Cybercrime Southeast Europe Newsletter No. 107

by admin | Jun 26, 2026 | NSSPV, Unions Market and others | 0 comments

New RFZO Phishing Scam: Fraudsters Impersonating Public Institutions to Steal Personal Data

Dear Clients,

The Ministry of the Interior of the Republic of Serbia has recently warned citizens about a new online scam in which fraudsters impersonate the Republic Health Insurance Fund (RFZO) in an attempt to obtain personal and financial information from members of the public.

According to the information released by the authorities, victims receive SMS messages claiming that their health insurance card has expired and that urgent action is required to renew or replace it. The message typically contains a link directing the recipient to a fraudulent website designed to collect sensitive information.

This type of scam is commonly known as “smishing” – a form of phishing carried out through text messages. The objective is not to provide any legitimate service, but rather to persuade recipients to disclose personal information, payment card details, login credentials, or other sensitive data that may later be used for fraudulent purposes.

One of the reasons these scams can be effective is that they misuse the names of trusted public institutions. When a message appears to come from a health authority, police agency, tax authority, or another government body, recipients may feel pressured to respond quickly without carefully verifying its authenticity. Fraudsters frequently rely on this sense of urgency and trust to increase the likelihood that individuals will follow their instructions.

Authorities have noted that messages of this nature often originate from suspicious or foreign telephone numbers, contain links that do not lead to official government websites, and request immediate action from the recipient. These are common warning signs that the message may be fraudulent.

Citizens are advised not to open links contained in suspicious messages, not to respond to such communications, and not to enter personal, financial, or security-related information on websites whose authenticity cannot be verified. Individuals who may already have provided information are encouraged to change their passwords, contact their bank if payment card details were disclosed, and report the incident to the appropriate authorities.

This case serves as another reminder that modern cybercriminals increasingly exploit public trust in well-known institutions. For this reason, any message requesting urgent action, personal information, or payment should be independently verified through official channels before any steps are taken.

As online fraud schemes continue to evolve, maintaining a cautious approach to unexpected messages remains one of the most effective ways to reduce the risk of becoming a victim.

Your DefendMe Team

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cybercrime Southeast Europe Newsletter No. 107

Submit a Comment Cancel reply