Internet safety

Pay attention to emails which seem to come from the address of the Bank
IMPORTANT! For logging in to e-zaba! You only have to enter the serial number of the token and the one-time password (APPLI1/OTP). Enter APPLI2/MAC or APPLI4/DFE only after logging in to e-zaba.
If any other information is requested for login, for example APPLI2/MAC or APPLI4/DFE, abort the login and notify the Bank immediately at or by calling 01 3789 785, or inform your branch/personal banker.
Due to the continued presence of malware (viruses, Trojans, etc.) which is trying to collect confidential data from computer owners in Croatia, the Croatian Banking Association (CBA) informs that the Department of National CERT (National Computer Emergency Response Team) of the Croatian Academic and Research Network (CARNet) has launched a special website to further inform and protect computer owners from such criminal acts. 
For additional information on the safety of bank transactions and data on the Internet, please visit the portal Sigurnost na internetu (Online safety).

Pay attention to emails which seem to come from the address of the Bank
The address of the sender seems to be the email address of the Bank, for example Although supposed emails from the Bank contain the logo of Zagrebačka banka in the header, these are not emails sent by Zagrebačka banka! Supposed emails from the Bank also contain links and attachments which the Bank would never send, including grammatically incorrect sentences.
Do not respond to these emails, do not click on the links and do not open the attachments contained in such emails. Log in to e-zaba Internet banking directly from the Bank's website and not via links from emails or any other website.
The Bank will not send emails inviting you to click on a link to log in to e-zaba!
Zagrebačka banka sends messages to its client within e-zaba or by email, and will never send messages in order to notify you that you have messages in e-zaba.

Warning - never open suspicious emails
One way of spreading viruses that can compromise a user's computer is by email. Zagrebačka banka has received several notifications on receiving suspicious emails with links leading to websites containing a virus or other malicious software.
Although the address seems to be the address of Zagrebačka banka, the received email contains suspicious attachments or links. Please pay attention to emails that you do not expect, containing attachments and links. We recommend that you do not open such emails or their attachments and links, and do not visit any linked websites from such messages, but delete them.

Notice from the Croatian Banking Association: Be careful when making payments, check payee information

Recently there have been new attempts of fraud where the attacker wants to get hold of the money of bank account owners by specifying cash payments to wrong payee accounts. Attackers present themselves to business entities mainly by phone or email as entrepreneurs, offering new cooperation on a new project, or use a fake email address to inform them about a change of the payee's account number with which the company already has a business relationship or uses their services. Based on this information, the representative of the company makes a payment to an account which is not the actual account of the payee.

With regard to the mentioned attempts of fraud, we advise that all payers pay more attention when making payments, especially when making a payment to a payee for the first time, or if you receive information about a change of the payee's account number by email. In case of receiving information about a change of the account, we suggest that you double-check the payee information, using another communication channel other than email, if possible (for example, by phone or by visiting the official website of the business entity). In addition, we propose that you compare the email addresses of the business entity from which such a warning email was sent with the addresses on the official website of the business entity.

Once again we draw attention to the fact that an attacker has access to all applications on your computer, including the user's email system, in the event of a computer infection with a malicious code. In these cases, the attacker can access the email addresses of the computer owner and create false email addresses of business entities with whom the owner is in touch based on their previous correspondence.

Also, please note that a computer can become infected in a variety of ways, for example by opening infected email attachments, opening links to a malicious code on the Internet, using programs for the remote control of a computer, etc. It is highly recommended that computer owners continually take care of the safety of their computers and to hire additional professional IT support immediately after detecting the presence of a malicious code for a comprehensive approach to addressing the causes of safety breaches of their IT systems.

Finally, we once again remind you that all users of Internet banking for business entities have to remove the smart card or USB safety device from the computer after using Internet banking for the best protection of the company from such programs in e-banking.