The National CERT of the Republic of Serbia wishes to inform the citizens that a new phishing campaign is under way, which abuses the name of the National Bank of Serbia. Phishing attempts are initiated from Facebook page named ’’NBS’’, mimicking the legitimate web page of the National Bank of Serbia, whereby the citizens are offered a false possibility to double their Dina Card balance, if they provide required information.

The message reads:

Since the phishing page is created with an intent to collect citizens’ personal data, the advertized reward being fraudulent and not associated in any way with the National Bank of Serbia, the National CERT urges the citizens not to disclose their personal information.

Notification and recommendations of National Bank of Serbia, regarding this fraud, are available at the link.

The National CERT warns the public that the scam directed against e-commerce platform users has been intensified in the past two weeks. This abuse targets the advertisers, contacted through an application by the supposed buyers interested in specific advertized products.

The communication is usually made via Viber, in bad Serbian, using contact telephone numbers mainly from abroad, with Ukranian numbers currently being the most popular.

The supposed buyer starts the conversation by asking the advertizer if the product is still available and if the purchase can be made online. Then, a link is provided to them on behalf of a supposed e-commerce platform administrator, along with an explanation that the supposed buyer has already made a payment via an application and that the advertizer is now required to follow a link leading to a page where credit card number and CVV number are to be entered in the offered field, so that the payment for the product could be supposedly finalized. Occasionally, the supposed buyer asks the advertizer additionally for the codes the latter gets while filling in the form. As soon as the advertizer enters the data and delivers the codes, the funds from their bank account get withdrawn, after which the fraudster leaves the conversation, blocking any further contact.

The National CERT advises all e-commerce platform users to be extremely vigilant when asked to disclose their personal bank account data, and to pay special attention to payment conditions on the platforms they use.

This very frequent phishing type of abuse is preventable by knowledge. Learn how to recognize phishing attacks and do not let yourself become an easy target.

Video

Brochure

The National CERT actively participated in the Fourth Regional Conference „Risks of the New Age: Sustainability and Resilience“, which took place on June 1, 2023 in the Hyatt Hotel in Belgarde. On that occasion, the National CERT took part in a panel titled „Cybersecurity“, also attended by the representaives of the Financial CERT and telecommunication company A1, where a discussion was held about most common types of cyber attacks and their impact on the businesses in Serbia. Some of the topics discussed at the panel were:

• For a second year in a row, cyber risks have been identified as a major threat on the list of business risks. Why?
• Does cyber crime intensify in the time of crisis?
• Why are Serbian companies increasingly targeted?
• Most frequent and most costly cyber frauds (social engineering) and how to recognize them?
• Cyber attacks on IT systems – ways of prevention, defense and recovery.

According to an Allianz risk research, cyber incident risks have been on the top of the list of business threats for a second year in a row, emphasizing the importance of cybersecurity. This study has been carried out since 2012. Whether it involves hacker attacks on a system or a system „intrusion“ due to the lack of human attention, or whether it be data theft or business interruption, it has been causing a constantly increasing average loss per company, reaching 4.35 million dollars of damage in 2022. The panel pointed to a growing number of social engineering attacks, among which phishing and ransomware, whereby the attacker, after an unauthorized access to resources, locks the victim’s valuable data, claiming a ransom. As a conclusion, it was explained how to detect a phishing attack in an environment of an ever- increasing use of artificial intelligence.

The Regulatory Authority for Electronic Communications and Postal Services (RATEL), as the National CERT of the Republic of Serbia, is celebrating October as an international cyber security month, with a campaign titled „Information Security – Joint Responsibility“. The aim of this year’s campaign is to get users acquainted with current online threats, as well as with each individual’s role in responding to cyber challenges. Raising awareness and knowledge of users reduces the possibility of cyber attacks against critical infrastructure of the Republic of Serbia and state institutions, businesses, SMEs and natural persons. Timely identification of a single phishing attack and adequate response to it can significantly reduce the incident’s impact and its further distribution, as well as the consequences on the society as a whole.

The European Union Agency for Cybersecurity (ENISA), as part of this year’s cyber security month campaign, has asserted that the most common type of threat is social engineering, by means of which the malicious attackers employ sophisticated manipulation tactics to breach both our personal and institutional security defenses. „Be Smarter Than A Hacker“ is the EU slogan for the month of October 2023. 

Considering the growing number of various cyber threats and attacks, the National CERT, in cooperation with other bodies and organizations dealing with information security, has continuously promoted safe Internet use, in the aim of raising awareness and knowledge necessary to face challenges in the cyber space. In collaboration with the National Alliance for Local Economic Development (NALED), a technical training for the representatives of local self-governing units has been planned for October.   

Based on the incidents reported to the National CERT, the most frequent types of attacks continue to be Phishing and Ransomware, as well as the unauthorized use of resources and other types of online frauds. The data show that 73% of the total cases reported to the National CERT represent various online frauds, most usually consisting in the use of fake Internet domains of financial institutions and postal service operators, as well as sophisticated phishing campaigns created using advanced technology tools such as ChatGPT.

