Phishing protection

Home
Digital Banking
Security recommendations
Phishing protection
Back

Phishing is an online attack in which fraudsters invite customers to disclose personal or financial information in an email or website.

Most often, online phishing starts with an email that looks like an official message. In the email, recipients are directed to a fake website, identical to the official one, where they provide personal data or financial information, such as user numbers, passwords, bank card details, account numbers, one-time codes received via Viber / SMS, etc.

Please keep in mind that Postbank would never require its customers to disclose their confidential data by e-mail or in any online form!

How to recognize phishing messages:

  • Require personal data;
  • Call for urgent action;
  • The sender's name differs from his e-mail address, and the domain may be different from @postbank.bg; @e-postbank.bg; @clients.postbank.bg;
  • Contain spelling mistakes and are poorly formatted;
  • They are usually not personalized and targeted at you;
  • There is no signature.

Take note of the following important tips for your security:

  • Carefully review the emails received for the indicated signs of phishing;
  • Never provide confidential information in any form or email and do not respond to suspicious emails;
  • Always check the real sender of the email, who pretends to be a representative of the bank. Pay attention to what is seen in parentheses in the "From" field. For example in Microsoft Outlook <testing@casarica.com.py> - if the text after @ is different from postbank.bg; clients.postbank.bg or e-postbank.bg means that the sender has been manipulated and presents himself as Postbank;
  • Check where the links in the email lead by placing your cursor on them without clicking;
  • Do not open attachments;
  • Delete all suspicious emails immediately;
  • Make sure that the communication takes place over a secure HTTPS channel. This is indicated by the letter S from the link (https://e-postbank.bg/page/default.aspx?xml_id=/bg-BG/.login)
  • Always check the SSL certificate of the site where you log in and make sure that it is valid and issued to the organization.