Guidelines Regarding Fraudulent Messages and Fake Offers

The data most commonly requested in fraud attempts includes: username, password, phone number, or activation code sent to the user via SMS, and similar information.

Apart from user data, payment card number and details (expiration date, CVV) are requested. Often, within various attractive offers (prizes, etc.), clients are asked to provide a photo of their payment card or other personal documents, which is a reliable sign of fraud.

Opening email attachments or clicking links in suspicious messages can lead to infection of your computer or phone with malware, allowing others to gain control over your data and/or device.

Regarding fake messages and offers allegedly sent by the bank, note that Raiffeisen banka will never send emails from any domain other than the bank’s official domain.

Valid emails from the bank always come from addresses ending with “@raiffeisenbank.rs”.

Please note that the reply-to email address shown in the “Reply-to:” field is not a reliable indicator. This address can bearbitrary and may even appear to be from the bank’s domain.

Also, all links in messages from the bank lead explicitly to domains ending with .raiffeisenbank.rs or direct you to communicate via official channels of the bank. We advise you to always pay close attention to the content of offers and messages you receive, especially regarding the following details:  

- Whether the sender’s address is correct

- Whether phone numbers in the message are valid and correspond to the sender 

- Whether there are spelling mistakes or the message content seems like a translation 

- Whether there are errors in the bank’s or sender’s name or address 

- Whether the message urges immediate action under threat of account or card blocking, closure or loss of online banking access 

- Whether the message contains suspicious attachments and/or unexpected links

  - Whether you are asked to enter your username and password – the bank will never request these; you enter them only when accessing your online banking account 

- Whether you are asked to provide your phone number – the bank never requires clients to provide their phone number 

- Whether you are asked to enter or read aloud an activation code received by SMS – the activation code is a one-time code sent via SMS used to activate the mobile app; never share or enter this code anywhere except on your mobile device when activating the “Moja mBanka” app  

Install antivirus and network protection software and keep them regularly updated along with your computer’s operating system and web browsers.

Enable automatic updates for apps and devices you use whenever possible. Check your browser settings and use all security features it offers.

Use strong passwords of adequate length combining uppercase and lowercase letters, numbers, and special characters. Wherever supported, use multi-factor authentication (MFA).

Most commonly, this is two-factor authentication (2FA), which relies on sending a code via SMS to your registered mobile number or using codes from authenticator apps (e.g., Google Authenticator, LastPass Authenticator, Microsoft Authenticator, 2FA Authenticator, and similar).