Internet security

• Always know who you are communicating and doing business with.

Always access your eBanking orders by using the links available on our website at , www.procreditbank.rs ,or by entering a URL path into the web browser's address bar that takes you directly to our eBanking application, such as:

https://online.24x7.rs/ebanking/Identity/Login - for private individuals  
https://webebank.ebb-bg.com/webbank/ - for legal entities

NEVER go to a website by clicking on a link you received by e-mail (unless the e-mail was sent by the bank), and DO NOT enter any personal information. If you are in doubt, contact ProCredit Bank via the following e-mail address:  srb.ebank.kontakt@procredit-group.com or by calling us at: 0700 700 000, or 011/2057 000 (if you are calling by mobile phone from abroad).

• Keep your passcode and PIN in a safe place

Your passcode and PIN are used to identify you electronically, for this reason - BE CAUTIOUS! Be especially cautious when receiving unsolicited/unexpected electronic messages or calls requesting you to divulge personal information, card details, or requiring ‘confirmation’ by providing your passcode or PIN. Do not give out any information or any personal details to anyone you do not know. Do not share your PIN or passcodes with anyone, not even members of your family. Know that the bank or the police would never ask you to divulge your PIN and/or passcode. 

• Keep your money safe! 

Do not allow yourself to be tricked by an electronic message that seems to be sincere by giving you an opportunity to invest your funds and turn an easy profit. If the offer seems too good to be true, then it probably is! Be especially cautious with unsolicited electronic messages delivered from abroad, because this makes it much harder to check if someone is really ‘who they say they are’.    

• Secure your computer

Install the latest version/updated antivirus programme, as well as a firewall. Next, if you have Microsoft Windows installed on your computer, always install updates through Microsoft’s official website. Use the latest version of your internet browser which updates security elements on its own. Be extremely cautious if you use internet cafes, libraries, other people’s computers or any computer that you have no control over. 

• It’s best to learn your passcode and other confidential information by heart, and to destroy any notifications which include this information as soon as possible.
• Never write your passcode and other confidential information on notepads, in notebooks, etc.
• Always adhere to the general business regulations agreed with the bank.
• Do not use the same passcode that you use for electronic banking to access any other internet website.
• When changing your passcode, create a so-called ‘strong’ passcode which include a combination of letters, numbers and special characters, without including well-known elements such as names or important dates.
• Never ever divulge information about your computer or other confidential information. If you call the bank by telephone, be aware of the type of information the officer may ask you to provide - they will not ask you to divulge your passcode or PIN.
• Never leave your computer unsupervised when you are logged in to your eBanking page.
• Make sure to log out of your eBanking application properly each time you finish using electronic banking services.

‘Phishing’ is the sending of an e-mail with false representation of the sender, with the aim of deceiving and misleading the recipient of the e-mail to divulge confidential data, or information, which would then be used for malicious and unauthorised purposes. In principle, the aim of ‘phishing’ is to steal someone’s online identity

For the most part, ‘phishing’ messages include a link that directs the recipient to a fake website where the recipient is asked to ‘update’ their details, such as passcode, and the entry of these details is required under the pretext of ‘confirming’ their bank account numbers and so on.   This makes phishing a well thought out form of theft.

By randomly sending malicious e-mail to a large number of people, senders count on the lack of caution and credulity of the recipient, and on the fact that a certain number of recipients will accept the e-mail as legitimate and ‘update’ their data. It is precisely for this reason that awareness needs to be raised in terms of possible ‘phishing’ attempts. 

Keep in mind, the bank will never require its clients to enter details or to confirm their personal information in the above described manner.
 

Always, always think twice before clicking, and then don’t click. 

The bottom line is this: because of the amount of damage that may be caused if you become a victim of ‘phishing’, it is important to approach these types of emails with a great deal of caution. When you suspect fraud is in question, you’re probably right. It is best to be vigilant in regard to network communication, regardless of how harmless the e-mail you receive seems to be.

One of the most important things that the recipient of a malicious e-mail can do is to think about the context of what it is that the sender is asking for and does this request make sense, realistically. For example, a passcode is a unique form of authentication and why would the sender of an e-mail be asking for you to enter this data anywhere, if this is not an application you regularly access in a specific way (!).  What’s more, ‘phishing’ messages usually ask the recipient to react to the message urgently, which is a further indication to take caution.  
 

