Phishing Scam Affects Thousands Of Users In Pakistan

According to the FBR, a prominent phishing scam has been sent by thousands of mailboxes by hackers which have been stealing private information

Hacking and stealing of information has been a prevalent concern in the country for over a decade now. With numerous methods at their disposal and not a secure protection service at the disposal of the user, most computers are prone to become a victim of cybercrime in one way or another. Quite recently, it has been reported that hackers are coming up with a scamming tactic to people sharing sensitive bank details.

What appears to be a phishing scam, phishing involves obtaining sensitive information by acting as a trustworthy source through the medium of email or messages to a large group of people and direct them to enter personal information on a fake website that appears to be real. Hence, this tactic involves sending fake tax refund emails from accounts under the banner of Federal Board of Revenue. This has been used to scam millions of people by sending emails and asking bank details so that their refunds can be deposited by the FBR.

FBR Chairman, Shabbar Zaidi, was noted to have warned users that the tax collection agency does not send emails for refunds and advised people to not opening such emails. FBR has begun searching for potential suspects. The email was sent to a large group of individuals in Pakistan before Eid and has the subject of ‘FBR and Tax Refund Notice 2019’ and the email stated that the receivers will get tax refunds according to the FBR’s records and asks that the receiver to click on a link mentioned in the email to claim the refund. They are asked to put in on valid information as quickly as possible. The link opens with a webpage of various bank logos with the design template appearing to seem template. The catch is that the URL gives away that it is a scam since it is not linked to fbr.gov.pk.

FIA Cybercrime Cell Lahore in-charge, Chaudhry Sarfaraz, said that action on the complaints will be taken in the coming week and specifically said: “The crime falls under Section 24/20 of the Prevention of Electronic Crimes Act, 2016 and carries a three-year jail term”. He also advised citizens that they should immediately report the fraudulent emails to the cybercrime cell online or by phone.