Hackers Use FBR to Get Users Bank Account Details.

According to a press release in FBR Website, It has been reported that some hackers are trying to use the fake FBR webpage for get bank account details such as usersname and password for the purpose of stealing money and empty their account.

People receive an email with subject Tax Refund Claim from fake email addresses (Customerservice@fbr.gov.pk). It seems to be sent from FBR but it did not, its Fake.

As mention in image above this email informs the people to collect their tax refund by clicking on the provided link to a fake website of FBR which has links to banks. FBR’s official website is http://www.fbr.gov.pk but the click leads to fake web address

http://www.springtowinter.gr/fbr.gov.pk/fbr.gov.refundportal.htm 

or

http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.

Where a list of banks provided (with fake pages) to proceed for the tax refund. Once the victim enters his/her bank account details (Account No. & Password) here, This fake website will automatically send their bank account details to hacker and their bank accounts are then hacked.

This is called Phishing and it is a fraudulent act of deceiving users to acquire their sensitive personal information, such as usernames, passwords, social security numbers, and bank account/credit card details, etc. Globally phishing deprives people of around a billion US$ annually.

• Never Share Bank Account Details and password to any email received from any email address that is apparently from FBR. FBR doesn’t provide any link to any bank on FBR `s website

• Immediately report any such email to your bank.