Be vigilant!


  • Fraudsters are taking advantage of our emotions and eagerness to help those affected by the floods. It is more and more common now to come across a fake message that is not aimed at supporting, but at phishing for your money or data.

    • Fake fundraisers. Support only organisations that you know. You can also use a ready-made charity transfer in your app. You can find it in the bottom menu under Payments > Transfers. Information on legitimate collections is posted on the website of the Public Collections Portal of the Ministry of the Interior and Administration.
    • Fake RCB alerts with links. Don't click on the links. Real alerts do not contain them.
    • Social media posts. Watch out for posts with drastic messages about the floods. Often their purpose is not only to create chaos, but also to phish for data. If, when you click, you are asked to enter your login details, don't do it - the scammer is trying to take over your profile in this way.


  • Scammers trying to get into your computer have a new way of doing it. This time they use the CAPTCHA mechanism - a short test that is used on some websites to confirm that the user is not a robot.

    A correct CAPTCHA requires, for example, entering some letters or indicating certain objects in a picture.

    The criminals have adapted this scheme, but they provide on-screen steps for the user to follow. These steps are altered compared to the standard CAPTCHA. If you follow the instructions and click the sequence, you open access to your device to the hacker. Your computer will download and install the malware.


    If you follow the instructions and end up installing malware, the fraudster can:

    • get your passwords stored on disk and in cookies
    • take over your social network accounts
    • encrypt or destroy files on your device
    • take over your account credentials and this way steal your money or even your identity

    First of all, be vigilant! The legitimate CAPTCHA can take many forms, but it will never require you to use the WIN (Windows button) + R key combination.



  • QR codes, or black-and-white pictograms with encrypted data, can make it easier to find information or order a payment. They act as direct links, often connecting offline and online spaces. However, they are worth using with caution, as their convenience and speed are increasingly being exploited by cybercriminals. This modus operandi has even gained its own name - quishing.

    Criminals create a fake website and then generate a QR code with a link to that website. They then place the code in a location from which it can be easily scanned - at bus stops, parking meters, leaflets and brochures or in emails.

    The scammers come up with all sorts of ways to convince you to scan the code and enter your details or download a malicious app. When you scan such a code, you end up on a fake website. Therefore, it is always worth checking the address of the page to which the QR code redirects you.


    • When you see a sticker with a QR code in a public place, such as a bus stop or car park. The sticker tells you that this will make it quicker for you to buy a ticket or pay for your parking time. Beware, criminals can use this to direct you to fake websites where they want to scam you out of your details and money.
    • When you receive a leaflet or brochure on the street with discounts, e.g. to a shop or drugstore.
    • Also beware of QR codes sent for example in text messages or emails. If you don't know the sender or you see an error in the email address or in the body of the message, don't scan the code.


  • HideSee more

Secure banking step by step

Check who calls you

You receive a call from a person saying their work in a bank, and claiming that someone tried to log in to your account, sent a money transfer for you or tried to take a loan using your name.



It's a stressful situation and for sure you want to act immediately to secure your money. But be careful! It can be a fraud scheme. How can you check, if you are talking to the real bank employee?



Now you can check it easily in our mobile app. During the phone call, say you want to verify the consultant's identity in the app.

  • If you are talking to our employee, you will get push in the app, where we will confirm the name of the consultant calling you.
  • If the caller refuses or will give you inaccurate data - hang up and let us know by calling +48 22 598 44 44 (fee according to your operator's price list).
  • Keep in mind that our employee will send you push notification only via banking app. Our employee will never send their personal details via e-mail, SMS, or any messenger app.

Confirm identity securely on the mobile app

You can now securely and conveniently confirm identity when you talk with our consultant on the phone.

  1. 1

    Our employee can propose to send you a notification in the app at the start of the phone call: "Confirm operation in the app". Tap on the notification and log in to the app.

  2. 2

    Once you have logged in, you will see a screen confirming your identity to the consultant and checking the consultant's details.

  3. 3

    When you confirm - both you and our employee can now be sure that you are talking to the right person and not a criminal pretending to be someone else.