We have provided a few elements that may assist you in recognising ‘phishing’ e-mails below:

• Legitimate senders will never ask for your personal information by e-mail 

It is certainly an attempt at fraud if you receive an e-mail that contains a link or attachment, while also asking you to provide sensitive information. Most companies will not send you an e-mail in which they ask for passcodes, payment card details, account numbers, nor will they send you a link that you are supposed to log in to. Also, ‘phishing’ e-mails are sent randomly, and the senders definitely don’t know your real name and surname, and therefore they address the e-mail with a generic greeting such as ‘Dear Sir/Madam’, ‘Dear Client,’ or the like.  

• Consider whether the sent e-mail includes suspicious elements

It is recommended that you consider, in detail, all elements of the received e-mail. 

The following provides a clear example of ‘phishing’ with a fake sender address. Nevertheless, a ‘phishing’ e-mail may look like it was sent from a legitimate ProCredit Bank e-address (from a correctly provided domain). Unfortunately, due to the e-mail system, it is relatively easy for persons engaged in fraudulent activities to create a fake e-mail address in the From field. The address that appears in the From field of an e-mail message IS NOT a guarantee that the e-mail has been sent from a person or organisation whose name appears in the e-mail’s address. These types of ‘phishing’ messages are not sent via the bank’s system

An example of Phishing

The option to review agreement documentation allegedly prepared by the bank is also provided. If the recipient clicks on the ‘View Procreditbank Document’ link, this may provide the malicious sender with the opportunity to misuse the data and information. 
Avoid opening links or attachments contained in e-mails, and do not register in e-banking applications through links sent to you by e-mail. The bank recommends that you use the links provided on ProCredit Bank’s official website, www.procreditbank.rs, or personally enter ProCredit Bank’s eBanking internet address in the address-bar/web-browser. 
The bank is always at your disposal for consultation and information. Should you have any concerns relating to potential ‘phishing’ electronic messages, do not hesitate to contact ProCredit Bank by phone, by calling our Online Centre at 0700 700 000 or 011/2057 000 (if you are calling by mobile phone from abroad), or by sending an e-mail at  srb.ebank.kontakt@procredit-group.com. You can also contact your Client Advisor in regard to the above.

To determine whether a website is fake or legitimate, we advise you do the following:

• Check the URL link

The first step is to place your cursor over the URL address and check the validity of the web address. Look for a ‘padlock’ icon (see image below). By clicking on the ‘padlock’ you can view the Procredit Bank internet website Security Certificate. Check whether the URL starts with ‘https://’ in the address field. The letter ‘S’ means that the web address is encrypted and protected by an SSL certificate. Without the ‘https:’, all information sent to this web-location is unprotected and can be intercepted by malicious people. Beware though, this system alone is not enough to confirm security, and users are advised to exercise additional caution and consider additional evidence to ensure that a web location is secure. 

Next, pay close attention to the characters included in the web address. To trick users, malicious people will keep as close as possible to real addresses, making just minor changes. A web address can start with the name of the real website’s domain but the extension ‘.rs’ may be changed to ‘.org’ or the letter ‘o’ exchanged with the number ‘0’.  Next, a web address may include additional characters and symbols that the original address does not. It is also possible to insert a fake address bar in the web browser window. Many links from these sites really can lead to a real website. Regardless, do not allow yourself to be tricked by this.

• Website contents

ProCredit Bank’s official website has been professionally designed. The grammar/spelling is accurate, and it includes quality graphics. If you find yourself on a ‘phishing’ website, despite the similarities, it is certain that you will notice a difference i.e., grammar/spelling errors and a difference in the quality of graphics and resolution may lead you to conclude that have accessed a fake website. We recommend that you leave the site immediately. 

A potential indicator of a ‘phishing’ website may be that it lacks a ‘contact us’ section. Official websites usually include full contact information, such as a mailing address(es), telephone number(s), e-mail address(es) and other relevant contact information. If this information is missing, we advise that you leave the website.
 

Pop-up windows are used to commit identity theft. They include fake messages that ‘pop-up’ for users when surfing the net. In many cases, malicious people ‘infect’ legitimate websites with malicious codes that create pop-up messages. The contents of pop-up messages are what makes them effective. 

What’s more, it is possible to see the address bar of the authentic website in the background, but all of the information you enter into this window will be downloaded by malicious people for fraudulent purposes. 

In order to access your eBanking account, log in by entering the address into a new browser window or by using the link provided on ProCredit Bank’s official website at www.procreditbank.rs.

The address of your authentic eBanking webpage starts with ‘https’ and includes a small padlock icon in the window of the web browser.