Phishing presents a threat to online security and is often executed through communication channels such as fake websites, emails, social media, SMS, Viber or WhatsApp messages.
The goal is to collect your personal and confidential information, such as usernames, passwords, credit or debit card numbers, and other sensitive data. It’s extremely important to avoid storing usernames and passwords in browsers and sharing them with others.

How to protect yourself:

1. Carefully check email addresses: Before opening any link or attachment in an email, carefully check the sender’s email address. Online scams often use addresses similar to those of banks and other institutions to obtain user data. If the email seems suspicious or the address is unknown, be cautious.
It’s important that the sender’s name, last name and organization name match both in the sender’s name and email address. For example: if the sender is Petar Petrović with the email address, the email cannot be pera.petar@xtestaddress.xz.

2. Pay attention to incomplete or poorly written emails: Phishing emails often contain grammar mistakes, improperly formatted text or incomplete information. Serious organizations do not send such emails.

3. Do not share confidential information via email: Private or government institutions or organizations, especially banks, will never ask you to send sensitive data via email, such as passwords, account numbers, payment card details, ID numbers, expiration dates, security codes and other confidential information of debit/credit cards. Never respond to such requests.

4. Be careful with links: Hover your mouse cursor over the link to check the address it leads to. If it’s not the same address as the one stated in the text or doesn’t start with https, then caution is needed.

5. Check SSL Certificates (https:// and padlock icon): When visiting a website where you enter confidential information, make sure the site is secure by checking for an SSL certificate. If it has one, such a site contains “https://” before the URL and a padlock icon in the browser. If they’re not present, we don’t recommend leaving confidential data on such websites.

6. Use two-factor authentication: Many websites and applications offer logging in using two-factor authentication, which involves sending an additional code via SMS or email after entering your username and password. The code can also be generated through one of the two-factor authentication apps. Activate two-factor authentication (2FA) for your online accounts wherever possible, as it further complicates internet fraud, even if your username and password are compromised.

7. Avoid storing passwords in browsers and sharing them with others: Do not store usernames and passwords in browsers, as this may allow access to your data to those who use the same device or in case of external attacks (hacking). Also, never share your passwords with anyone, not even friends or colleagues.

8. Stay informed: Regularly follow updates and information on current phishing tactics. The better you understand how attacks work, the easier it will be to recognize potential threats.