UniCredit Bulbank has issued an urgent warning to customers about a wave of sophisticated phishing scams targeting bank users across Bulgaria.

The bank, Bulgaria's second-largest by assets, said fraudulent messages mimicking official communications are circulating widely. According to Plovdiv24.bg, the fake texts and emails typically claim a card has been "temporarily restricted", flag "unusual activity", or demand an immediate "customer data update".

The exact scale or impact of these phishing scams has not been disclosed by UniCredit Bulbank.

How the scam works

The messages are designed to cause alarm and prompt immediate action. They include buttons or links that claim to "unblock" accounts or "restore access".

Clicking these links takes users to fraudulent websites designed to look identical to UniCredit Bulbank's official online banking portal. Once there, customers are asked to enter card details, PINs, online banking usernames and passwords, or M-token security codes.

UniCredit Bulbank has stated it will never request this information via SMS or email links.

Warning signs to watch for

The bank has told customers to look for three key indicators of fraud:

  • Demands for urgency: messages insisting on immediate action
  • Suspicious prompts: buttons or links claiming to unblock accounts or restore access
  • Deceptive websites: fraudulent pages designed to mimic the bank's official site

What to do if you receive a suspicious message

UniCredit Bulbank has issued the following advice:

  • Verify the URL: check the web address starts with `https://` and matches the bank's exact official domain
  • Look for security indicators: check for the padlock icon in the address bar and watch for spelling or grammatical errors on the page
  • Do not click links: if you receive a dubious message, delete it immediately without clicking any links or entering personal data
  • Act quickly if compromised: if you suspect you have already clicked a malicious link or submitted details, contact the bank immediately

How to contact UniCredit Bulbank

Customers who believe they may have been targeted should phone 0700 184 84 or email CallCenter@UniCreditGroup.bg.

Why British readers in Bulgaria should care

British residents and visitors using UniCredit Bulbank face the same phishing risks as back home, with one crucial difference: you're operating in an environment where language barriers and unfamiliarity with local banking norms can make spotting a fake slightly harder.

The scam tactics — urgent language, fake security alerts, and pressure to act immediately — are identical to those used by fraudsters targeting British banks. The UK National Cyber Security Centre advises the same core principles: legitimate banks will never ask for full passwords, PINs, or security codes via text or email.

If in doubt, contact the bank directly using a number from the back of your card or the official website, not from the suspicious message itself. It's worth noting that Bulgarian authorities take cybercrime seriously, and reporting scams to the Ministry of Interior's cybercrime units can help protect others.

Phishing remains one of the most common cyber threats across Europe. Understanding local scam methods helps protect your finances and personal information while in Bulgaria — and the principles apply whether you're banking in Sofia or Sidcup.