Categories BankingInternetNews

Scammers Use FBR to Trap Online Bank Account Holders

Scammers have come up with new technique to hunt online bank accounts in Pakistan to snatch their usersname and password and then to ultimately use these details to empty these accounts.

Previously these Phishing Attacks used to involve an email from bank itself, redirecting the users to fake bank website and to collect username/password information of the target.

Now, these attackers are sending emails from FBR, telling the users that there is a tax refund that they can claim by clicking an link which should lead to FBR website, but in reality it takes the user to attackers’ website.

Ad Powered By Advergic
Loading ad . . .
Ad - Continue scrolling to read

Check below the email:

When a user clicks on the link provided in the email, it takes him/her to this webpage: http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.htm

Where user is presented with a list of banks (with fake pages) to proceed for the tax refund. Upon clicking the link of any bank, user is taken to the fake page of that bank – which looks identical to original bank website – asking the username and password.

All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.

Message for General Users:

  • NEVER respond to any email that asks Password, Pin Code, Security answer or any similar information that you may not want to share with anyone.
  • Immediately report any such email to your bank
  • Register a complaint with FIA

Need for Awareness

Banks are sending out mass-emails to their users, explaining them what phishing attacks are and how not to respond to them. This is helpful in many ways, but banks probably need to do more. Maybe State Bank can take this initiative and do a mass-level campaign for users’ awareness.

Message for Banks!

  • With increasing trend of mobile banking and net-banking, there should be a comprehensive awareness campaigns by banks to educate their customers of such phishing attacks.
  • Enhance your security and intelligence to detect and deal with such criminal activities.

Message for NR3C

  • Tracking these websites is easy. Simply do a reverse IP lookup and see what other websites are hosted on same server
  • Contact details from host, or from other websites can get you to the culprits, simple and easy.
  • This is exactly how we tracked a friend who DDoS attacked us back in 2010

Stay Connected with ProPakistani

Get the latest news, tech updates, telecom insights, and business stories wherever you prefer.

Add as a preferredSource on Google Follow on Google News Join WhatsApp

Add ProPakistani to Preferred Sources and see more of our stories in Google Search and Top Stories.

Share
Published by
Aamir Attaa
May 28, 2013 1:19 pm

Related Post

Recent Posts

Iranian Media Reveals Pakistan’s New Foreign Minister

June 21, 2026

Pakistan Announces Registration for Hajj 2027

June 21, 2026

Govt University in Punjab Reportedly Sealed Over Alleged Rs. 83.9 Million Unpaid Property Tax

June 21, 2026

Caterers, Street Food Vendors See Sudden Sales Spike as Muharram Demand Rises

June 21, 2026

Installment Plan Proposed for Paying PTA Taxes on Smartphones

June 21, 2026

Khawaja Asif Calls for Complete Ban on Vigo Dala Culture in Parliament

June 21, 2026