ISLAMABAD: The government has issued a new ‘Cyber Security Advisory – Preventing Financial Scams,’ noting a significant increase in banking and financial scams employing phishing, smishing, and vishing techniques.
According to the advisory, scammers are introducing themselves as government officials (such as FIA, SBP, and Defense Force) and using fake official landline numbers and logos on WhatsApp DP. They achieve this through call-cloning services.
As a result of these deceptive tactics, online banking users are frequently becoming victims due to their limited awareness of cybersecurity and the advanced social engineering methods employed by scammers, which include call cloning, malicious apps, and fake websites. Consequently, malicious actors are fraudulently withdrawing money from users’ accounts.
Scammers Working Model
Financial scammers employ various tactics to exploit victims’ bank accounts:
Fake Websites: Scammers create spoofed websites resembling the State Bank of Pakistan’s official verification pages. Victims are lured into submitting personal financial information in the context of the Pakistan Army Poverty Alleviation and Revival of Economy Campaign. An example is the fake website (www.statebankverification.wixsite.com).
Social Engineering: Malicious actors use tactics like impersonating bank employees or managers by calling from unknown or compromised phone numbers, including masked banking official numbers. They request personally identifiable information (PII) such as internet banking usernames, CNIC numbers, debit card details, and PINs. They also manipulate victims into forwarding One Time Passwords (OTPs) received from the bank, enabling them to compromise bank accounts or engage in unauthorized transactions.
Anonymity: Attackers rely on secure and anonymous cyber methods to carry out their operations, making it challenging to trace their activities.
Phishing: This involves sending fraudulent emails or messages that appear to be from reputable companies, aiming to deceive individuals into divulging personal information.
Smishing: Scammers send text messages impersonating legitimate companies to trick individuals into revealing personal information.
Vishing: The fraudulent practice of making phone calls or leaving voice messages, pretending to be reputable companies, in order to extract personal information from individuals.
These tactics enable scammers to exploit victims’ financial information, facilitating unauthorized transactions and potentially leading to financial losses.
Protecting Against Financial Scams: Proactive Measures and Cyber Awareness
To effectively tackle financial scams and social engineering threats, it’s important to recognize that there’s no infallible technical solution. Instead, a proactive approach involving responsible digital practices and adherence to security guidelines is essential. Central to this strategy are cyber awareness campaigns focused on financial scams, aimed at educating individuals about scam tactics and empowering them to spot and respond to potential threats
In parallel, individuals should take tangible protective actions, such as promptly blocking fraudulent websites, remaining vigilant when receiving calls from alleged bank representatives, guarding sensitive information, and exercising caution with suspicious phone numbers and SMS messages.
It’s also vital to strengthen digital security through practices like multi-factor authentication, regular password updates, and the use of licensed security software. By following these measures and participating in awareness initiatives, individuals can significantly enhance their defenses against financial scams and online threat
