Phishing Attacks Against Pakistani Banks Increase

phishing-attackWe have written in past about phishing (read as fi-shing) attacks, what they are and how these can be made ineffective.

Having said this, due to increasing popularity of online-banking, these phishing attacks against Pakistani banks are on the rise in the recent past.

All major banks are targeted by attackers, who fake their emails and present themselves as legitimate bank representatives asking the customers to either change their account passwords or update their profiles and PINs.

By definition, phishing is act of attempting to acquire user information such as usernames, passwords, and credit card details or other private information by faking emails and representing themselves as legitimate businesses, such as banks, hosting companies, email service providers and so on.

Pakistan, due to lack of awareness and inexistence of cyber law, is considered a heaven for cyber criminals, attackers and spammers.

How Phishing Attacks Work:

Phishing attackers are sending millions of emails to Pakistani internet users asking them to change their passwords for online-banking accounts. They send email with similar-to-bank domain names, such as [email protected] or [email protected] to make them look like legit system generated email by banks.

Typically, when user clicks on a URL in the phishing email, the user is taken to attackers’ website (instead of original bank’s website) which gives a similar look and feel of respective bank’s website.

All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.

Need for Awareness

Banks are sending out mass-emails to their users, explaining them what phishing attacks are and how not to respond to them. This is helpful in many ways, but banks probably need to do more. Maybe State Bank can take this initiative and do a mass-level campaign for users’ awareness.

Message for General Users:

  • NEVER respond to any email that asks Password, Pin Code, Security answer or any similar information that you may not want to share with anyone.
  • Immediately report any such email to your bank
  • Register a complaint with FIA

Message for Banks!

  • With increasing trend of mobile banking and net-banking, there should be a comprehensive awareness campaigns by banks to educate their customers of such phishing attacks.
  • Enhance your security and intelligence to detect and deal with such criminal activities.

Tech reporter with over 10 years of experience, founder of ProPakistani.PK


  • اظہر علی

    Thank for such nice information

  • ali

    How hacker got email address of bank account holders? I have more than 4 personal email IDs that use for different purpose. how hacker got my exact email id that I use for banking?. Are banking website are secure? if not then Banks should secure there server first so that our data became more safe.

    • I am having the same issue…

      • Saeed

        Actually, i have seen the bank employee has the full information of every customers and these guys easily share these important information to other friend guy on another bank. I have faced this same issue when applying for CC.

  • One thing I would like to add, Create your Financial Pin only for 24 hours or as per your transaction, as without Financial pin, no one can make a transaction if even the account is hacked…..

  • Muhammad Anas Zafar

    I remember I got an e-mail from Payza(Alertpay) requsesting me to change my password and I go through the link and changed the password. Though it was absolutely from Payza but at that time I was not aware about this. I have a query that can or cant the back request you to change your passowrd/pin itself???

    • They encourage you to change password frequently but double check URL you are visiting and its better to type bank’s site URL urself rather than clicking any link

      • Muhammad Anas Zafar

        Thanks, I’l be more catuious from now

  • Nice, Post,

    I had some phishing emails on my very account that I use with my Bank, When I asked my dumb ass Bank (ABL), they haven’t done any thing but deleted my Internet Banking ID. I had to create the whole account again, and its a hectic process :(

  • www.engrz.com

    this is very useful information dear. i have shared it with my users so that they can care about such types of fake emails.

  • If cyber law does not exist what is the use of Registering a complaint with FIA

  • Stone

    LOL I swear I was thinking of writing about this in the morning since I kept receiving an email from ABL about my account being closed. I felt it was fishy or should I say Phishy so I called the helpline and that confirmed my fear. Reported it to the bank today who should take it up with FIA CC wing.

  • Pakistani bank’s security is so stupid and easy hackable that you don’t even need to send those fake emails.. simply cp db and get all unencrypted information.. Banks need to update their technology and encryption mechanism.

  • give me money and I will pray that your bank account remains safe

  • I am also receiving such spam emails from last 3 days..
    unknown sender…
    i dnt have account in ABL and i received email that you need to do this and that with account…
    check this snapshot
    http://i45.tinypic.com/qoh99g.jpg

  • Arslan Tariq

    Nice Information

  • Azeem

    Just don’t EVER follow a link in your email or on other websites to your bank. Always write the URL of your bank yourself. That will take care of phishing problem.

    Azeem
    http://ibmuet.wordpress.com/

  • H.

    Good opportunity for telcos to offer mobile signature solutions to banks
    and corporate sector. GSMA is also encouraging network operators
    globally to capitalize on this opportunity. Turkey and Finland are
    already actively using this technology.

    http://en.wikipedia.org/wiki/Mobile_signature
    http://www.gsma.com/mobileidentity/