The National CERT wishes to inform all banking service clients that a malicious phishing campaign is under way in the Republic of Serbia, targeting one of the banks operating in this country.
Phishing emails appear to be sent from the legitimate bank’s domain, but actually contain malicious attachments on foreign exchange inflow activating a malicious code in the background intended to infect the recipient’s computer.
According to the available information, we would like to notify the citizens that these emails are not being sent from the bank's servers. The bank has undertaken all necessary activities in order to block these messages from reaching its clients.
Based on the past experience, such phishing campaigns are usually directed against several banks, so the National CERT recommends to all users to be cautious and delete similar emails right away, without opening the attachment. The users are also advised to check with the bank the status of any suspicious payment, since the banks normally send to clients digitally signed notifications, so that the identity of the sender can be verified even before the email is opened.
An example of a phishing message can be seen at the following link: