Internet safety

Pay attention to emails which seem to come from the address of the Bank
IMPORTANT! For logging in to e-zaba! You only have to enter the serial number of the token and the one-time password (APPLI1/OTP). Enter APPLI2/MAC or APPLI4/DFE only after logging in to e-zaba.
If any other information is requested for login, for example APPLI2/MAC or APPLI4/DFE, abort the login and notify the Bank immediately at or by calling 01 3789 785, or inform your branch/personal banker.
Due to the continued presence of malware (viruses, Trojans, etc.) which is trying to collect confidential data from computer owners in Croatia, the Croatian Banking Association (CBA) informs that the Department of National CERT (National Computer Emergency Response Team) of the Croatian Academic and Research Network (CARNet) has launched a special website to further inform and protect computer owners from such criminal acts. 
For additional information on the safety of bank transactions and data on the Internet, please visit the portal Sigurnost na internetu (Online safety).
Pay attention to emails which seem to come from the address of the Bank
(the address of the sender seems to be the email address of the Bank, for example Although supposed emails from the Bank contain the logo of Zagrebačka banka in the header, these are not emails sent by Zagrebačka banka! Supposed emails from the Bank also contain links and attachments which the Bank would never send, including grammatically incorrect sentences.
Do not respond to these emails, do not click on the links and do not open the attachments contained in such emails. Log in to e-zaba Internet banking directly from the Bank's website and not via links from emails or any other website.
The Bank will not send emails inviting you to click on a link to log in to e-zaba!
Zagrebačka banka sends messages to its client within e-zaba or by email, and will never send messages in order to notify you that you have messages in e-zaba.
Warning - never open suspicious emails
One way of spreading viruses that can compromise a user's computer is by email. Zagrebačka banka has received several notifications on receiving suspicious emails with links leading to websites containing a virus or other malicious software.
Although the address seems to be the address of Zagrebačka banka, the received email contains suspicious attachments or links. Please pay attention to emails that you do not expect, containing attachments and links. We recommend that you do not open such emails or their attachments and links, and do not visit any linked websites from such messages, but delete them.
Notice from the Croatian Banking Association: Be careful when making payments, check payee information
Recently there have been new attempts of fraud where the attacker wants to get hold of the money of bank account owners by specifying cash payments to wrong payee accounts. Attackers present themselves to business entities mainly by phone or email as entrepreneurs, offering new cooperation on a new project, or use a fake email address to inform them about a change of the payee's account number with which the company already has a business relationship or uses their services. Based on this information, the representative of the company makes a payment to an account which is not the actual account of the payee.
With regard to the mentioned attempts of fraud, we advise that all payers pay more attention when making payments, especially when making a payment to a payee for the first time, or if you receive information about a change of the payee's account number by email. In case of receiving information about a change of the account, we suggest that you double-check the payee information, using another communication channel other than email, if possible (for example, by phone or by visiting the official website of the business entity). In addition, we propose that you compare the email addresses of the business entity from which such a warning email was sent with the addresses on the official website of the business entity.
Once again we draw attention to the fact that an attacker has access to all applications on your computer, including the user's email system, in the event of a computer infection with a malicious code. In these cases, the attacker can access the email addresses of the computer owner and create false email addresses of business entities with whom the owner is in touch based on their previous correspondence.
Also, please note that a computer can become infected in a variety of ways, for example by opening infected email attachments, opening links to a malicious code on the Internet, using programs for the remote control of a computer, etc. It is highly recommended that computer owners continually take care of the safety of their computers and to hire additional professional IT support immediately after detecting the presence of a malicious code for a comprehensive approach to addressing the causes of safety breaches of their IT systems.
Finally, we once again remind you that all users of Internet banking for business entities have to remove the smart card or USB safety device from the computer after using Internet banking for the best protection of the company from such programs in e-banking.
Zagrebačka banka warns of the ongoing computer attacks on business and personal computers in Croatia. According to available information, some client computers are infected with a malicious code which gathers their owners' and users' confidential data (user identity, passwords, account numbers, etc.), enabling the attacker to assume control over the computer and access all applications on the computer as well as external services (e.g. email system). Computers are infected by opening links received via email. We suggest that all clients who suspect that their computer may be infected call an expert to examine the computer.
Since the goal of the attacker is to use data available on the computer, we warn all our clients to continue to follow all safety rules when using e-zaba, and that they should never reveal secret identification or other confidential personal information to any third party, whether by email or otherwise. We emphasize that Zagrebačka banka never asks its clients to divulge the PIN number for a cryptographic device or any other confidential personal data.
As these attempts of abuse are particularly targeted at business users who use Internet banking to authorize transactions via cards and readers connected to the computer, we warn clients of e-zaba for business entities that they should follow all the safety rules, store their cryptographic device in a safe place after using it, and not store the PIN alongside the device in order to prevent fraud and other unwanted events.
Regarding the use of e-banking for retail users, given the method and time frame of authorization via tokens outside of the computer, the accounts of natural persons are not at risk even if a user's computer is under attack.  Therefore, by following the rules of PIN and token protection, there will be no account abuse while using e-zaba.
This type of attack does not compromise the safety system of the bank, however we ask our clients to report every suspicious phone call or email which requests confidential information necessary to authorize banking transactions. This can be reported by calling 0800 5678 or by sending an email to
Due to the continued presence of malware (viruses, Trojans, etc.) which is trying to collect confidential data from computer owners in Croatia, the Croatian Banking Association (CBA) informs that the Department of National CERT (National Computer Emergency Response Team) of the Croatian Academic and Research Network (CARNet) launched a special website to further inform and protect computer owners from such criminal acts.

