the campaign to the relevant authorities, stating the actions constitute criminal offenses, including fraud and the unlawful use of official imagery and personal data.
What to Look For: Phishing Red Flags
The Ministry advises checking several things before making any payment or providing data:
Check the sender’s address – the absence of “gov.pl” should immediately raise suspicion.
What to Do If You Receive a Suspicious Email
Do not pay or click any links. Report any attempted fraud to law enforcement. IT security incidents can also be reported directly to CERT Polska at: incydent.cert.pl.
Frequently Asked Questions
The Ministry of Climate and Environment explicitly states it does not and has never sent emails requesting payment for BDO entry updates. Official government communication is exclusively conducted from addresses within the gov.pl domain.