The National Cyber Emergency Response Team of Pakistan (PKCERT) has issued advisory against phishing attacks and asked the citizens, to aware themselves against such online fraudulent activities.
The advisory issued by PKCERT has said that a new phishing and spoofing attack campaign is actively targeting Pakistani citizens through fraudulent emails impersonating law enforcement authorities.
The advisory highlights the importance of vigilance against phishing attacks impersonating law enforcement authorities.
The National CERT urges individuals and organizations to follow the recommended precautions and report any suspicious emails.
By staying informed and adopting proactive security measures, we can collectively mitigate the risks associated with cybercrime and phishing scams.
PKCERT is a federal government entity responsible for protecting the digital assets, sensitive information, and critical infrastructure of Pakistan from cyber-attacks, cyber terrorism, and cyber espionage.
The advisory has added that these emails falsely claim to be from the “Office of Commissioner Police Department” and accuse recipients of cybercrime offenses.
The campaign aims to instill fear and manipulate victims into responding, potentially exposing their personal and financial information.
The PKCERT has identified multiple red flags indicating that these emails are part of a broader social engineering attack.
This advisory provides an in-depth analysis of the fraudulent emails, their impact, and recommended countermeasures to protect individuals and organisations from falling victim to this scam.
The advisory has also listed the details of ‘Phishing’ styles highlighting that the fraudulent email campaign employs fear-based tactics to pressure recipients into responding.
“The email falsely claims legal action will be taken within 24 hours unless the recipient complies and the primary red flags include mainly from non-existent law enforcement authorities like the ‘Commissioner Police Department’, ‘Central Bureau of Investigation’ etc that are non-existent Pakistan.” PKCERT has added.
It added that those involved in such fraudulent activities also used the names of laws that were either not applicable or were not the laws of Pakistan.
The PKCERT has added that the key tool of those involved in phishing was the pressure of urgency and threats of arrest, media exposure, and blacklisting etc.
“The general public must remember that these criminals use fake email domain and the legitimate Pakistani government domain are ‘.gov.pk’ domains.
Among the key risks and threats of such attacks are -identity thefts as the victims may unknowingly provide personal details to attackers, financial fraud as the scammers may use fear tactics to trick victims into making payments or providing financial information.
The victims face credential theft and responding to the email may expose login credentials, enabling attackers to hijack online accounts.
The Recommendations suggested by PKCERT is not respond to such emails and also verify the sender’s authenticity by checking whether the email originates from a legitimate government domain such as ‘.gov.pk’. The general public has been guided to regularly monitor their back accounts online and emails. PKSERT has also the citizens to report the scam to the National CERT or relevant law enforcement agencies.
