The National Telecommunication and Information Security Board (NTISB) has acknowledged a significant rise in banking and financial frauds, emphasizing the challenge of combating social engineering techniques. Here’s a breakdown of their advisory and recommended safety measures:
Advisory by NTISB:
- Increased Fraudulent Activity: NTISB has observed a substantial increase in banking and financial frauds, predominantly through phishing and vishing tactics. These incidents often occur due to a lack of cybersecurity awareness among users.
- Social Engineering Exploitation: Scammers employ various tactics, including impersonating phone numbers or using unknown mobile phones or compromised WhatsApp numbers to deceive victims into divulging sensitive information like internet banking usernames, CNIC numbers, debit card details, and PINs. They also manipulate users into forwarding One-Time Passwords (OTPs) directly or through WhatsApp links, enabling unauthorized access to bank accounts and online shopping.
- Malicious Applications: Victims receive SMS containing links to phishing websites resembling legitimate banking or government sites. Users are prompted to enter personal data and download malicious APK files for verification purposes. These apps often masquerade as official government or banking apps and can compromise user data, including personal information and financial details.
To mitigate these threats, NTISB suggests the following protective measures:
- Vigilance Against Masked Calls: Scammers can mask their identity by altering the appearance of official bank numbers. Users are advised to independently verify any suspicious call by contacting the bank’s helpline themselves.
- Guard Sensitive Information: Never disclose sensitive information over the phone, including passwords, CNIC numbers, and debit/credit card PINs. Banks typically do not request such information over the phone except when initiated by the user.
- Beware of Suspicious Numbers: Be cautious of phone numbers that do not resemble genuine mobile numbers, as scammers may use email-to-text services to obscure their real numbers.
- Avoid False SMS Offers: Disregard SMS messages claiming lottery schemes or Benazir Income Support Program prize offers, as they are fraudulent.
- Check Sender IDs: Genuine SMS messages from banks typically display a sender ID (the bank’s short name) instead of a phone number.
- Avoid Clickable Links: Refrain from clicking on URLs promising easy money or enticing offers, as they are often scams.
- Exercise Multi-Factor Authentication (MFA): Enable MFA on Internet Banking Apps, WhatsApp, social media, and Gmail accounts for enhanced security.
- Maintain Strong Passwords: Use robust, regularly updated passwords for email and online accounts to prevent unauthorized access.
- Review App Permissions: Prior to installing applications, carefully examine their permissions and download apps only from reputable sources like Google Play Store or Apple App Store.
- Install Antivirus Software: Install and maintain licensed antivirus, anti-malware, and anti-phishing solutions on PCs and mobile devices. Regularly scan devices to detect and remove infections.
- Verify Website URLs: Only click on URLs that clearly indicate the website domain. When in doubt, search for the organization’s website directly using search engines.
- Reporting Banking Fraud: If you encounter banking fraud, promptly report it to the concerned bank’s helpline.
- Complaint Resolution: If the bank fails to address your complaint within 45 days, you have the option to file a written complaint (attested by an oath commissioner) with the Banking Mohtasib of Pakistan.
Following these guidelines and staying vigilant can help safeguard against banking and financial frauds in Pakistan.