Scammers have come up with new technique to hunt online bank accounts in Pakistan to snatch their usersname and password and then to ultimately use these details to empty these accounts.
Previously these Phishing Attacks used to involve an email from bank itself, redirecting the users to fake bank website and to collect username/password information of the target.
Now, these attackers are sending emails from FBR, telling the users that there is a tax refund that they can claim by clicking an link which should lead to FBR website, but in reality it takes the user to attackers’ website.
Check below the email:
When a user clicks on the link provided in the email, it takes him/her to this webpage: http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.htm
Where user is presented with a list of banks (with fake pages) to proceed for the tax refund. Upon clicking the link of any bank, user is taken to the fake page of that bank – which looks identical to original bank website – asking the username and password.
All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.
Message for General Users:
- NEVER respond to any email that asks Password, Pin Code, Security answer or any similar information that you may not want to share with anyone.
- Immediately report any such email to your bank
- Register a complaint with FIA
Need for Awareness
Banks are sending out mass-emails to their users, explaining them what phishing attacks are and how not to respond to them. This is helpful in many ways, but banks probably need to do more. Maybe State Bank can take this initiative and do a mass-level campaign for users’ awareness.
Message for Banks!
- With increasing trend of mobile banking and net-banking, there should be a comprehensive awareness campaigns by banks to educate their customers of such phishing attacks.
- Enhance your security and intelligence to detect and deal with such criminal activities.
Message for NR3C
- Tracking these websites is easy. Simply do a reverse IP lookup and see what other websites are hosted on same server
- Contact details from host, or from other websites can get you to the culprits, simple and easy.
- This is exactly how we tracked a friend who DDoS attacked us back in 2010