Security - Bank Millennium

Be vigilant!

Fake SMS from delivery company - don't click on links
How do scammers operate?

They impersonate DHL and send SMS messages informing about the necessity of additional payment for the shipment, e.g. due to customs duties.

There is a link in the SMS that directs you to the fake website of the courier company, from which you can download the "shipment tracking" application. In fact, it is malware allowing to steal money from your account.

How to defend yourself?
- do not click on links in emails or SMS as well as do not download unknown applications, available from a link nor any attachments to emails, especially if you are not sure about the sender or if the message raises any doubts
- do not share login details with anyone (we never ask for MilleCode or P@ssword 1 by emails or SMS)
- log in to Millenet only at Bank's website and before logging in check if yo see a closed padlock in the address bar
- install anti-virus software on all devices used to log in to your bank account, remember to update it on regular basis
If you have any doubts, please let us know.
Fake ads of well known brands on social network
Fake Rossmann and Sephora ads have appeared on social network (e.g. Facebook, Instagram).

The scammers inform about free cosmetics available in special offer. To get them you are only asked to pay the shipping cost by giving your payment card credentials. Card details obtained in this way are used for transactions for larger amounts.

Remember a few rules when paying by card online:
- before making a purchase, check if the offer is trustworthy and approach extremely bargain prices with more caution - look for opinions on the Internet on independent portals
- verify information about promotions on the seller's official websites
- do not provide your card details in unknown stores, do not send photos or a scan of your payment card to anyone - the data from the card can be used to make online transactions
- when paying for the transaction, check the details and amount before confirming it with an SMS P@ssword or Mobile Authorization
- install anti-virus software on all devices you log into the bank account and update them on a regular basis
Remember that you can restrict your card at any time in Millenet and in the mobile app or by calling +48 22 598 41 14 (fee according to the operator's price list).

If you notice any suspicious offers online, please let us know.
Watch out for false emails from the Bank
How do scammers operate?

Fraudsters send e-mails informing about disabled account or payment card.

Bank Millennium sends no such messages or any links via email or SMS!

Also, we never ask to enter payment card details (number, validation date, CVV2/CVC2 code) to unlock it nor we ask to make a money transfer to unlock the account.

If you receive such a message, please let us know.

How to defend yourself?
- do not click on links in emails or SMS, especially if you are not sure about the sender
- do not download unknown applications, available from a link nor any attachments to emails, if you don't know the sender or the message raises any doubts
- do not share login details with anyone (we never ask for MilleCode or P@ssword 1 by emails or SMS)
- log in to Millenet only at Bank's website and before logging in check if you see a closed padlock in the address bar
- when logging in to Millenet, do not enter full PESEL or an ID number, we ask only for the 2 randomly selected characters
- when logging in, never enter your payment card details
- install anti-virus software on all devices used to log in to your bank account, remember to update it on regular basis
Scammers impersonate Bank Millennium employees
How do scammers operate?

Bank has recently received new signals that scammers impersonate TeleMillennium helpline consultants, calling to inform you about suspicious activity on your account/payment card. They ask for personal data and can ask you to install the application, which enables remote control of the user's device.

How to defend yourself?
do not download any fishy apps - Bank consultants never encourage you to download any applications for quick customer service etc.

do not share confidential data with anyone, e.g. PESEL number, your payment card number or CVV code - our helpline consultants never ask for such data

never share login details to your bank account - Bank consultant will never log in to the system for you

log in to your bank account only on Bank's website and while logging in keep in mind that the system never requires entering a full PESEL number or a full ID number - only two randomly selected characters.
Beware of fraudulent websites that offer cryptocurrencies and Forex investments. Press release of 24 March (in Polish)
Komunikat z dnia 24.03.2021

Komenda Główna Policji i FinCERT.pl – Bankowe Centrum Cyberbezpieczeństwa ZBP ostrzegają przed próbami oszustw przy inwestowaniu w kryptowaluty oraz na rynku Forex.

Inwestycje w kryptowaluty, a także na rynku Forex co do zasady są legalne, ale oszuści wykorzystując fałszywe serwisy internetowe, podszywają się pod pośredników i oferują ułatwienia w inwestowaniu.

