How to protect yourself from online fraud

With our time spent on e-mail, social media, various online services and online banking rising steadily, the topics surrounding Internet safety are becoming increasingly more important.

But there is no need to worry – you don't have to be an expert to browse the web safely! Here are a few simple habits you can adopt.
When online, remember to always secure a safe access to your e-mail, online banking and social media and always be careful when opening e-mails containing links or attachments.

5 ways to protect yourself from online fraud

1. Pay attention to incoming messages and learn to recognize fraud.

  • E-mails from Zagrebačka banka always contain your first and last name and information about your branch office. The Bank will never ask you to provide: password, credit/debit card number and PIN.
  • Do not open unexpected e-mails, text messages or chats. Never open attachements or click on the links.
  • Do not reply to e-mails, text messages, chats or links by providing your credentials (such as your user name, password, PIN, security token…).
  • Never give your credentials to anyone over the phone.

2. Always be extra careful when using passwords.

  • Never give your passwords to third parties, particularly m-token passwords required to authorize banking transactions.
  • Make sure to always remember that a banker will never ask for your password or contact you through a messaging app.
  • Do not use the same password on different websites
  • When required to provide personal information and password, make sure that those requirements match the service/goods you are using/buying (for example, when downloading a videogame, being asked to give access to your contact list, microphone and/or photos is not usual practice).
  • Update your smartphones, tablets and computers; use antivirus software for protection and secure access with a password, fingerprint, digital recognition or face recognition

3. Try to remember your codes and passwords.

  • Never save them in your smartphone (either as text or image file).
  • Never give browsers permission to automatically save your usernames and passwords.

4. Take advantage of different services offered by your Bank.

Checking your current balance, your accounts or card transactions is made simple through online banking on your mobile app (m-zaba), the internet (e-zaba), at ATMs or directly at a branch office.

5. When making purchases online, always pay attention to where and how you buy.

  • Check the credibility of the website and use only official apps.
  • Use only secure, password protected links.
  • When possible, avoid free and public Wi-Fi. Never use it for online shopping, accessing your designated area on the Bank’s website or cloud storage (like iCloud or Google Drive).

What are phishing messages?

Phishing messages are a type of online fraud in which the sender, falsely claiming to be a legitimate organization, sends out e-mails in order to steal sensitive information.
An example of phishing are e-mails seemingly coming from Zagrebačka banka, that are in reality not sent by the Bank. Example: sender’s address is
Even though such messages will display Zagrebačka banka’s logo, they are not sent by Zagrebačka bank! These messages seeming originating from the Bank contain the kind of links and attachments the Bank would never send you, and often contain grammar and spelling mistakes.

It’s important to remember:

  • Do not click on links or open attachments from such messages.
  • Do not reply to such e-mails.
  • Delete the e-mail at once.

In case you receive a suspicious call or an e-mail demanding secret information necessary to authorize banking transactions, be sure to let us know at 01/3789 785 or by a-mail at

How to recognize potential fraud

Here are several examples of frauds that could have been prevented by exercising more caution and following the tips listed above:

  • I was expecting a parcel and I received an e-mail from the address that looked like the address of the company that was sending me the parcel. The e-mail contained a link. They asked me to provide my credit card information in order to pay for the delivery. After paying the requested amount and authorizing the transaction using an OTP token number, I received a text message to my phone saying that a large amount of money was transferred from my account. I checked what had happened more carefully, realizing that the e-mail I received did not actually come from the real company’s address.
  • I wanted to sell my bicycle through a well known site used to buy and sell things. A buyer contacted my through Whatsapp, requesting my card number to send me the money. After I provided my card information and the OTP token password, I realized money had been transferred from my account. I should not have given my information to an untrusted party.


Zagrebačka banka sends messages and other information through official Zagrebačka banka channels only and never requests passwords to your online banking services.
Read Safety recommendations and learn about the safe use of e-zaba and how to protect yourself from online fraud.