Fraudsters in Pakistan have found a new way of tricking innocent Pakistani banking customers who use SMS banking services. These fraudsters are sending SMS messages to customers of different banks telling them that their SMS subscription has ended (when in fact they have not).
The fraudsters tell the users that they must enter their account information to continue receiving FREE alerts about their bank accounts.
Previously these fraudsters used to send emails asking bank customers to change their password, but this new method is apparently more triggering and dangerous as users may soon update their SMS alert status by giving out critical information to fraudsters.
Just have a look at the below SMS that was received by one HBL customer:
Now this message, that apparently came from HBL, is masked, a technique to fool people into believing that it came from legitimate sources.
Read More: What are masked text messages?
Unsuspecting customers who fall prey to this scam, are directed to go to this website (hblupdate.com) and enter all their account details (including mother name, CNIC, ATM card number, PIN etc.).
In actuality, they are exposing their details to fraudsters who will use the same detail to empty their accounts.
Not to mention, Pakistani bank account holders have been victim of ATM skimming and other hacks that ultimately lead to illegitimate withdrawal of their funds.
Clearly, Pakistani bank and law enforcement authorities have failed several times in safeguarding the bank accounts of customers. In fact such fraudsters are still going scot-free and indulging in these heinous practices, secure in the belief that there’s apparently no one to stop them.
What Customers Must Do Before Entering their ATM Card Number / PIN
Bank customers are requested to keep these things in mind.
Please note that no bank will ask you for ATM card number or PIN numbers through their websites.
Customers also need to learn that not every website could be the official website of their bank. Make sure that the website they are submitting any data to — if they must — is the official website.
Don’t give away information to any one (on a website, SMS or call) without verifying that they are legitimate and official communication points.