Fraudsters in Pakistan have found a new way of tricking innocent Pakistani banking customers who use SMS banking services. These fraudsters are sending SMS messages to customers of different banks telling them that their SMS subscription has ended (when in fact they have not).
The fraudsters tell the users that they must enter their account information to continue receiving FREE alerts about their bank accounts.
Previously these fraudsters used to send emails asking bank customers to change their password, but this new method is apparently more triggering and dangerous as users may soon update their SMS alert status by giving out critical information to fraudsters.
Just have a look at the below SMS that was received by one HBL customer:
Now this message, that apparently came from HBL, is masked, a technique to fool people into believing that it came from legitimate sources.
Read More: What are masked text messages?
Unsuspecting customers who fall prey to this scam, are directed to go to this website (hblupdate.com) and enter all their account details (including mother name, CNIC, ATM card number, PIN etc.).
In actuality, they are exposing their details to fraudsters who will use the same detail to empty their accounts.
Not to mention, Pakistani bank account holders have been victim of ATM skimming and other hacks that ultimately lead to illegitimate withdrawal of their funds.
Also Read:
- Hackers Steal Money from Standard Chartered Accounts by Hacking ATMs
- Hackers Steal Money from Faysal Bank Customers Once Again!
- Indian Hackers Attack HBL ATMs to Steal Thousands of Rupees
Clearly, Pakistani bank and law enforcement authorities have failed several times in safeguarding the bank accounts of customers. In fact such fraudsters are still going scot-free and indulging in these heinous practices, secure in the belief that there’s apparently no one to stop them.
What Customers Must Do Before Entering their ATM Card Number / PIN
Bank customers are requested to keep these things in mind.
Please note that no bank will ask you for ATM card number or PIN numbers through their websites.
Customers also need to learn that not every website could be the official website of their bank. Make sure that the website they are submitting any data to — if they must — is the official website.
Don’t give away information to any one (on a website, SMS or call) without verifying that they are legitimate and official communication points.
horrifying Must be careful
These fraudsters have redirected http://www.hblupdate.com to http://smithnawa1.godaddysites.com/
yup verified myslef.
Dear Aamir,
How the hell some one can get masked number on the name of HBL? Is it so easy get this type of number in Pakistan?
yes very easy to get
How?
Where is PTA? How could he get a number masked with HBL?
you can buy online these kind of masked.
I’m more angry on HBL as they’re deducting Rs 118 every month.
Edit: SMS charges.
Man!!!! 118 is too much.
But for what?
Most bank’s internet banking is free.
It was SMS charges.
Once I signed up on HBL App, getting spam emails.
HBL sends all the sms from 4250 not with their name
They can also use this number
Using UBL netbanking. it’s free of cost..
Very old technique of phishing which is called smishing when done by SMS
I disagree with this… “Please note that no bank will ask you for ATM card number or PIN numbers through their websites.” One of the examples is that if you want to increase your online transfer limit on UBL, you have to enter the ATM card number.
ATM card number, may be. PIN number, NEVER!
WhoIS lookup of ublupdate.com:
Registrar URL: http://www.godaddy.com
Update Date: 2016-09-22T01:58:20Z
Creation Date: 2016-09-22T01:58:20Z
Registrant Name: MUHAMMAD ARIF
Registrant Organization:
Registrant Street: G9 MARKZ SILAMABAD
Registrant City: ISLAMABAD
Registrant State/Province: PUNJAB
Registrant Postal Code: 44000
Registrant Country: PK
Registrant Phone: +92.111425111
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]
whois record belongs to hbl,
as per ICANN 2013 RAA every used email in domain management/whois record must be verified.ab pata karen [email protected] kis nay verify kiya :D
https://uploads.disquscdn.com/images/7042088c0bf871f9f8e2696958d7c2074e1bb7c4b61a8c7be4a41411c05859bb.png
hblupdate is down now
yes, it has been taken care of
“Message Ali” in screenshot?
This has been taken care of
taken down hblupdate.com, smithnawa1.godaddysites.com https://uploads.disquscdn.com/images/e55de4ea2e9763c557dda15eccdd90beba08c2118166d6b54d2edb39e94cc997.png
First of all banks send alerts via short codes not with a masking, and anyone inside or outside Pakistan can send this kind of branded sms without any filters(And Warid’s filter system is weak and receives any other SMS without verification).
Secondly, One couldn’t receive an SMS from shortcode without any filtration process, each and every sms gets whitelisted first and then the end user receives it.
3rd: Message Ali? looks shady like someone trying to make a news forcefully, I don’t see any major data on hblupdate.com domain, not on archive.org and also no data on whois.domaintools.com
Lemme clear,
HAr jagah safarishi banday kaam nahi karsaktay so, you need IT professionals having good expertise in Information Security & Cyber Security.
[email protected] is a good of hacker
Do you need hackers for hire? Do you need to keep an eye on your
spouse by gaining access to their emails? As a parent do you want
to know what your kids do on a daily basis on social networks
( This includes facebook, twitter , instagram, whatsapp, WeChat and others to make sure
they’re not getting into trouble? Whatever it is, Ranging from Bank Jobs, Flipping cash,
Criminal records, DMV, Taxes, Name it,he will get the job done.He’s a professional hacker wi
20 Years+ experience. Contact
[email protected]
. Send an email and Its done. Its
that eas