Przestępcy nakłaniają potencjalnych pokrzywdzonych do zainwestowania pieniędzy, obiecując wysokie i szybkie zyski bez ryzyka. Proponują pomoc przy inwestowaniu, dlatego zalecamy wysoką ostrożność przed podjęciem decyzji o przeznaczeniu pieniędzy na taki cel.

Wyłudzeń dokonują osoby, które podają się za tzw. „brokerów” inwestycyjnych – pracowników firm pośrednictwa i doradztwa inwestycyjnego. Firmy te reklamują swoje usługi w mediach społecznościowych, serwisach internetowych oraz aplikacjach mobilnych. Przyciągają uwagę i starają się uwiarygodnić swój przekaz za pomocą wizerunku:
- „przeciętnego Kowalskiego”, który szybko zyskał dzięki współpracy z „pośrednikiem”,
- powszechnie znanych i rozpoznawalnych osób (sportowców, polityków, aktorów, dziennikarzy, celebrytów) - bez ich wiedzy, zgody i na podstawie zmanipulowanego przekazu.
Oszuści kierują informacje do potencjalnych pokrzywdzonych i wskazują na możliwość osiągnięcia szybkich i wysokich zysków. Tego typu oferta jest nieprawdziwa i zazwyczaj kończy się utratą pieniędzy.

Nie ulegaj presji. Uważaj na pozornie atrakcyjne oferty. Nie działaj pochopnie, pod wpływem chwili i emocji. To może być oszustwo!!!

Jeśli przeczytasz artykuł czy post w mediach społecznościowych lub skontaktuje się z Tobą osoba, która proponuje:
- szybki i wysoki zysk dzięki inwestycji w kryptowaluty lub na rynku Forex;
- instalację aplikacji na telefonie lub komputerze, która ma posłużyć do zakupu kryptowaluty lub wykonania operacji na rynku Forex;
- wsparcie w inwestycjach i obsłudze aplikacji przez „analityka”, którzy zadzwoni do Ciebie i udzieli pomocy,
zastanów się, zachowaj zdrowy rozsądek i ostrożność.

Komenda Główna Policji i FinCERT.pl – Bankowe Centrum Cyberbezpieczeństwa ZBP zalecają:
- Zapoznaj się z informacjami KNF i NBP, które dotyczą inwestowania w kryptowaluty – link: https://uwazajnakryptowaluty.pl/;
- Sprawdź wiarygodność podmiotu. Zweryfikuj opinie w Internecie, np. w połączeniu ze słowem „oszustwo” lub „scam”. Nie poprzestawaj na jednej stronie z opiniami;
- Sprawdź, czy instytucja – „broker” znajduje się na liście ostrzeżeń KNF – link: https://www.knf.gov.pl/dla_konsumenta/ostrzezenia_publiczne;
- Nie udostępniaj nikomu danych do logowania w bankowości elektronicznej i mobilnej;
- Nie udostępniaj nikomu danych poufnych dotyczących Twoich kart płatniczych;
- Nie przesyłaj nikomu skanów swojego dowodu osobistego;
- Nie instaluj dodatkowego oprogramowania, na urządzeniach z których logujesz się do bankowości elektronicznej;
- Jeśli otrzymasz przelew od nieznanego nadawcy, pod żadnym pozorem nie przekazuj środków dalej, nawet jeśli „Twój doradca” o to prosi – nieświadomie możesz brać udział w przestępstwie.
Jeżeli podejrzewasz, że jesteś ofiarą oszustwa skontaktuj się ze swoim bankiem oraz złóż stosowne zawiadomienie na Policji.

Komenda Główna Policji
FinCERT.pl – Bankowe Centrum Cyberbezpieczeństwa ZBP
Beware of scammers promoting investment in cryptocurrencies
How do they operate?

Fraudsters impersonate 'investment brokers', promising easy and quick profit. In fact, they want to get access to your personal data and money.

When become suspicious?
Be careful, especially when:

you are asked to send a photo of your ID card or payment card

the broker urges you to install additional software or provide bank login details

the adviser wants to carry out transactions on your behalf
Before you start investing

Check if the company is registered in the EU and that there are no warnings on the Internet about its business. You can do it on KNF website >
Scammers on sales platforms
In the most frequently used fraud scenarios involving the phishing of payment card or login details, the main exposed persons were those making payments - buying goods on the Internet. Recently, however, we have observed a new type of abuse also directed against people who display goods on local buying and selling portals. Recently, scams of this type appeared on the OLX platform.

