Reduced possibility of spoofing the original Domain

Prevention of potential abuse of the user's email address

The implementation of three email verification mechanisms (SPF, DKIM and DMARK) can significantly reduce the receipt of Phishing messages.

The National CERT wishes to inform the public on the current phishing campaigns abusing COVID-19 virus (coronavirus) alerts.

The campaign is most frequently being realized in the form of email messages containing different types of information related to COVID-19 virus.

In the email body text, the recipient is asked to enter user name and password, in order to supposedly access information on protection measures related to COVID-19.

In addition, the messages can also contain information on other current topics related to coronavirus, such as: infection maps, possible impact on the economy and similar.

The National CERT recommends the users not to enter their credentials in case of such emails.

• Vishing is a cyber scam that takes place through calls
• Smishing is a cyber scam that starts via SMS or Chat messages
• The most common scams are aimed at collecting personal, business or financial data

The National CERT of the Republic of Serbia informs the public about an ongoing phishing campaign that misuses the name of the National Bank of Serbia.  

Scams are being delivered to citizens via email or social media, requesting the entry of personal and financial information, which attackers can use to withdraw funds from citizens' accounts.  

The announcement from the National Bank of Serbia is available at the following link.  

December being traditionally a month of holiday shopping and increased volumes of posted items, it is also a time of a growing number of cyber threat attempts. The National CERT of the Republic of Serbia therefore warns the citizens about current SMS phishing frauds targeting the users of postal services in this time of the year.

The attackers usually initiate the fraud by sending an SMS or text, containing an information about an unsuccessful postal item delivery attempt, along with a link to confirm address details. By clicking on the link, the victim is transferred to a fake web page of the PE Post of Serbia, where they are asked to enter personal information and credit card data. Disclosure of these personal data on the fake web page enables the attackers to clear the victim’s bank account.

The National CERT urges the citizens not to click on links contained in messages from unknown senders and to report similar incidents, in case they were defrauded.

More on this topic can be found in our video: ‘’SMS phishing frauds’’.

The National CERT warns all citizens that a new phishing campaign is under way in which a malicious attacker is trying to misuse the name " Telekom Srbija". Users are being sent an email with the following content:

By clicking on the link, citizens are redirected to a fake website of Telekom Srbija, where the entry of personal data is required. By entering this information on the fake website, the ultimate goal of the attacker is achieved – withdrawal of money from the victim’s bank account.

The National CERT recommends that citizens avoid opening links in messages received from unknown senders, use official websites to follow notifications, and report an incident in case they have been scammed or if they notice a fraud attempt.

In addition, in order to improve the level of security for online shopping, the general recommendation for users is to make their payments via a special Internet card, intended exclusively for online payments. In this way, users can limit access to the funds available on the card, thus preventing attackers from clearing their dinar or foreign currency account.

In early January, the National CERT informed citizens about a phishing scam via SMS messages targeting Netflix platform users.

Citizens were asked to enter their payment card details in order to allegedly extend an expired subscription. By entering the requested payment card details, the attackers were enabled to take unauthorized access to the user's funds.

If you have received such a message or have been harmed in this way, please read the official statement of the Ministry of the Interior at the following link.

More information about phishing scams and how you can react in advance is available on our website, in the publications section. 

The National CERT of the Republic of Serbia would like to inform and warn the citizens of a multitude of current online phishing and ransomware campaigns along with the existence of malicious applications for mobile devices. Beside the usual Internet based campaings targeting email addresses of the users, some SMS or mobile phone call based campaigns have also been observed.

These messages or malicious applications usually contains information on COVID-19, but a certain number of messages with different content have also been detected, since the users understandably switched to online and mobile communication during the state of emergency.

As part of preventive measures and actions, the National CERT urges all citizens to additionally verify the legitimacy of messages or calls requiring their personal data such as: user name and password, unique citizens identity number, current account number, credit card number including PIN and similar, so as to prevent the abuse of their accounts and personal data by the malicious Internet users.

The National CERT of the Republic of Serbia informs the citizens and companies that a phishing campaign abusing the Covid-19 pandemic, targeting the public institutions and companies is under way. An email sent from address katarina.vojvodic@batut.org.rs, contains a fake notification from the Institute of Public Health of Serbia „Dr Milan Jovanović Batut“ about free distribution of protective gear to all registered individuals, and an attachment titled „preventive gear application form.pdf.zip“. This fake registration requires filling-in of the attached application form and it being sent by the end of working hours, thus abusing the emergency procedure and starting the download of malicous software - malware LokiBot. More on this malware can be found here

The National CERT advises all citizens and companies who receive such notification not to open the attachment contained in the email and report the phishing attempt to vtk@mup.gov.rs

Here you can find a warning issued by the Department of prevention of high tech crime, of the Ministry of Interior.