The Federal Board of Revenue (FBR) has issued a notice to all Pakistanis who are receiving emails from the FBR. Reportedly, the emails are asking for private and confidential information including PIN numbers of taxpayers, passwords, or information associated with credit/debit cards.
The emails being circulated are actually phishing scams as they are extracting information from users and using it to access their accounts for unauthorized behavior.
FBR’s official website reads:
There are numerous attempts by individuals & groups to solicit personal information from unsuspecting users by employing social engineering techniques. Various emails are crafted to appear as if they have been sent from a legitimate organization or known individual.
These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, which can further expose them to future compromises.
Additionally, these fraudulent websites may contain malicious code. Emails designed to obtain taxpayer’s banking information in lieu of facilitating a refund to the taxpayer or any other activity associated with an individual’s bank account are extremely dangerous with an intent to defraud the individual. FBR strictly advises the taxpayer from disclosing any information especially related to your bank accounts via these emails and associated links.
This is called Phishing and it is used by identity thieves around the world who misuse the online financial systems and deprive unsuspecting people of their money. Globally phishing deprives people of around a billion US$ annually.
How to Identify a Phishing Scam
There are a lot of indicators which can help an individual identify a scam email. These include:
Unofficial email ID
Generic Greeting without using proper names and designations
How to Report a Scam Email
If you receive an e-mail or find a website you think is pretending to be of FBR, forward the e-mail or website URL to email@example.com
If you receive an e-mail from someone claiming to be the authorized by FBR or directing you to an Income Tax website:
Do not reply.
Do not open any attachments. Attachments may contain malicious code that will infect your computer.
Do not click on any links. If you clicked on links in a suspicious e-mail or phishing website then do not enter confidential information like a bank account, credit card details.
Do not cut and paste the link from the message into your browsers, phishers can make the link look like real, but it actually directs you to different websites.
Use anti-virus software, anti-spyware, and a firewall and keep them updated. Some phishing e-mails contain software that can harm your computer or track your activities on the internet without your knowledge. Anti-virus & Anti-spyware software and firewall can protect you from inadvertently accepting such unwanted files.