Confirm identity securely on the mobile app

Keep this in mind

  • When you confirm your identity in the app, our employee will not ask you for additional details. If you do not have an app, the consultant will confirm your identity in the usual way: he or she will ask you about your details and products at our bank.
  • Our employee will not ask you for your password or PIN under any circumstances.
  • You will only receive a notification confirming your details in the bank app. Our employees do not send links or business cards via chats or SMS messages.

Take a quiz and see how much you already know

It's good to know as much as you can about how to be secure online, when you use your account or pay online, or even when you pick up the phone from a stranger.


We have prepared 6 thematic quizzes for you. Test your knowledge of cyber security!

A lot depends on you

Keep in mind the secure banking rules

  • Do not click on unknown links in e-mails, text messages, messages on social networks.

  • Check the sender of the message carefully and do not enter confidential data in the e-mail.

  • Don't open attachments unless you know what might be in them.

  • Do not share your login details with anyone, keep passwords strong and change them from time to time.

  • Check transaction notifications carefully - if something is wrong, do not approve the operation!

  • Before logging in, check if the website address is right, there are no typos or misspellings and if the connection is encrypted.

  • Install anti-virus software on all devices on which you log into electronic banking and update them on a regular basis.

  • Use trusted devices and programs, if you share the device with other users, always remember to log out.

  • In case of losing a card or a phone with an active application - block them immediately, e.g. in Millenet

While shopping online

  • Before making a purchase, check that the store is trustworthy - look for opinions on the Internet carefully

  • Check the details of the transaction before confirming it with an SMS P@ssword or in the application

  • Do not enter data that you think are not needed to complete the transaction

See what else you can do

There are many ways to keep it secure. See other videos.

MORE VIDEOS about: security

Scammers' schemes

  1. Phishing
  2. Fake consultant
  3. Malware
  4. Card frauds
  5. Message from "a friend"
  6. Fake stores and ads
  7. Cryptocurrency frauds
  8. SIM card swap
  1. What is phishing?

    It's an attempt to catch you in scammers' nets, who e.g. impersonate your bank.

    What for? To make you pass your personal data, login or payment card details. As a result, your account or card will be accessed by unauthorized persons who can order transactions or impersonate you.

    But how? The scammers send e-mails or SMS-s persuading to act immediately, such as:

    • 'Your bank account has been blocked'
    • 'Pay fee for your card'
    • 'Your parcel has been withheld due to underpayment, settle the arrears'
    • 'On ... the execution was initiated. Possibility of amicable repayment for PLN 8.44'

    Be careful

    • Do not click on links and do not download any applications unless you know the sender of the message.
    • You will never receive such a message from Bank Millennium, because we do not send any links in e-mails or SMS.
    • When you log in on the bank’s website, look at the address bar. Check if the website address is right, there are no typos or misspellings and if the connection is encrypted (icon with a closed padlock).
    • If something looks different than usual, please do not log in - we always inform about it when we change something on the login page.
    • On the login page, we always ask for only two randomly selected characters of the identifier - never enter the entire PESEL number or the entire document number.
  2. Fake consultant, or vishing

    How do you know that the person you are talking to on the phone is really who they say they are? This is obviously very difficult, and it is easy for fraudsters to gain our trust and obtain sensitive data.

    How to defend yourself?

    • Don't share login details with anyone - only you should know them.
    • The bank consultant can ask you to provide MilleCode, but will never ask for your login password.
  3. Malicious software, or malware

    How does it work? You get an e-mail or an SMS with a link to download an app or 'very important' attachment. You click on it and this way you infect your computer, phone or tablet.

    What for? This one click allows to install a malicious application or program on your device that can, for example, track your activity and download data, or take control of your device completely.

    Keep in mind:

    • never click on unknown links
    • don't download attachments if you don't know what's in them or you don't know the sender of the message
    • do not install unchecked applications - preferably before installing an application, look for comments about it in the application store
  4. Card frauds

    How? You enter your card details in an unchecked store, or in response to fake e-mail, you give someone your plastic card or write your PIN on the card or a sticky note attached to the card.

    What for? The fraudster needs your card details to make online transactions or tokenize the card, for example in Google Pay service. To pay in a stationary store the fraudster needs your card, and for larger payments also PIN.

    How to defend yourself?

