The National Telecommunication and Information Security Board (NTISB) has warned the public about the surge in banking and financial fraud in Pakistan. The board has issued an advisory on how to avoid falling prey to such scams, which are mainly due to a lack of cybersecurity awareness at users’ end.
Scammers Use Social Engineering and Malicious Apps to Steal Money
According to the NTISB, scammers are equipped with the latest technology for masking the official numbers of banks, and use social engineering tactics to deceive customers into revealing their sensitive information, such as passwords, CNIC numbers, and debit/credit card PINs. The board said that banks do not ask for such information over the phone, except when the user calls them for activation of a debit card or Internet banking account.
The NTISB also cautioned the public about malicious applications that look legitimate, but are designed to steal money from users’ accounts. The board advised users to always check application permissions before installation, and install applications from Google/iPhone Play Store only. Users should also review app details, number of downloads, user reviews, comments, and the “additional information” section before downloading or installing apps on Android devices.
False SMS Regarding Lottery Schemes and Prize Offers are Bogus
The NTISB further warned the public about false SMS messages regarding lottery schemes, Benazir Income Support Program prize offers, and other money-making offers. The board said that these are all bogus, and users should not trust or reply to them. Users should also pay attention to suspicious numbers that do not look like real mobile phone numbers, as scammers often use email-to-text services to mask their identity.
The board also said that genuine SMS messages received from banks usually contain the sender ID (consisting of the bank’s short name) instead of a phone number in the sender information field. Users should always verify any suspicious SMS or call by contacting the banking helpline themselves.
Users Should Use Multi-Factor Authentication and Strong Passwords
The NTISB also recommended several measures to enhance cybersecurity and prevent fraud. Users should always use multi-factor authentication (MFA) on Internet Banking Apps, WhatsApp, Social Media, and Gmail accounts. Users should also keep a strong password for email or online accounts and regularly change passwords to prevent hacking.
The board also suggested users to install updated, reputed, and licensed antivirus, anti-malware, and anti-phishing solutions on PC and mobile devices. After installation, users should scan the suspected device with an antivirus solution to detect and clean infections.
There is No Technical Solution to Eradicate and Detect Social Engineering
The NTISB admitted that there is no technical solution that can eradicate and detect social engineering; however, safe usage of mobile/computers and compliance with security guidelines is the only way forward. The board said that cyber awareness campaigns regarding financial scams should be arranged at different forums.
The NTISB also urged the public to report any fraudulent activity or incident to their respective banks or law enforcement agencies as soon as possible.
