<\/p>\n\n\n\n
In the latest overview of the SHARE Foundation\u2019s digital rights monitoring<\/a> in Serbia, a total of 35 digital rights violations were recorded between March and the end of May 2026. Fraud, threats and manipulation once again accounted for the largest number of cases, with 22 incidents. The other two categories were significantly less represented, with 7 cyber incidents and 6 cases involving privacy and personal data violations. The second quarter of the year was marked by major incidents involving leaks of citizens\u2019 sensitive data and online fraud campaigns. The trend of pressure on media outlets and threats to journalists also continued.<\/p>\n\n\n\n A traffic fine. Support for a child in a competition. A friend asking for an urgent money transfer. While many would be cautious and avoid scams, a considerable number of people act on such requests out of panic or lack of knowledge \u2013 otherwise fraudsters would not keep sending these messages.<\/p>\n\n\n\n Among the social engineering scams<\/a> recorded during the recent period of digital rights monitoring in Serbia, two stood out in particular. The first involved SMS messages sent from Philippine phone numbers (starting with +63), which circulated widely in April. The messages warned citizens about alleged traffic fines that could supposedly be paid online. Users were offered a 50 per cent discount if they paid within a specified period \u2013 all they had to do was enter their payment card details on a website designed to resemble the Serbian eGovernment portal. As the campaign progressed, fake domains and websites multiplied<\/a>, but the scammers\u2019 goal remained the same: to collect as many payment card details as possible and withdraw funds before cardholders could block their cards. A very similar campaign, also involving SMS messages from +63 numbers related to traffic offences, was observed in early May.<\/p>\n\n\n\n The second scam affected a large number of WhatsApp users<\/a> in Serbia. Through requests for alleged account \u201cverification\u201d, attackers managed to link their own devices to victims\u2019 WhatsApp accounts using the platform\u2019s \u201clinked devices\u201d feature. They then used legitimate accounts to send messages to contacts asking for money transfers. According to Serbia\u2019s Ministry of Interior, the High-Tech Crime Unit uncovered hundreds of cases involving the misuse of WhatsApp accounts during this period. Earlier this year, a similar campaign was active, but relied on a fake children\u2019s competition that spread through WhatsApp voting requests.While education remains extremely important, protection against phishing scams cannot be reduced to advice such as \u201cdo not click suspicious links\u201d or \u201cdo not enter card details on unknown websites\u201d. As electronic communication between public authorities and citizens becomes increasingly common, the risks posed by social engineering continue to grow. Service providers and device manufacturers should make greater efforts to prevent fraudulent messages from reaching end users, particularly where there are strong indications that services such as iMessage, SMS or WhatsApp are being abused, such as via messages sent from unknown foreign numbers. Earlier this year, WhatsApp introduced an additional warning<\/a> when linking an account to another device in response to the increasing misuse of the linked devices feature. At the same time, artificial intelligence tools are making it possible to create increasingly convincing scam messages and fraudulent websites.<\/p>\n\n\n\n Despite a legal framework for data and information systems protection that is largely aligned with EU standards, data breaches and other privacy violations rarely receive an adequate response. Two new incidents involving the privacy of large numbers of people attracted significant public attention. The first came to light in March, when a subscriber database belonging to Telekom Srbija\u2019s satellite television service was compromised and published online<\/a>.<\/p>\n\n\n\n Compiled through the work of field technicians and call centres between January 2019 and December 2025, the database contained nearly 700,000 entries, including 338,934 unique ID numbers belonging to citizens from 151 towns and municipalities across Serbia. In addition to personal identification numbers, the leaked data included names, mobile phone numbers, home addresses, contract details and even information about users\u2019 private lives. Notes attached to records contained information about users\u2019 daily routines, living circumstances, health conditions and, in some cases, details of heirs if users had passed away. The database also included information on corporate clients of Telekom Srbija, among them the Ministry of Interior, the Ministry of Defence and the Serbian Armed Forces, as well as the personal identification numbers of responsible officials. Rather than providing answers and outlining measures to address the consequences of the breach, Telekom Srbija\u2019s management downplayed the seriousness of the incident in public statements. Following the breach, the Commissioner for Information of Public Importance and Personal Data Protection contacted<\/a> the company to gather relevant facts, but it remains unclear whether a formal inspection has been initiated or completed.