The National CERT of the Republic of Serbia informs the public about an ongoing phishing campaign that misuses the name of the National Bank of Serbia.  

Scams are being delivered to citizens via email or social media, requesting the entry of personal and financial information, which attackers can use to withdraw funds from citizens' accounts.  

The announcement from the National Bank of Serbia is available at the following link.  

December being traditionally a month of holiday shopping and increased volumes of posted items, it is also a time of a growing number of cyber threat attempts. The National CERT of the Republic of Serbia therefore warns the citizens about current SMS phishing frauds targeting the users of postal services in this time of the year.

The attackers usually initiate the fraud by sending an SMS or text, containing an information about an unsuccessful postal item delivery attempt, along with a link to confirm address details. By clicking on the link, the victim is transferred to a fake web page of the PE Post of Serbia, where they are asked to enter personal information and credit card data. Disclosure of these personal data on the fake web page enables the attackers to clear the victim’s bank account.

The National CERT urges the citizens not to click on links contained in messages from unknown senders and to report similar incidents, in case they were defrauded.

More on this topic can be found in our video: ‘’SMS phishing frauds’’.

The National CERT warns all citizens that a new phishing campaign is under way in which a malicious attacker is trying to misuse the name " Telekom Srbija". Users are being sent an email with the following content:

By clicking on the link, citizens are redirected to a fake website of Telekom Srbija, where the entry of personal data is required. By entering this information on the fake website, the ultimate goal of the attacker is achieved – withdrawal of money from the victim’s bank account.

The National CERT recommends that citizens avoid opening links in messages received from unknown senders, use official websites to follow notifications, and report an incident in case they have been scammed or if they notice a fraud attempt.

In addition, in order to improve the level of security for online shopping, the general recommendation for users is to make their payments via a special Internet card, intended exclusively for online payments. In this way, users can limit access to the funds available on the card, thus preventing attackers from clearing their dinar or foreign currency account.

In early January, the National CERT informed citizens about a phishing scam via SMS messages targeting Netflix platform users.

Citizens were asked to enter their payment card details in order to allegedly extend an expired subscription. By entering the requested payment card details, the attackers were enabled to take unauthorized access to the user's funds.

If you have received such a message or have been harmed in this way, please read the official statement of the Ministry of the Interior at the following link.

More information about phishing scams and how you can react in advance is available on our website, in the publications section. 

The National CERT of the Republic of Serbia warns all citizens that there is a current phishing campaign that abuses the name of the Tax Administration of the Republic of Serbia.

Users receive email or text messages allegedly sent by the Tax Administration of the Republic of Serbia, wherein they are requested to update their bank details in order to enable a tax refund.

The National CERT strongly advises against opening such messages and entering any financial or personal data.

More details about this scam are also available on the Tax Administration website, at the following link.

The National CERT of the Republic of Serbia wishes to inform and warn all users about an ongoing phishing campaign being distributed via WhatsApp. Attackers are sending messages from known phone numbers, posing as contacts in the user's address book. The messages are related to an alleged contest, with users being invited to vote by clicking on a link contained in the message.

While the text and links in the message may differ, clicking on the link enables the attacker to connect their device as an additional device to access your WhatsApp account, which gives them the ability to read your messages, access your contact list, impersonate you and distribute malicious links to contacts in your address book on your behalf.

The National CERT recommends that, if a user receives such a message, they inform their contacts through an alternative communication channel that their account has been hacked and alert them not to access the links in the message.

The user is advised to find the ''Linked Devices'' option on their phone and if they notice an unknown device in the list of connected devices, immediately remove it from the list.

The National CERT warns citizens that a phishing campaign abusing the name of the public enterprise "Roads of Serbia" is active again. Users receive SMS messages with a notification about an alleged outstanding obligation related to a traffic fine.

By clicking on the link in the message, the user is redirected to a website which simulates the legitimate website of the Public Enterprise "Roads of Serbia". While links may vary, the official website of the PE "Roads of Serbia" remains https://www.putevi-srbije.rs.

The fraudulent website was created with the aim of collecting citizens' phone numbers, as well as their bank card data.

More details about these and similar forms of fraud can be found in our new publication Smishing and the development of SMS fraud.

The National CERT recommends that citizens not access links from these messages and report the incident if they have been scammed or in case they notice an attempted fraud.

The National CERT of the Republic of Serbia would like to inform and warn the citizens of a multitude of current online phishing and ransomware campaigns along with the existence of malicious applications for mobile devices. Beside the usual Internet based campaings targeting email addresses of the users, some SMS or mobile phone call based campaigns have also been observed.

These messages or malicious applications usually contains information on COVID-19, but a certain number of messages with different content have also been detected, since the users understandably switched to online and mobile communication during the state of emergency.

As part of preventive measures and actions, the National CERT urges all citizens to additionally verify the legitimacy of messages or calls requiring their personal data such as: user name and password, unique citizens identity number, current account number, credit card number including PIN and similar, so as to prevent the abuse of their accounts and personal data by the malicious Internet users.

The National CERT of the Republic of Serbia informs the citizens and companies that a phishing campaign abusing the Covid-19 pandemic, targeting the public institutions and companies is under way. An email sent from address katarina.vojvodic@batut.org.rs, contains a fake notification from the Institute of Public Health of Serbia „Dr Milan Jovanović Batut“ about free distribution of protective gear to all registered individuals, and an attachment titled „preventive gear application form.pdf.zip“. This fake registration requires filling-in of the attached application form and it being sent by the end of working hours, thus abusing the emergency procedure and starting the download of malicous software - malware LokiBot. More on this malware can be found here

The National CERT advises all citizens and companies who receive such notification not to open the attachment contained in the email and report the phishing attempt to vtk@mup.gov.rs

Here you can find a warning issued by the Department of prevention of high tech crime, of the Ministry of Interior.