The National CERT wishes to inform the public on the current phishing campaigns abusing COVID-19 virus (coronavirus) alerts.

The campaign is most frequently being realized in the form of email messages containing different types of information related to COVID-19 virus.

In the email body text, the recipient is asked to enter user name and password, in order to supposedly access information on protection measures related to COVID-19.

In addition, the messages can also contain information on other current topics related to coronavirus, such as: infection maps, possible impact on the economy and similar.

The National CERT recommends the users not to enter their credentials in case of such emails.

Reduced possibility of spoofing the original Domain

Prevention of potential abuse of the user's email address

The implementation of three email verification mechanisms (SPF, DKIM and DMARK) can significantly reduce the receipt of Phishing messages.

• Vishing is a cyber scam that takes place through calls
• Smishing is a cyber scam that starts via SMS or Chat messages
• The most common scams are aimed at collecting personal, business or financial data

December being traditionally a month of holiday shopping and increased volumes of posted items, it is also a time of a growing number of cyber threat attempts. The National CERT of the Republic of Serbia therefore warns the citizens about current SMS phishing frauds targeting the users of postal services in this time of the year.

The attackers usually initiate the fraud by sending an SMS or text, containing an information about an unsuccessful postal item delivery attempt, along with a link to confirm address details. By clicking on the link, the victim is transferred to a fake web page of the PE Post of Serbia, where they are asked to enter personal information and credit card data. Disclosure of these personal data on the fake web page enables the attackers to clear the victim’s bank account.

The National CERT urges the citizens not to click on links contained in messages from unknown senders and to report similar incidents, in case they were defrauded.

More on this topic can be found in our video: ‘’SMS phishing frauds’’.

The Regulatory Authority for Electronic Communications and Postal Services (RATEL), as the National CERT of the Republic of Serbia, is celebrating October as an international cyber security month, with a campaign titled „Information Security – Joint Responsibility“. The aim of this year’s campaign is to get users acquainted with current online threats, as well as with each individual’s role in responding to cyber challenges. Raising awareness and knowledge of users reduces the possibility of cyber attacks against critical infrastructure of the Republic of Serbia and state institutions, businesses, SMEs and natural persons. Timely identification of a single phishing attack and adequate response to it can significantly reduce the incident’s impact and its further distribution, as well as the consequences on the society as a whole.

The European Union Agency for Cybersecurity (ENISA), as part of this year’s cyber security month campaign, has asserted that the most common type of threat is social engineering, by means of which the malicious attackers employ sophisticated manipulation tactics to breach both our personal and institutional security defenses. „Be Smarter Than A Hacker“ is the EU slogan for the month of October 2023. 

Considering the growing number of various cyber threats and attacks, the National CERT, in cooperation with other bodies and organizations dealing with information security, has continuously promoted safe Internet use, in the aim of raising awareness and knowledge necessary to face challenges in the cyber space. In collaboration with the National Alliance for Local Economic Development (NALED), a technical training for the representatives of local self-governing units has been planned for October.   

Based on the incidents reported to the National CERT, the most frequent types of attacks continue to be Phishing and Ransomware, as well as the unauthorized use of resources and other types of online frauds. The data show that 73% of the total cases reported to the National CERT represent various online frauds, most usually consisting in the use of fake Internet domains of financial institutions and postal service operators, as well as sophisticated phishing campaigns created using advanced technology tools such as ChatGPT.

Legal explanations of the draft regulation governing the area of information security will allow for improvements of cyber security in the Republic of Serbia, as a result of an alignment with up-to-date European regulatory solutions, re-definition of competencies and a more precise protocol in the event of incidents or cyber threats, as well as the strengthening of the institutional frame in responding to cyber threats. The proposed text is a legal basis for a more advanced cyber security development, similar to that in the EU countries, which will make it possible for the Republic of Serbia to improve its protective measures for ICT systems and networks, and adequately respond to ever-growing challenges in the area of information technologies and their use.

The national cyber conference will be held on October the 17th in the Crowne Plaza Hotel in Belgrade, in partnership with the Serbian National Internet Domain Registry Foundation (RNIDS), with the support of the Ministry of Information and Telecommunications and the Cybersecurity Network Foundation, with the aim to offer an extensive overview of the current activities in the area of cyber security – from new regulations, economic and academic activities, to the presentation of models and solutions to raise awareness in the area of information security.

More on the conference and its content is available at the following link. Conference attendance is free, with mandatory registration via the following link.

The National CERT of the Republic of Serbia would like to inform and warn the citizens of a multitude of current online phishing and ransomware campaigns along with the existence of malicious applications for mobile devices. Beside the usual Internet based campaings targeting email addresses of the users, some SMS or mobile phone call based campaigns have also been observed.

These messages or malicious applications usually contains information on COVID-19, but a certain number of messages with different content have also been detected, since the users understandably switched to online and mobile communication during the state of emergency.

As part of preventive measures and actions, the National CERT urges all citizens to additionally verify the legitimacy of messages or calls requiring their personal data such as: user name and password, unique citizens identity number, current account number, credit card number including PIN and similar, so as to prevent the abuse of their accounts and personal data by the malicious Internet users.

The National CERT of the Republic of Serbia informs the citizens and companies that a phishing campaign abusing the Covid-19 pandemic, targeting the public institutions and companies is under way. An email sent from address katarina.vojvodic@batut.org.rs, contains a fake notification from the Institute of Public Health of Serbia „Dr Milan Jovanović Batut“ about free distribution of protective gear to all registered individuals, and an attachment titled „preventive gear application form.pdf.zip“. This fake registration requires filling-in of the attached application form and it being sent by the end of working hours, thus abusing the emergency procedure and starting the download of malicous software - malware LokiBot. More on this malware can be found here

The National CERT advises all citizens and companies who receive such notification not to open the attachment contained in the email and report the phishing attempt to vtk@mup.gov.rs

Here you can find a warning issued by the Department of prevention of high tech crime, of the Ministry of Interior.

The National CERT wishes to warn the users of Microsoft Office 365 of a possible new phishing campaign where attackers try to get hold of the users’ Office 365 account login credentials.

The phishing message features fake notification about the Zoom communication platform account being taken down, with a link redirecting the user to a fake Microsoft login page. Based on the latest research, similar phishing messages appear to have reached over 50,000 email addresses so far. Taking over the credentials enables the attackers to access and abuse all the sensitive information stored in these accounts.

More info is available at the following links:

• https://www.bleepingcomputer.com/news/security/persuasive-office-365-phishing-uses-fake-zoom-suspension-alerts/
• https://abnormalsecurity.com/blog/abnormal-attack-stories-spoofed-zoom-attack/

So far, with the pandemic still increasingly present and a great deal of work being done from home, numerous abuses of communications platforms have been observed, among them the popular Zoom application. For more, please follow the National CERT’s link.

On April 28, 2021, the first regular meeting of the government body CERT, the National Bank of Serbia and independent ICT system operators' CERTs was hosted by the National CERT. The challenges discussed at the meeting pertain to ever growing sophisticated phishing campaigns, highlighting the necessity of systems for detection and prevention of such types of attacks, as well as raising awareness both with the employees and the general public about this threat. Particular importance was placed on a continuous exchange of information on current events and activity plans for the future.

In accordance with the Law on Information Security, the National CERT, government body CERT and independent ICT system operators' CERTs maintain constant cooperation in the aim of improving the cyber security of the Republic of Serbia.