How to protect yourself from online fraud

With our time spent on e-mail, social media, various online services and online banking rising steadily, the topics surrounding Internet safety are becoming increasingly more important.

But there is no need to worry – you don't have to be an expert to browse the web safely! Here are a few simple habits you can adopt.
When online, remember to always secure a safe access to your e-mail, online banking and social media and always be careful when opening e-mails containing links or attachments.

5 ways to protect yourself from online fraud

1. Always be extra careful when using passwords.

  • Never give your passwords to third parties, particularly m-token passwords required to authorize banking transactions.
  • Make sure to always remember that a banker will never ask for your password or contact you through a messaging app.
  • Do not use the same password on different websites
  • When required to provide personal information and password, make sure that those requirements match the service/goods you are using/buying (for example, when downloading a videogame, being asked to give access to your contact list, microphone and/or photos is not usual practice).
  • Update your smartphones, tablets and computers; use antivirus software for protection and secure access with a password, fingerprint, digital recognition or face recognition

2. Try to remember your codes and passwords.

  • Never save them in your smartphone (either as text or image file).
  • Never give browsers permission to automatically save your usernames and passwords.

3. Take advantage of different services offered by your Bank.

Checking your current balance, your accounts or card transactions is made simple through online banking on your mobile app (m-zaba), the internet (e-zaba), at ATMs or directly at a branch office.

4. Pay attention to incoming messages and learn to recognize fraud.

  • E-mails from Zagrebačka banka always contain your first and last name and information about your branch office. The Bank will never ask you to provide: password, credit/debit card number and PIN.
  • Do not open unexpected e-mails, text messages or chats. Never open attachements or click on the links.
  • Do not reply to e-mails, text messages, chats or links by providing your credentials (such as your user name, password, PIN, security token…).
  • Never give your credentials to anyone over the phone.

5. When making purchases online, always pay attention to where and how you buy.

  • Check the credibility of the website and use only official apps.
  • Use only secure, password protected links.
  • When possible, avoid free and public Wi-Fi. Never use it for online shopping, accessing your designated area on the Bank’s website or cloud storage (like iCloud or Google Drive).

What are phishing messages?

Phishing messages are a type of online fraud in which the sender, falsely claiming to be a legitimate organization, sends out e-mails in order to steal sensitive information.
An example of phishing are e-mails seemingly coming from Zagrebačka banka, that are in reality not sent by the Bank. Example: sender’s address is
Even though such messages will display Zagrebačka banka’s logo, they are not sent by Zagrebačka bank! These messages seeming originating from the Bank contain the kind of links and attachments the Bank would never send you, and often contain grammar and spelling mistakes.

It’s important to remember:

  • Do not click on links or open attachments from such messages.
  • Do not reply to such e-mails.
  • Delete the e-mail at once.

In case you receive a suspicious call or an e-mail demanding secret information necessary to authorize banking transactions, be sure to let us know at 01/3789 785 or by a-mail at

How to recognize potential fraud

Here are several examples of frauds that could have been prevented by exercising more caution and following the tips listed above:

  • I was expecting a parcel and I received an e-mail from the address that looked like the address of the company that was sending me the parcel. The e-mail contained a link. They asked me to provide my credit card information in order to pay for the delivery. After paying the requested amount and authorizing the transaction using an OTP token number, I received a text message to my phone saying that a large amount of money was transferred from my account. I checked what had happened more carefully, realizing that the e-mail I received did not actually come from the real company’s address.
  • I wanted to sell my bicycle through a well known site used to buy and sell things. A buyer contacted my through Whatsapp, requesting my card number to send me the money. After I provided my card information and the OTP token password, I realized money had been transferred from my account. I should not have given my information to an untrusted party.


Zagrebačka banka sends messages and other information through official Zagrebačka banka channels only and never requests passwords to your online banking services.
Read Safety recommendations and learn about the safe use of e-zaba and how to protect yourself from online fraud.

Postavke kolačića

Tehnički kolačići (neophodni)

Performansni kolačići (neobavezni)

Marketinški kolačići (neobavezni)

Tehnički kolačićiUvijek aktivni

Ovi kolačići su neophodni za funkcioniranje web stranice i ne mogu se isključiti u našem sustavu. Obično se postavljaju samo kao reakcija na vašu radnju koja predstavlja zahtjev za uslugom, kao što je postavljanje vaših postavki privatnosti, prijavljivanje ili popunjavanje obrazaca.

Kolačići koji se koriste:

JSESSIONID - čuva stanje sesija kroz zahtjeve za stranicama

PD_STATEFUL - kolačići sigurnosti sesije Server session security cookies

PD_SESSION-ID - jdinstveni Unique server session security cookie

PWSESSIONID – kolačić sesije poslužitelja

Parent_alive - kolačić sesije poslužitelja

Gtm_tracking - čuva korisnikov pristanak na praćenje

Option_set – čuva vrijednost za pokazivanje cookie bara

Zaba_performance- čuva posjetiteljev pristanak za bolje performance

Performansni kolačići

Ovi kolačići omogućuju nam da računamo posjete i izvore prometa, kako bismo mogli izmjeriti i poboljšati performanse naših stranica. Oni nam pomažu da znamo koje su podstranice najpopularnije ili najmanje posjećene, te kako se posjetitelji ponašaju po web stranici. Sve informacije koje ovi kolačići prikupljaju su agregirani a time i anonimizirani. Ako spriječite te kolačiće, nećemo znati kada ste posjetili našu web stranicu.

Kolačići koji se koriste:

ZABGN - postavke naslovnice ovisno o tome je li korisnik građanin ili pravna osoba

ZABRM - kolačić s vrijednošću korisnikovog web preglednika zbog boljih performansi

Marketinški kolačići

Ovi kolačići služe kao pomoć pri tumačenju internetskih aktivnosti korisnika te u svrhu marketinških aktivnosti, poput oglašavanja i remarketinga.

Kolačići koji se koriste:

1P_JAR - prikuplja statistiku web stranice i prati stopu konverzije

CONSENT - postavke kolačića -

DV - Google ad personalizacija -

NID - Google ad personalizacija -

IDE- Koristi se za prepoznavanje preglednika za oglašavanje i praćenje izvedbe i postavki. DoubleClick

ga - Google Universal Analytics postavlja jedinstveni ID koji se koristi za izračunavanje podataka za analitička izvješća

gid - koristi se za razlikovanje korisnika jednog od drugog.

Anj - Anj kolačić sadrži podatke koji označavaju da li se ID kolačića sinkronizira s našim partnerima. ID sinkronizacija omogućuje našim partnerima korištenje svojih podataka izvan platforme na platformi.

uuid2 - Ovaj kolačić sadrži jedinstvenu, slučajno generiranu vrijednost koja Platformu omogućuje razlikovanje preglednika i uređaja.

Sess - Kolačić sesije sadrži jednu ne-jedinstvenu vrijednost: "1". Platforma se koristi za testiranje je li preglednik konfiguriran za prihvaćanje kolačića iz aplikacije AppNexus.

Icu - Kolačić se koristi za odabir oglasa i ograničavanje broja prikaza određenog oglasa. Sadrži informacije poput broja prikaza oglasa, nedavnog prikazivanja oglasa ili broja prikazanih oglasa

Uid - jedinstveni identifikator

cid - Cookie id (legacy) – jedinstveni identifikator

Facebook - prati konverzije FB oglasa, optimizira oglase, gradi ciljanu publiku i radi remarketing

HotJar - prikuplja informacija o ponašanju korisnika i njihovim uređajima