Acknowledging a significant surge in banking and financial frauds, the National Telecommunication and Information Security Board (NTISB) has cautioned that the challenge of eradicating and detecting social engineering attacks lacks a straightforward technical solution.
In response to this alarming trend, the NTISB has issued an advisory titled ‘Rising Financial and Banking Scams: Prevention Measures.’ It attributes the increasing incidents of banking and financial fraud to a pervasive lack of cybersecurity awareness among users.
In these fraudulent schemes, attackers utilize secure and anonymous cyber methods to hide their identities, making it difficult to trace their actions. They employ social engineering tactics by impersonating official phone numbers or using compromised WhatsApp accounts, posing as bank staff to request sensitive information such as internet banking credentials, CNIC numbers, debit card details, and PINs. They then manipulate users into forwarding received One-Time Passwords (OTPs) via WhatsApp links, granting them access to compromise bank accounts and execute unauthorized transfers.
To mitigate these risks, NTISB recommends a multifaceted approach, including vigilance in verifying suspicious calls with the official bank helpline, refraining from sharing sensitive information over the phone, cautious handling of SMS related to lottery schemes, verification of sender IDs in bank messages, wariness of clickable links and get-rich-quick scams, implementation of multi-factor authentication for online accounts, scrutiny of app permissions and trusted sources, installation of updated security software, domain verification before clicking on URLs, and a formal complaint process for unresolved banking fraud cases.
The NTISB emphasizes that while there is no one-size-fits-all technical solution to combat social engineering attacks, raising cybersecurity awareness, adhering to security guidelines, and implementing protective measures are essential steps to safeguard against financial and banking frauds.