Recently, we’ve noticed a new type of phishing messages targeting people from Croatia who sell items through well-known online advertisement sites.

Through these messages the sender, posing as a potential buyer, tries to deceive the recipient of the message, getting them to click on a fake link that appears to be leading to the website of a courier that provides delivery services within the Republic of Croatia. These are mostly well-known delivery services, so the recipient of such a message feels safe when seeing the link.

What are the tell-tale signs that you received a phishing message?

• The attacker wants to buy an item posted for sale.
• They inform the seller that they will pay the postage and that the seller only needs to open the link that the attacker sends him.
  CAUTION! It is precisely this link included in the message that is the starting point of the attack - do not click on it.
• If you open the link, one of the pages that looks like the pages of a delivery service provider will open.
  CAUTION! This is not a delivery provider page.
• At some point, the "Confirm" button will appear, and if you click on it, a screen will open, offering the possibility to select a bank (it is a phishing page that is created for all banks in the Republic of Croatia).
• The last step after choosing a bank is to open the phishing site itself, which is very similar to the official website of the Bank.
  CAUTION! This is not the Bank's website. Any data you submit on that page will be compromised.

How to identify phishing-mail?

• Check the sender, the type and the meaning of the mail, as well as the writing style.
• Check if the mail contains external links without clicking on the links or attachments and without opening them.

Read more about how to stay safe on the internet.