The fraudulent data is used by fraudsters to make online transactions from the card or add it to the fraudster's electronic wallet, which will allow him to perform further transactions from the account related to the card, also in stationary stores.
How to defend yourself?
Please be cautious and pay special attention to:

any communication outside the sales website - the scammers contact mainly via external communicators

links directing to the sales offer, delivery order or payment - double-check the address of the page to which the link transferred you

linguistic errors, typos or other inaccuracies on the website - if something raises your doubts, do not provide your personal data and payment card details under any circumstances

If anything raises your doubts, please let us know. You can call us on the special telephone line: 22 598 44 44 (for landline and mobile phones; fees according to the operator's price list).
How do scammers operate?
If you are a buyer, the criminals impersonate the OLX platform and encourage you to use the option with delivery or the surcharge for the parcel. They also use an external communicator for this. The scam message contains a link that redirects you to a fake payment card phishing website.

If you are selling goods, it might look like this:

You post an advertisement with the goods you want to sell.

A potential buyer comes to you and starts a conversation with you, usually using a popular messenger, and not directly through the page with the advertisement.

The buyer argues that he will make the payment for the goods and shipment by transfer to your payment card and for this purpose sends a link to the payment.

The link directs you to the page where you must provide payment card details (full card number, expiry date, authorization code) and confirm your willingness to receive payment by entering a password from an SMS.
Fake ads on social network
Recently, fake ads impersonating Bank Millennium's offer and informing about cash prizes for loyal clients have appeared on social network. To get the prize, you are asked to give your MilleCode.
How to defend yourself?
Remember these rules to use online banking system safely:

do not give your MilleCode and login details to anyone

do not log in to your account on websites other than Bank Millennium's websites

do not enter the entire PESEL / ID card / passport number and telephone number when logging in (only 2 randomly selected identifier digits are required when logging in)

do not enter payment card details while logging in - we never ask for it

read carefully each SMS that you receive from us - check the operation you are confirming (the amount, type and number of the transaction), mind the language of the message

If anything raises your doubts, please let us know. You can call us on the special telephone line: 22 598 44 44 (for landline and mobile phones; fees according to the operator's price list).
Watch out for false emails about loyalty bonus
How do scammers operate?

Bank has recently received signals about false emails sent by scammers impersonating Bank Millennium. They inform about loyalty bonus, available after clicking on the link. The link leads to fake login page, where you are asked to enter MilleCode and P@ssword 1, and then your payment card details.

We inform that Bank sends no such messages or any links via email or SMS! Also, we never ask you to enter your payments card details while logging in your bank account.

How to defend yourself?
Do not click on links in emails or SMS, especially if you are not sure about the sender or where the link will lead you

Log in to Millenet only at Bank's website and before logging in check if the connection is encrypted (closed padlock in the bar with the address)

When logging in to Millenet, enter only the 2 randomly selected characters of the PESEL number or a document - we never ask for more characters!

when logging in, never enter your payment card details.
Scammers impersonate Police
Learn about scam scheme

Police informs about emails regarding alleged banking fraud. The message, allegedly signed by the Police Headquarters, is accompanied by an attachment with malware that infects or completely blocks the device.

Read the police information >

How to defend yourself?
do not click on links in emails or SMS, especially if you are not sure about the sender or where the link will lead you

do not download unknown applications, available from a link

do not download any attachments to emails, if you don't know the sender or the form of the message raises any doubts

if your computer has been blocked - under no circumstances pay scammers to unlock it, but change access to your bank account and report a crime
The scammers impersonate Bank Millennium and other well-known brands
How do they operate?

They impersonate Bank Millennium and other well-known companies (popular VOD platforms, music services, courier companies, online stores) and send fake e-mails. For example, you can get information about your subscription expired on the streaming platform or about unusual activity on your account and the need to unblock it. Later, the scammer's pattern of operation is similar - they urge you to log into your account and provide your personal and payment card details, or download malicious applications.

