A Leading Pakistani Bank's Website Got Compromised

bankEditor’s Note: We are deliberately not disclosing bank’s name to secure it from competitive disadvantage, also this hack incident is not related in any case with previous hacking posts published on ProPakistani.com

A leading bank of Pakistan got hacked with complete compromise over its services and server, earlier this month. This compromise, as per very reliable sources resulted into financial loss as well.

In the said incident, that took place a month ago, hackers got complete control of bank’s website and its database. We were further updated by our sources that bank’s website remained down for couple of days, before it was restored. During this financial loss was also reported.

It was also reported that same bank got attacked at least twice earlier this year, if not thrice.

When contacted the concerned official of the bank for comment over the attack, head of Remote Banking Channels, ruled out total compromise of the web server, however, he confirmed that Bank’s front end was compromised to some extent due to phishing attacks. He further said that this compromise didn’t affect the bank accounts neither there was any financial loss reported during this.

He said, that these Phishing attacks are a routine activity now, as the banking sector is going online (on internet) and we expect them grow in Pakistan in coming days.

He confirmed that attackers sent emails to bank account holders asking them to reset / update their passwords, however, as soon as the bank sensed such incident, it notified its customers and took care of the issue.

When asked, that Phishing attacks are only possible after database compromise, from where hackers collect data of account holders with their emails, as in Phishing attacks only targeted emails are usually sent, the head of Remote Banking Channels responded that we are not sure if these emails were sent to specifically our customers only, however, as soon as we sensed the situation, we came up with alarms and notifications for our customers.

When we asked the official about appointment of four IT heads in a span for less than a year, he ruled out any relation of these appointments with the Phishing attacks, “it’s very competitive and dynamic field, so we keep on looking for best available resource to head our IT department”.

secure_pageOn a conclusive note, as we have always cautioned corporations, especially the financial institutes, they must get their web servers secure and audited in order to avoid any such incidents.

At the same time, people who are using net-banking facilities offered by banks must be aware of Phishing attacks, and other similar attacks to avoid their loss. For the purpose, the most common thing you must notice before carrying a online transaction (either transferring money, changing password / entering password) is to ensure that you are on website of your bank, and url should start with https.