Until recently, cyber security experts warned of a linear increase in threats. However, the year 2025 has brought a change that can be described as a statistical shock. The latest data from the CERT Polska team (NASK) shows that in the first six months of this year alone, cybercriminals created more than 100,000 domains used to extort data and money.
To understand the scale of this phenomenon, one only needs to look back: a total of 92,000 such addresses have been added to the Warning List in the entire year to date, a record year 2024. This means that the current dynamics of the criminal infrastructure is more than double that of a year ago. Cybercrime has ceased to be the domain of ‘hackers in hoodies’ and has become a scalable, automated business that runs faster than any legitimate startup.
The threat landscape: Investing in illusions
What is driving these statistics? While ‘undelivered package’ or ‘unpaid electricity bill’ attacks are still popular, the biggest jump was seen in the fake investment segment.
Several tens of thousands of the newly detected domains are professionally prepared traps, tempting with the promise of a sure, quick profit. Using images of well-known politicians, athletes or celebrities (often generated or animated by AI), fraudsters create platforms that, at first glance, are no different from legitimate brokerage house sites or cryptocurrency exchanges.
The increase in the number of detected sites is the result of two factors. On the one hand, CERT Polska’s detection systems are getting better and better. On the other – the barrier to entry into the world of cybercrime has fallen dramatically. Today, you do not need to write code to launch a phishing campaign. It is enough to buy ready-made tools in the “Phishing-as-a-Service” model.
Marketing the evil. How do modern scammers operate?
Experts are under no illusion – criminal groups are adopting the same techniques used by major advertising agencies. Targeting, A/B testing, sales psychology – these are all in the attackers’ arsenal today.
“Phishing and marketing have long gone hand in hand. Fraudsters use social engineering very similar to salespeople, i.e. imposing time pressure, assurances of uniqueness, promises of massive savings or profits, for example. Criminals advertise their websites on social media and search engines, profiling these adverts to the audience they think is most susceptible to a particular fraud scheme.” – notes Karol Bojke, an expert from CERT Polska.
Moreover, the technology that is supposed to serve us is becoming a weapon in the hands of attackers. “The use of AI only exacerbates problems that already exist (e.g. unlawful use of an image), and the ease of automation increases their scale,” – Bojke adds.
In this arms race, the CERT Polska Warning List, run since 2020, remains a key defensive tool. It is implemented by telecom operators, allowing millions of Poles to automatically block access to malicious sites. However, with the rate of hundreds of new domains per day, there is a question about the effectiveness of this solution.
Can the list keep up with the dynamics of criminals who can set up and roll up a fake shop in a few hours?
“A correctly implemented Warning List protects against threats detected up to five minutes earlier”. – Karol Bojke explains. However, the expert points out that technology is only half the battle. “The key here is cooperation and sharing information about new scams with the CERT Polska team – both from partner institutions and ‘ordinary’ Internet users. Public awareness in this area is growing, thanks to which the number of reports is increasing, but there is still a lot of work and education ahead of us. The private sector, of course, should also take care of its customers, so we encourage you to use our recommendations available on cert.pl.“
Behavioural resilience: The power of small habits
Since technology cannot catch 100% of threats, the last line of defence remains the human being. Here, however, is where the problem arises: years of scare-mongering about hackers have caused many users to develop security fatigue – the fatigue of constant warnings.
Therefore, the education paradigm is changing in 2025 . An example of the new approach is theSafe Zlotyscampaign, implemented by the Ministry of Finance in cooperation with the THINK! Foundation and NASK. It is part of a broader puzzle – the National Strategy for Financial Education. Decision-makers have understood that digital security is inextricably linked to financial security. Losing login details today is a simple way to lose your life savings.
But how do you teach effectively when your audience is bombarded with information?
“Habits are established not from hype announcements, but from small, repetitive steps. That’s why in Safe Zloty we combine knowledge with simple rules: I check the sender of the message, I don’t click on a link from an SMS if I don’t know who it’s from, I use two-step verification… This is the power of everyday habits.” – explains Anna Bichta, President of the THINK!
The expert stresses that the key to social resilience is to get out of the bubble of individualism. “It also manifests itself in sharing knowledge with those around you – relatives or neighbours,” adds Bichta.
Empathy instead of fear
The Safe Golds campaign also diagnoses the language used to talk about cyber security. To date, the narrative has often been based on technical jargon or the stigmatisation of victims (“how could you have clicked on that?”). Meanwhile, victims of investment fraud are not only older people, but increasingly young, digitally proficient people, deceived by the professionalism of fake platforms.
“We certainly need a language that doesn’t embarrass, but helps us understand our own emotions,” Anna Bichta emphasises.
It is the emotions – greed, fear, but also the hope of an improved existence – that are the attack vector. Clicking on a fake link is often not due to a lack of technical knowledge, but to the impulse of the moment.
“People click on ‘a certain opportunity’ because they want a quick sense of relief or hope for something good. That’s why in the campaign we focus on real stories and examples from which we draw practical conclusions without judging anyone,” concludes the President of the THINK! Foundation.
Cyber security as an economic competence
The involvement of the Ministry of Finance in the topic of phishing is a clear signal: cyber security has ceased to be a problem for IT departments and has become a key economic competence for every citizen. Monika Wojciechowska, Plenipotentiary of the Minister of Finance for the Financial Education Strategy, calls it explicitly “an investment in the financial resilience of society”.
In a reality where 100,000 new threats are created in half a year, it is impossible to completely eliminate risk. However, it is possible to manage it. However, this requires a combination of two worlds: hard technology (artificial intelligence on the CERT side, automatic domain locks) and soft skills (critical thinking, emotional control).
If 2025 is to bring a breakthrough in the fight against cybercrime, it will not come through a new anti-virus application, but through a massive change in habits. Stopping for three seconds before clicking on a link with a ‘super investment opportunity’ is the most effective firewall we can install today.
See? React.
Suspicious link SMS messages can be reported by forwarding them to the toll-free number 8080. Any other incidents and fake domains are worth reporting directly to incident.cert.co.uk. Each report shortens the life of a fake domain and could save another person’s savings.