What to keep in mind?
Always double-check the sender of the message

Do not click on unknown links and do not install any applications from such messages - we never send login links in e-mails and text messages

If you want to visit the Bank's website, do not use external links, it is safer to enter the address manually in the browser

Never log into your bank account on websites other than the Bank's website

Do not provide confidential data (login details, card details, document numbers, etc.) if you do not know the sender or the form of the message raises your doubts

Always carefully check the content of the message from the Bank confirming the transaction
New frauds on social media
When to be careful?
Please, pay particular attention to:

messages on social network and communicators, e.g. message from the fraudster impersonating your friend and asking for a BLIK code to make an urgent payment

ads on social networks pretending to be Bank Millennium's offer and informing about cash rewards
How to avoid the fraud?

Always double-check the sender and the content of the received message and do not click on unknown links or do not install any applications from such links.

Additionally, we would like to remind you that the Bank never sends you an e-mail or SMS with links and never asks you to provide confidential data in this way.
HideSee more

Secure banking step by step

A lot depends on you
Protect your personal data and money. Keep in mind a few security rules and do not be fooled by scammers.

Learn the rules Security rules
Scam schemes
Learn about the scammers methods and keep it secure when using your account online and when to be more careful.

See popular frauds Security
Bank protects your account
We keep your data and money safe to make using your account online very secure.

See how Account protection

A lot depends on you

Keep in mind the secure banking rules

Do not click on unknown links in e-mails, text messages, messages on social networks.
Check the sender of the message carefully and do not enter confidential data in the e-mail.
Don't open attachments unless you know what might be in them.
Do not share your login details with anyone, keep passwords strong and change them from time to time.
Check transaction notifications carefully - if something is wrong, do not approve the operation!
Before logging in, check that the connection with the bank is encrypted.
Install anti-virus software on all devices on which you log into electronic banking and update them on a regular basis.
Use trusted devices and programs, if you share the device with other users, always remember to log out.
In case of losing a card or a phone with an active application - block them immediately, e.g. in Millenet

While shopping online

Before making a purchase, check that the store is trustworthy - look for opinions on the Internet carefully
Check the details of the transaction before confirming it with an SMS P@ssword or in the application
Do not enter data that you think are not needed to complete the transaction

See what else you can do

Set strong passwords - avoid simple sequences of characters

WATCH VIDEO WATCH VIDEO
Fake bank websites - always check the address bar

WATCH VIDEO WATCH VIDEO
Read authorization notification and check the transaction details

WATCH VIDEO WATCH VIDEO

There are many ways to keep it secure. See other videos.

What is phishing?

It's an attempt to catch you in scammers' nets, who e.g. impersonate your bank.

What for? To make you pass your personal data, login or payment card details. As a result, your account or card will be accessed by unauthorized persons who can order transactions or impersonate you.

But how? The scammers send e-mails or SMS-s persuading to act immediately, such as:

'Your bank account has been blocked'

'Pay fee for your card'

'Your parcel has been withheld due to underpayment, settle the arrears'

'On ... the execution was initiated. Possibility of amicable repayment for PLN 8.44'

Be careful

Do not click on links and do not download any applications unless you know the sender of the message.

You will never receive such a message from Bank Millennium, because we do not send any links in e-mails or SMS.

If you log on to the Bank's website, make sure that the connection is encrypted (the padlock in the address bar should be closed).

If something looks different than usual, please do not log in - we always inform about it when we change something on the login page.

On the login page, we always ask for only two randomly selected characters of the identifier - never enter the entire PESEL number or the entire document number.
Fake consultant, or vishing

How do you know that the person you are talking to on the phone is really who they say they are? This is obviously very difficult, and it is easy for fraudsters to gain our trust and obtain sensitive data.

How to defend yourself?

Don't share login details with anyone - only you should know them.

The bank consultant can ask you to provide MilleCode, but will never ask for your login password.
Malicious software, or malware

How does it work? You get an e-mail or an SMS with a link to download an app or 'very important' attachment. You click on it and this way you infect your computer, phone or tablet.

What for? This one click allows to install a malicious application or program on your device that can, for example, track your activity and download data, or take control of your device completely.

Keep in mind:

never click on unknown links

don't download attachments if you don't know what's in them or you don't know the sender of the message

do not install unchecked applications - preferably before installing an application, look for comments about it in the application store
Card frauds

How? You enter your card details in an unchecked store, or in response to fake e-mail, you give someone your plastic card or write your PIN on the card or a sticky note attached to the card.