Postavke kolačića

Tehnički kolačići (neophodni)

Performansni kolačići (neobavezni)

Marketinški kolačići (neobavezni)

Tehnički kolačićiUvijek aktivni

Ovi kolačići su neophodni za funkcioniranje web stranice i ne mogu se isključiti u našem sustavu. Obično se postavljaju samo kao reakcija na vašu radnju koja predstavlja zahtjev za uslugom, kao što je postavljanje vaših postavki privatnosti, prijavljivanje ili popunjavanje obrazaca.

Kolačići koji se koriste:

JSESSIONID - čuva stanje sesija kroz zahtjeve za stranicama

PD_STATEFUL - kolačići sigurnosti sesije Server session security cookies

PD_SESSION-ID - jdinstveni Unique server session security cookie

PWSESSIONID – kolačić sesije poslužitelja

Parent_alive - kolačić sesije poslužitelja

Gtm_tracking - čuva korisnikov pristanak na praćenje

Option_set – čuva vrijednost za pokazivanje cookie bara

Zaba_performance- čuva posjetiteljev pristanak za bolje performance

Performansni kolačići

Ovi kolačići omogućuju nam da računamo posjete i izvore prometa, kako bismo mogli izmjeriti i poboljšati performanse naših stranica. Oni nam pomažu da znamo koje su podstranice najpopularnije ili najmanje posjećene, te kako se posjetitelji ponašaju po web stranici. Sve informacije koje ovi kolačići prikupljaju su agregirani a time i anonimizirani. Ako spriječite te kolačiće, nećemo znati kada ste posjetili našu web stranicu.

Kolačići koji se koriste:

ZABGN - postavke naslovnice ovisno o tome je li korisnik građanin ili pravna osoba

ZABRM - kolačić s vrijednošću korisnikovog web preglednika zbog boljih performansi

Marketinški kolačići

Ovi kolačići služe kao pomoć pri tumačenju internetskih aktivnosti korisnika te u svrhu marketinških aktivnosti, poput oglašavanja i remarketinga.

Kolačići koji se koriste:

1P_JAR - prikuplja statistiku web stranice i prati stopu konverzije

CONSENT - postavke kolačića -

DV - Google ad personalizacija -

NID - Google ad personalizacija -

IDE- Koristi se za prepoznavanje preglednika za oglašavanje i praćenje izvedbe i postavki. DoubleClick

ga - Google Universal Analytics postavlja jedinstveni ID koji se koristi za izračunavanje podataka za analitička izvješća

gid - koristi se za razlikovanje korisnika jednog od drugog.

Anj - Anj kolačić sadrži podatke koji označavaju da li se ID kolačića sinkronizira s našim partnerima. ID sinkronizacija omogućuje našim partnerima korištenje svojih podataka izvan platforme na platformi.

uuid2 - Ovaj kolačić sadrži jedinstvenu, slučajno generiranu vrijednost koja Platformu omogućuje razlikovanje preglednika i uređaja.

Sess - Kolačić sesije sadrži jednu ne-jedinstvenu vrijednost: "1". Platforma se koristi za testiranje je li preglednik konfiguriran za prihvaćanje kolačića iz aplikacije AppNexus.

Icu - Kolačić se koristi za odabir oglasa i ograničavanje broja prikaza određenog oglasa. Sadrži informacije poput broja prikaza oglasa, nedavnog prikazivanja oglasa ili broja prikazanih oglasa

Uid - jedinstveni identifikator

cid - Cookie id (legacy) – jedinstveni identifikator

Facebook - prati konverzije FB oglasa, optimizira oglase, gradi ciljanu publiku i radi remarketing

HotJar - prikuplja informacija o ponašanju korisnika i njihovim uređajima