Phishing emails and calls targeting Pakistani’s offering tax refunds are on the rise. Federal Board of Revenue (FBR) does not send e-mail requesting Taxpayers PIN numbers, passwords or similar access information for credit cards, banks or other financial accounts.
There are numerous attempts by individuals & groups to solicit personal information from unsuspecting users by employing social engineering techniques. Various emails are crafted to appear as if they have been sent from a legitimate organization or known individuals. These emails often attempt to entice users to click on a link that will take the user to a fraudulent website that appears legitimate. The user then may be asked to provide personal information, such as account usernames and passwords, which can further expose them to future compromises.
Additionally, these fraudulent websites may contain malicious code. Emails designed to obtain taxpayer’s banking information in lieu of facilitating a refund to the taxpayer or any other activity associated with an individual’s bank account are extremely dangerous with an intent to defraud the individual. FBR strictly advises the taxpayer from disclosing any information especially related to your bank accounts via these emails and associated links.
This is called Phishing and it is used by identity thieves around the world who misuse the online financial systems and deprive unsuspecting people of their money. Globally phishing deprives people of around a billion US$ annually.
If you receive an e-mail from someone claiming to be the authorized by FBR or directing you to an Income Tax website:
- Do not reply.
- Do not open any attachments. Attachments may contain malicious code that will infect your computer.
- Do not click on any links. If you clicked on links in a suspicious e-mail or phishing website then do not enter confidential information like bank account, credit card details.
- Do not cut and paste the link from the message into your browsers, phishers can make link look like real, but it actually directs you to different websites.
- Use anti-virus software, anti-spyware, and a firewall and keep them updated. Some phishing e-mails contain software that can harm your computer or track your activities on the internet without your knowledge. Anti-virus & Anti-spyware software and firewall can protect you from inadvertently accepting such unwanted files.
The taxpayers and general public are advised not to send their bank account details and password to any emails received from any email address that is apparently from FBR. Any link to any bank is not provided on FBR’s website and FBR would never ask for your bank details and passwords on its home page. Banks always advise their customers against disclosing their password even to bank officials or bank’s genuine websites. Public is requested to be careful and prudent regarding such emails and the links provided through such emails. All taxpayers and general public are requested not to trust such emails and never disclose their bank account numbers, passwords and other details.
If someone has become a victim of phishing attacks using a link, they must immediately change the password of the relevant account.