Having said this, due to increasing popularity of online-banking, these phishing attacks against Pakistani banks are on the rise in the recent past.
All major banks are targeted by attackers, who fake their emails and present themselves as legitimate bank representatives asking the customers to either change their account passwords or update their profiles and PINs.
By definition, phishing is act of attempting to acquire user information such as usernames, passwords, and credit card details or other private information by faking emails and representing themselves as legitimate businesses, such as banks, hosting companies, email service providers and so on.
Pakistan, due to lack of awareness and inexistence of cyber law, is considered a heaven for cyber criminals, attackers and spammers.
Phishing attackers are sending millions of emails to Pakistani internet users asking them to change their passwords for online-banking accounts. They send email with similar-to-bank domain names, such as no-reply@xyzbank.com or no-reply@examplebankpk.com to make them look like legit system generated email by banks.
Typically, when user clicks on a URL in the phishing email, the user is taken to attackers’ website (instead of original bank’s website) which gives a similar look and feel of respective bank’s website.
All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.
Banks are sending out mass-emails to their users, explaining them what phishing attacks are and how not to respond to them. This is helpful in many ways, but banks probably need to do more. Maybe State Bank can take this initiative and do a mass-level campaign for users’ awareness.
Message for General Users:
Message for Banks!
