Scammers Use FBR to Trap Online Bank Account Holders

scamScammers have come up with new technique to hunt online bank accounts in Pakistan to snatch their usersname and password and then to ultimately use these details to empty these accounts.

Previously these Phishing Attacks used to involve an email from bank itself, redirecting the users to fake bank website and to collect username/password information of the target.

Now, these attackers are sending emails from FBR, telling the users that there is a tax refund that they can claim by clicking an link which should lead to FBR website, but in reality it takes the user to attackers’ website.

Check below the email:

FBR001

When a user clicks on the link provided in the email, it takes him/her to this webpage: http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.htm

Where user is presented with a list of banks (with fake pages) to proceed for the tax refund. Upon clicking the link of any bank, user is taken to the fake page of that bank – which looks identical to original bank website – asking the username and password.

Allied_Bank_Scam

All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.

Message for General Users:

  • NEVER respond to any email that asks Password, Pin Code, Security answer or any similar information that you may not want to share with anyone.
  • Immediately report any such email to your bank
  • Register a complaint with FIA

Need for Awareness

Banks are sending out mass-emails to their users, explaining them what phishing attacks are and how not to respond to them. This is helpful in many ways, but banks probably need to do more. Maybe State Bank can take this initiative and do a mass-level campaign for users’ awareness.

Message for Banks!

  • With increasing trend of mobile banking and net-banking, there should be a comprehensive awareness campaigns by banks to educate their customers of such phishing attacks.
  • Enhance your security and intelligence to detect and deal with such criminal activities.

Message for NR3C

Tech reporter with over 10 years of experience, founder of ProPakistani.PK