Email Phishing, a way to acquire sensitive information from internet users by disguising as an official email from the service provider/bank, is not a new term for Pakistani users, however, the criminal minds have started targeting the bank account holders – one of serious most offense in cyber world.
Let’s review an email forwarded to us by a ProPakistani reader, who has a bank account in Allied Bank Limited.
He received following email:
When we clicked on URL(http://caramotards.free.fr/phpBB2/pakis.htm) in email, it opened following page:
Now this page is designed exactly like Allied Bank’s official website.
Message for General Users:
- NEVER respond to any email that asks Password, Pin Code, Security answer or any similar information that you may not want to share with anyone.
- Immediately report any such email to your bank
- Register a complaint with FIA
Message for Banks!
- With increasing trend of mobile banking and net-banking, there should be a comprehensive awareness campaigns by banks to educate their customers of such phishing attacks.
- Enhance your security and intelligence to detect and deal with such criminal activities.
Message for FIA and Government of Pakistan
- You are too sluggish to act on very sensitive matters. You may know that there is no Cyber law in place in our holy land, bring a law now – This country is running without a law, what a pity!
My God.. yar kitny professional log han yah.. banda kasy yaqeen kary ab k yah sai ha k ghalt..
I Think That This is from some one inside the bank or some one who is familiar with the web page design or from some one related to the Bank , How can one catch these People i have no idea , Our Cyber Crime Unit can prevent this or not.
thnx for this critical and alarming information
thanks for the awareness, after reading this news I started googling, scam mails with same subject were also sent for the following international banks for phishing
LloydsTSB
NatWest Online Bank
Alliance & Leicester
PT Bank Permata Tbk
Gulf Bank
Or visit
http://www.google.com.pk/search?sourceid=chrome&ie=UTF-8&q=%22account+message+alert%22+scam
My advice to all the readers, always visit banks site by typing their address/URL not by clicking the address provided in the mail.
Keep it in mind that this is known as phishing, keep update yourself and don’t be victim of these scam mails, like lottery and lucky draws.
http://www.google.com.pk/webhp?hl=en#hl=en&expIds=17259,17291&xhr=t&q=what+is+phishing&cp=12&pf=p&sclient=psy&site=webhp&aq=0&aqi=&aql=&oq=what+is+phis&gs_rfai=&pbx=1&fp=7a5841b160e1a01c
I got an email last week from Allied Bank telling me not to share any of my private information.
Good info, but i have a question that how can the targeted user find out from his email inbox that the link pasted in the email is not of ABL and is of some phiser id KARAMOTARD:
The Bank’s official page is not opening. And it wasn’t opening a few days earlier also…
Why is that?
Actual ABL website first will ask user ID only. If it is correct then it will ask password and you will have to enter only 3 or 4 characters of your password in small boxes which will be provided randomly. Do not enter your complete password in any case!!!
Banks should improve the security of websites.
No dear. The major thing is the awareness of bank customers who can differentiate between real and fake websites. If you have an online account in any pakistani bank, then you can see that you will not have to enter your complete password or financial pin during login. So, the above shown website of Allied Bank is a fake website.
Awareness is the key for preventing fraud, scams and phishings. Given below are few tips
1. Never click the link provide to you by these scam mails.
2. Always type the website in URL bar.
3. Keep up-to-date your system (OS), browser and antivirus patches.
4. These are software available which can be integrated with browsers, and they will let you know when you are visiting fake sites.
Further more you can read the following link.
http://www.us-cert.gov/reading_room/emailscams_0905.pdf
It’s all our responsibilities to keep our information safe; you are not safe if you will hand over keys of your house to an intruder.
Bank has already provide a security warning to all its customer. When u go to the correct link of the bank then right on the front page a “Beware of Fraud” pop up appears. Bank also conveys this message through email to all its customers from time to time. It always ask never to share your password financial pins Atm pins email access with anyone not even with bank staff.
well , few technicalaties ,
how the phisher know the email adres of the specific person that he has a allied bank acc .. ??
2- how exactly does he know that he is a new customer , as it asked for registration confirmation
3- and if victim is not a NEW customer why will he be giving his all infi like this , even a noob will understand
4- Allied bank never ever asks for FULL Password ..
even then if u fell for it either ur a noobest of all or the phisher is greatest of all …
Phishing rascals doesn’t have any reliable source of emails or details of customers. They may fetch emails of local Pakistanis from Forums like this one or social media sites and they send bulk emails to hundreds or thousands of email and those bloody maderchods hope for best for some victims! They don’t know either all of email receivers have bank accounts or not.
In my example; i do not have account with Allied bank but i have account with other bank(s) but i got phishing email destined to abl and being advanced user i fucked the website of phishing user.
your security level is in your control after bank!
I got same email and i even do not have account in ABL but upon examining the link it went to another website and then redirects to another website and the final website that had ABL login page was websofttec.com and i reported that website and that domain name plus hosting suspended, so that user might be weeping now :)
Advice to all users: When you are logging into bank account, first of all see the address of website in address bar of browser to make sure where you are entering info, if it’s allied bank the page must be like: https://allied.direct.abl.com.pk/allied.proxy/
if its something else, then simply close the page and do not enter any login info!
i have fucked one hacker’s website for time being, so you should also try your best to fuck such idiot scoundrels.
I am sad to inform that father of one of my office colleagues became prey to the same email. His father has an ABL account and few days ago he clicked on the same link and submitted the details (he is not very computer literate)….he didn’t know what he did, 2 days after he checked his account balance via atm and found out that he is out of 10 lac rupees…..the amount was transferred in 4 parts (2.5 lac each) may be due to per transaction limit. one payment was transferred to an account in ABL in some city of punjab and 3 other payments were transferrred to SCB account. Then the payment was wired transferred to TOGO country.
I am sure someone from ABL is also involved in such act and currently ABL is investigating the case itself.