Legal explanations of the draft regulation governing the area of information security will allow for improvements of cyber security in the Republic of Serbia, as a result of an alignment with up-to-date European regulatory solutions, re-definition of competencies and a more precise protocol in the event of incidents or cyber threats, as well as the strengthening of the institutional frame in responding to cyber threats. The proposed text is a legal basis for a more advanced cyber security development, similar to that in the EU countries, which will make it possible for the Republic of Serbia to improve its protective measures for ICT systems and networks, and adequately respond to ever-growing challenges in the area of information technologies and their use.

The national cyber conference will be held on October the 17th in the Crowne Plaza Hotel in Belgrade, in partnership with the Serbian National Internet Domain Registry Foundation (RNIDS), with the support of the Ministry of Information and Telecommunications and the Cybersecurity Network Foundation, with the aim to offer an extensive overview of the current activities in the area of cyber security – from new regulations, economic and academic activities, to the presentation of models and solutions to raise awareness in the area of information security.

More on the conference and its content is available at the following link. Conference attendance is free, with mandatory registration via the following link.

The Regulatory Authority for Electronic Communications and Postal Services (RATEL), in the capacity of the National CERT of the Republic of Serbia, and the Serbian National Internet Domain Name Registry foundation (RNIDS) will be hosting, at 10h, on October 23, 2024, at the Radissson Old Mill Hotel in Belgrade, a national cyber conference aiming to provide, for the third year in a row, a comprehensive insight into the current and important cybersecurity topics, equally relevant for the economy, cyber security experts and modern technology private users.

This year, experts from international organizations will summarize the themes and processes that make local impact, so that the public will be able to get informed about the status, progress and models of the NIS2 Directive implementation in the EU countries. The current draft Law on Information Security will be discussed, including bottlenecks in the NIS2 Directive implementation in the national legislation, in view of the current international experience.

Next up, the National CERT’s activities over the last year will be presented, including relevant initiatives and projects made by other organizations, which all contribute to the cybersecurity capacity building.

A separate panel will be dedicated to the theme Coordinated Vulnerability Disclosure (CVD) which promotes an active participation of various interested parties in the research and vulnerability reporting, in order to decrease the underlying risk. This is one of the significant components of the NIS2 Directive and it will be discussed both from the point of view of the legislator and the protection of human rights during investigative procedures.

Furthermore, it will be discussed about an extensive array of threats from social networks – such as frauds, phishing messages, account thefts for extortion or identity abuse purposes, which compromise both private and business users. It will be highlighted how the threats evolve, is there a liability of platforms, but also what are recommendable safety measures that prevent risks. 

The conference program is available at the following link.

The attendance is free of charge, however, due to a limited number of seats in the conference hall, registration of participants is required and can be carried out via the following link. During the registration, it is possible to chose whether to attend the event on-site or online.

The conference is being organized with the support of the Ministry of Information and Telecommunications, the Cybersecurity Network Foundation (CSN), OSCE Mission to Serbia, organizations eGA, ICANN, CILC and NUKIB.

The National CERT warns all citizens that a current phishing campaign is under way in which a malicious attacker is trying to misuse the name "Elektroprivreda Srbije". Users are being sent an email with the following content:

By clicking on the link, citizens are redirected to a fake website of the Serbian Electric Power Company, where the entry of personal data is required. By entering this information on the fake website, the ultimate goal of the attacker is achieved – to withdraw money from the victim’s bank account.

The National CERT recommends that citizens avoid opening links in messages received from unknown senders, use official websites to follow notifications, and report an incident in case they have been scammed or notice a fraud attempt.

In addition, in order to improve the level of security for online shopping, the general recommendation for users is to make their payments via a special Internet card, intended exclusively for online payments. In this way, users can limit access to the funds available on the card, thus preventing attackers from clearing their dinar or foreign currency account.

 The National CERT of the Republic of Serbia would like to inform and warn all citizens about an ongoing phishing campaign targeting the subscribers of Netflix and Spotify.

The users are sent a message via SMS or e-mail.

An example of a message that can be distributed via SMS may be as follows:

 “NETFLIX: There was an issue processing your recent payment. To keep your services active, please sign in and confirm your details at the following link”.

An example of a message that can be distributed via e-mail may be as follows:

 „We cannot proceed with payment. Your Netflix Premium payment method is not working, and we were unable to charge it.“

After accessing the link from the message, users are asked to enter their credit card information supposedly to confirm the subscription. The provision of the required data by the user enables the attackers to take over the user's bank account and withdraw the funds.

The National CERT recommends that all similar messages featuring subscription-related issues be taken with utmost caution, urging the users to pay attention to the Internet domain and only disclose their personal data at the official addresses: https://netflix.com or https://open.spotify.com/.   

The figures below features fake pages with a suspicious fraud-indicative web addresses.

The National CERT wishes to inform the public on the current phishing campaigns abusing COVID-19 virus (coronavirus) alerts.

The campaign is most frequently being realized in the form of email messages containing different types of information related to COVID-19 virus.

In the email body text, the recipient is asked to enter user name and password, in order to supposedly access information on protection measures related to COVID-19.

In addition, the messages can also contain information on other current topics related to coronavirus, such as: infection maps, possible impact on the economy and similar.

The National CERT recommends the users not to enter their credentials in case of such emails.

Reduced possibility of spoofing the original Domain

Prevention of potential abuse of the user's email address

The implementation of three email verification mechanisms (SPF, DKIM and DMARK) can significantly reduce the receipt of Phishing messages.