Be careful and verify the sender requesting a payment

Phishing and fraud attempts through e-mail, SMS or apps such as WhatsApp and Viber are increasingly more common

The sender identifies themselves as Zagrebačka banka, a state institution, a courier service, etc., attempting to deceive you into opening the link and entering your:


  • Card information (card number, expiration date, CVV/CVC)
  • Token number or token-generated codes (OTP, MAC)
  • Activation keys for m-zaba /m-token

Make sure to verify each sender asking you to provide any of the abovementioned information in order to receive a payment.

Only access your on-line banking at www.zaba.hr, not through links sent to you via e-mail and third-party messages.

If you are expecting a payment, all you need to do it provide your (account number) and name and surname of account owner. Authorisation through a push-message or token is not necessary.