What for? The fraudster needs your card details to make online transactions or tokenize the card, for example in Google Pay service. To pay in a stationary store the fraudster needs your card, and for larger payments also PIN.

How to defend yourself?

Never scan the card, do not pass on the data from the card to anyone

Pay with your card in trusted online stores

Carefully read the terms and conditions of internet subscriptions you accept (sometimes the first month is free, and the next one is charged a high fee)

Do not give your card or PIN to an unauthorized person (e.g. waiter in a restaurant or bar
Message from "a friend"

Your friend informs you via messenger app that he need money at once, he will return tomorrow and you only need to give him a BLIK code. Or he sends you link to the transfer (PayByLink).

What do you do? At first, everyone is probably willing to help their friend. Yet, be careful! This may be a fraud scheme. Before you help your friend, make sure It really is your friend - scammers could have get access to his account. The best you can do is to call him and ask if he really is in need.
Fake stores and ads

How does it work? Scammers publish fake ads and fake stores' websites. Very often they give "special offers" or even rewards to get your attention and persuade you to use their offer.

Don't get yourself "caught":

Before taking advantage of such a "great deal", try to verify that it is trustworthy.

You can search for comments on the Internet about a given company or a specific website.

If you have any doubts, do not order a payment or share your details.
Fraud on cryptocurrency exchanges

How? You come across an ad promoting easy ways to invest in cryptocurrencies:

"You don't need to know anything about investing"

"We guarantee quick profit"

"We will do everything on your behalf, only scan your payment card/ID and give us your login details/SMS P@ssword"

What for? To extort your personal details, login details to your bank account or payment card details, and above all, to persuade you to transfer your money. Unfortunately, when you want to withdraw your funds, contact with the "broker" is broken and the money transferred cannot be recovered.

How to defend yourself?

Check the credibility of the broker. Check online reviews, for example in conjunction with the words "fraud" or "scam". Don't stop at just one review page.

Check, if the institution - "broker" is on the KNF's list of warningslink opens in a new window

Do not share your bank account login details with anyone.

Do not share confidential information about your payment cards with anyone.

Do not send photos/scans of your ID to anyone.

Do not install suspicious software on devices from which you log into your bank account.

If you receive a transfer from an unknown sender, do not forward the funds under any circumstances, even if "your Advisor" asks for it - you may unknowingly be involved in a crime.

More information on both investing in cryptocurrencies and the resulting threats can be found at: KNFlink opens in a new window, NBPlink opens in a new window (in Polish) and ZBPlink opens in a new window (in Polish).
SIM card swap

How? The scammer goes to the mobile phone salon claiming to be you and asks for SIM card replacement. The operator blocks the old SIM card and gives the fraudster a duplicate.

What for? To take control of the authorization of your transactions.

When you should realize that you are a fraud victim?

When you want to use your phone, for example call someone, and it is impossible.
If such a thing has happened to you, be sure to report it to your mobile operator and check your account.

We take care of your online security

Secure solutions

We use various security features in Millenet and Bank Millennium mobile application - we use the latest technologies and we design services so that they are very safe.

Learn more Secure solutions
Additional card payment protection

When paying with Bank Millennium cards online, we support the 3-D Secure solution offered by stores, which is an additional payment security.

Check it Additional card payment protection
Transaction authorization

Operations ordered in the electronic banking system need additional confirmation. Thanks to it, you can be sure that no online transfer or card payment will be ordered without your knowledge.

Check methods Transaction authorization
Payment limits

Transaction limits, i.e. the maximum amount you can order in a given operation or in total on a given day, will provide you with additional protection. You can easily adjust the limits to your needs in the settings in Millenet or in the mobile application.

How to set Payment limits
Locking or restricting a card

In Millenet and in the mobile app, you can temporarily lock or restain a card that has been lost or stolen at any time. You do not have to wait for a call to the helpline or for the opening of a Bank branch.

How to do it Locking or restricting a card
Encrypted connection

The security of Millenet internet banking is ensured by the use of encrypted data transmission between your computer and the Bank's server.

How to check Encrypted connection