Hackers Use FBR to Get Users Bank Account Details
According to a press release in FBR Website, It has been reported that some hackers are trying to use the fake FBR webpage for get bank account details such as usersname and password for the purpose of stealing money and empty their account.
People receive an email with subject Tax Refund Claim from fake email addresses (Customerservice@fbr.gov.pk). It seems to be sent from FBR but it did not, its Fake.
An example: email message might look like. |
As mention in image above this email informs the people to collect their tax refund by clicking on the provided link to a fake website of FBR which has links to banks. FBR’s official website is http://www.fbr.gov.pk but the click leads to fake web address
http://www.springtowinter.gr/fbr.gov.pk/fbr.gov.refundportal.htm
or
http://www.zhypublishing.zhylosa.net/orders/editors/fbr.gov.pk/fbr.gov.refundportal.
Where a list of banks provided (with fake pages) to proceed for the tax refund. Once the victim enters his/her bank account details (Account No. & Password) here, This fake website will automatically send their bank account details to hacker and their bank accounts are then hacked.
This is called Phishing and it is a fraudulent act of deceiving users to acquire their sensitive personal information, such as usernames, passwords, social security numbers, and bank account/credit card details, etc. Globally phishing deprives people of around a billion US$ annually.
Advise for General Public
- Never Share Bank Account Details and password to any email received from any email address that is apparently from FBR. FBR doesn’t provide any link to any bank on FBR `s website
- Immediately report any such email to your bank.
What is Phishing & How to Safe from it ?
Phishing is a fraudulent practice of deceiving users to get their sensitive personal information, such as usernames, passwords, social security numbers, and bank account/credit card details, etc.
Below given point will help you to recognize phishing email, this way you can reduce your chances of being defrauded:
1. Your name is missing: The email doesn’t have your name in it.
2. Spelling and bad grammar: The email contains spelling or grammatical mistakes.
3. Threats: The email contains threats that your security has been compromised, or requests that you take immediate action.
4. Seeking personal information: The email requests your personal information such as, login details, bank account details, credit card details, etc.
1 Comment
nice