Scammers come up with new technologies to hunt for online bank accountsin Pakistan snatch their
usersname and password, and then eventually use these details to empty these accounts.
Previously, these phishing attacks involve one from the bank itself, the user is redirected to a fake banking site and collect the username / password information goals.
Now, these attackers send e-mail from FBR, tell the user there is a rebate, they can click a link, which should cause the FBR site requires, but in reality, it requires users to the attacker's Web site.
Check the following e-mail:
When a user clicks on the link provided in the email, it takes him/her to this webpage: http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.htm
Where user is presented with a list of banks (with fake pages) to proceed for the tax refund. Upon clicking the link of any bank, user is taken to the fake page of that bank – which looks identical to original bank website – asking the username and password.
All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.
usersname and password, and then eventually use these details to empty these accounts.Previously, these phishing attacks involve one from the bank itself, the user is redirected to a fake banking site and collect the username / password information goals.
Now, these attackers send e-mail from FBR, tell the user there is a rebate, they can click a link, which should cause the FBR site requires, but in reality, it requires users to the attacker's Web site.
Check the following e-mail:
When a user clicks on the link provided in the email, it takes him/her to this webpage: http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.htm
Where user is presented with a list of banks (with fake pages) to proceed for the tax refund. Upon clicking the link of any bank, user is taken to the fake page of that bank – which looks identical to original bank website – asking the username and password.
All the data input on this fake website is automatically sent to attacker who can use your username/password to use your internet-bank account at his/her will.
Message for General Users:
- NEVER respond to any email that asks Password, Pin Code, Security answer or any similar information that you may not want to share with anyone.
- Immediately report any such email to your bank
- Register a complaint with FIA
Need for Awareness
Banks are sending out mass-emails to their users, explaining them what phishing attacks are and how not to respond to them. This is helpful in many ways, but banks probably need to do more. Maybe State Bank can take this initiative and do a mass-level campaign for users’ awareness.Message for Banks!
- With increasing trend of mobile banking and net-banking, there should be a comprehensive awareness campaigns by banks to educate their customers of such phishing attacks.
- Enhance your security and intelligence to detect and deal with such criminal activities.
Message for NR3C
- Tracking these websites is easy. Simply do a reverse IP lookup and see what other websites are hosted on same server
- Contact details from host, or from other websites can get you to the culprits, simple and easy.
0 comments:
Post a Comment