    • Never scan the card, do not pass on the data from the card to anyone
    • Pay with your card in trusted online stores
    • Carefully read the terms and conditions of internet subscriptions you accept (sometimes the first month is free, and the next one is charged a high fee)
    • Do not give your card or PIN to an unauthorized person (e.g. waiter in a restaurant or bar
  5. Message from "a friend"

    Your friend informs you via messenger app that he need money at once, he will return tomorrow and you only need to give him a BLIK code. Or he sends you link to the transfer (PayByLink).

    What do you do? At first, everyone is probably willing to help their friend. Yet, be careful! This may be a fraud scheme. Before you help your friend, make sure It really is your friend - scammers could have get access to his account. The best you can do is to call him and ask if he really is in need.

  6. Fake stores and ads

    How does it work? Scammers publish fake ads and fake stores' websites. Very often they give "special offers" or even rewards to get your attention and persuade you to use their offer.

    Don't get yourself "caught":

    • Before taking advantage of such a "great deal", try to verify that it is trustworthy.
    • You can search for comments on the Internet about a given company or a specific website.
    • If you have any doubts, do not order a payment or share your details.
  7. Fraud on cryptocurrency exchanges

    How? You come across an ad promoting easy ways to invest in cryptocurrencies:

    • "You don't need to know anything about investing"
    • "We guarantee quick profit"
    • "We will do everything on your behalf, only scan your payment card/ID and give us your login details/SMS P@ssword"

    What for? To extort your personal details, login details to your bank account or payment card details, and above all, to persuade you to transfer your money. Unfortunately, when you want to withdraw your funds, contact with the "broker" is broken and the money transferred cannot be recovered.

    How to defend yourself?

    • Check the credibility of the broker. Check online reviews, for example in conjunction with the words "fraud" or "scam". Don't stop at just one review page.
    • Check, if the institution - "broker" is on the KNF's list of warningslink opens in a new window
    • Do not share your bank account login details with anyone.
    • Do not share confidential information about your payment cards with anyone.
    • Do not send photos/scans of your ID to anyone.
    • Do not install suspicious software on devices from which you log into your bank account.
    • If you receive a transfer from an unknown sender, do not forward the funds under any circumstances, even if "your Advisor" asks for it - you may unknowingly be involved in a crime.

    More information on both investing in cryptocurrencies and the resulting threats can be found at: KNFlink opens in a new window, NBPlink opens in a new window (in Polish) and ZBPlink opens in a new window (in Polish).

  8. SIM card swap

    How? The scammer goes to the mobile phone salon claiming to be you and asks for SIM card replacement. The operator blocks the old SIM card and gives the fraudster a duplicate.

    What for? To take control of the authorization of your transactions.

    When you should realize that you are a fraud victim?

    When you want to use your phone, for example call someone, and it is impossible.
    If such a thing has happened to you, be sure to report it to your mobile operator and check your account.

We take care of your online security

  • Secure solutions

    We use various security features in Millenet and Bank Millennium mobile application - we use the latest technologies and we design services so that they are very safe.

  • Additional card payment protection

    When paying with Bank Millennium cards online, we support the 3-D Secure solution offered by stores, which is an additional payment security.

  • Transaction authorization

    Operations ordered in the electronic banking system need additional confirmation. Thanks to it, you can be sure that no online transfer or card payment will be ordered without your knowledge.

  • Payment limits

    Transaction limits, i.e. the maximum amount you can order in a given operation or in total on a given day, will provide you with additional protection. You can easily adjust the limits to your needs in the settings in Millenet or in the mobile application.

  • Locking or restricting a card

    In Millenet and in the mobile app, you can temporarily lock or restain a card that has been lost or stolen at any time. You do not have to wait for a call to the helpline or for the opening of a Bank branch.

  • Encrypted connection

    The security of Millenet internet banking is ensured by the use of encrypted data transmission between your computer and the Bank's server.

PESEL number verification

To protect your data and your money, as of 1 June 2024, we check whether your PESEL number is restricted when you open an account or want to use credit products.


This means that if your PESEL is restricted and someone wants to illegally use your data with our bank - we will prevent this from happening.

Are you a victim of fraud or want to report suspicious situation?

  1. Write to us

    Fill in the form
  2. or call security helpline