A phishing campaign is under way against clients of several banks doing business in the Republic of Serbia. The phishing emails appear to be sent out from legitimate domains and contain attachments on foreign exchange inflow activating a malicious code in the background.
Based on the available information, we notify the public that these emails are not being sent from the banks' servers. The banks have undertaken all necessary activities in order to block these messages from reaching the clients.
The National CERT recommends to all bank clients who receive silimar emails to delete them right away and, under any circumstances, not to open the attachment.
Below are some of the latest examples of the phishing messages:
https://www.bancaintesa.rs/medija-centar/vesti.367.html?newsId=1616
https://www.erstebank.rs/sr/blog/2019/prevare-preko-mejla
https://www.otpsrbija.rs/alert/vazno-obavestenje-o-malicioznim-mailovima/