<\/p>\n\n\n\n The second incident, even more sensitive in nature, involved leaked data from a private gynaecological clinic<\/a>. A database containing more than 6,000 patient records was published<\/a> online after the clinic reportedly ignored hackers\u2019 demands and refused to pay a ransom. The leaked information included patients\u2019 full names, telephone numbers, personal identification numbers, home and email addresses, and medical diagnoses. This incident represents not only a severe intrusion into the intimate lives of the affected women, but also a form of gender-based violence that may result in further stigmatisation and online harassment. The Commissioner responded by initiating an inspection of the clinic in April. However, the public has still not been informed whether the inspection has been completed or what its findings were.<\/p>\n\n\n\n Another privacy violation with serious consequences for women occurred in mid-May, when professors at the Faculty of Education in Sombor who support the student movement were targeted with sexualised deepfake content<\/a> shared on social media. A protest in support<\/a> of the targeted professors was held in Sombor on 14 May in response to these misogynistic attacks.<\/p>\n\n\n\n Establishing liability and imposing sanctions on the gynaecological clinic and Telekom Srbija is not merely a matter of legal accountability, even though the data has already been exposed online and the damage has been done. More than ever, there is a need to break with over a decade of negligence and irresponsibility regarding the protection of citizens\u2019 data and information security. Despite increasing digitalisation of public administration and society, these issues have not been treated as priorities. It has also not been confirmed whether citizens affected by the breaches were notified by Telekom Srbija or the clinic, despite this being a legal obligation under Serbia\u2019s Personal Data Protection Act following incidents of this scale.<\/p>\n\n\n\n The data exposed in the two most recent major breaches also creates opportunities for more sophisticated personalised scams and political targeting, due to the combination of information made publicly available, including names, contact details and home addresses. The structured format of the leaked databases allows anyone with sufficient technical knowledge to create searchable datasets based on specific criteria, such as names or ID numbers, facilitating profiling, harassment and other unlawful activities.<\/p>\n\n\n\n On 30 April, Reporters Without Borders (RSF) published its 2026 World Press Freedom Index, recording the lowest global level of media freedom<\/a> in the past 25 years. Only 1 per cent of the world\u2019s population now lives in countries with a good media freedom environment, compared with 20 per cent in 2002. Serbia continues to follow these global trends. The country dropped from 96th to 104th place<\/a> out of 180 countries in the Index, becoming the fourth worst-ranked country in Europe, behind Turkey, Belarus and Russia. Developments during the reporting period reflect RSF\u2019s findings, as pressure on and attacks against journalists in Serbia continue unabated and attract international attention.<\/p>\n\n\n\n SLAPP lawsuits and other proceedings aimed at silencing journalists continued. The company Millennium Team filed a private criminal complaint<\/a> against N1 journalist Maja Nikoli\u0107 over an article concerning the purchase of Hotel Yugoslavia, seeking a one-year prison sentence for allegedly damaging the company\u2019s reputation. Public officials, who frequently resort to legal action against journalists, also remained active. Prime Minister \u0110uro Macut opted for a different legal strategy, filing a complaint with the Press Council<\/a> against the investigative outlet KRIK over its reporting on his assets and the purchase of a villa worth one million euros. Macut claimed that the reporting endangered his safety and compared his situation to that of assassinated Prime Minister Zoran \u0110in\u0111i\u0107. The Press Council\u2019s Complaints Commission unanimously concluded<\/a> that KRIK had not violated the Serbian Journalists\u2019 Code of Ethics in its reporting. At the local level, bizarre misdemeanour proceedings have been initiated against journalist Miljko Stojanovi\u0107 from Zaje\u010dar. The police filed as many as five misdemeanour charges<\/a> against him for allegedly organising protests after he shared a Facebook post calling on people to attend demonstrations.<\/p>\n\n\n\n Another negative trend affecting media freedom during the reporting period was the continued targeting of journalists through threats and harassment. Maria Popovi\u0107, journalist and editor of the local outlet Pravo u centar<\/em> from Lazarevac, became the target of mass threats, insults and misogynistic comments<\/a> on social media after reporting from a Serbian Progressive Party (SNS) gathering in her municipality. Popovi\u0107 was verbally attacked during the event, while online harassment escalated after she shared a recording of the incident on Instagram. Kristina Demeter Filip\u010dev, a journalist with the outlet Be\u010dejski mozaik<\/em>, was targeted in a similar way through comments on Facebook<\/a> after reporting on local elections in Kula held on 29 March.<\/p>\n\n\n\n When it comes to manipulation of the information space, after a while major online platforms once again focused attention on Serbia. In an official report, TikTok announced that in January 2026 it had removed a coordinated influence network originating from Serbia<\/a> consisting of 60 accounts with more than 50,000 followers. According to the company, the network artificially amplified narratives favourable to the Serbian Progressive Party and manipulated public discussion around anti-government protests. The network was also active on other online platforms.<\/p>\n\n\n\nOne Click into a Scam<\/strong><\/h2>\n\n\n\n
A Spiral of Irresponsibility<\/strong><\/h2>\n\n\n\n
Free Fall<\/strong><\/h2>\n\n\n\n