ISLAMABAD: The National Cyber Emergency Response Team of Pakistan (PKCERT) has issued an advisory warning citizens against a new wave of phishing attacks, urging them to remain vigilant against online fraud.
The advisory says that a new phishing and spoofing attack campaign is actively targeting Pakistani citizens through fraudulent emails impersonating law enforcement authorities.
It highlights the importance of vigilance against phishing attacks impersonating law enforcement authorities, urging individuals and organisations to follow the recommended precautions and report any suspicious emails.
“By staying informed and adopting proactive security measures, we can collectively mitigate the risks associated with cybercrime and phishing scams,” it says.
PKCERT is a federal government entity responsible for protecting Pakistan’s digital assets, sensitive information, and critical infrastructure from cyberattacks, cyberterrorism, and cyber espionage. The advisory adds that these emails falsely claim to be from the “Office of Commissioner Police Department” and accuse recipients of cybercrime offences.
The campaign aims to instil fear and manipulate victims into responding, potentially exposing their personal and financial information. The PKCERT has identified multiple red flags indicating that these emails are part of a broader social engineering attack.
It also lists the details of phishing styles, highlighting that the fraudulent email campaign employs fear-based tactics to pressure recipients into responding.
“The email falsely claims legal action will be taken within 24 hours unless the recipient complies, and the primary red flags include mainly from non-existent law enforcement authorities like the Commissioner Police Department, Central Bureau of Investigation, etc. that are non-existent in Pakistan,” the advisory says. It says that those involved in such fraudulent activities also use the names of laws that are either not applicable or do not exist in Pakistan.
The key tool of those involved in phishing is the pressure of urgency and threats of arrest, media exposure, blacklisting, etc.
“The general public must remember that these criminals use fake email domains and the legitimate Pakistani government domains are ‘gov.pk’,” it says.
Among the key risks and threats of such attacks are identity thefts, as the victims may unknowingly provide personal details to attackers, and financial fraud, as the scammers may use fear tactics to trick victims into making payments or providing financial information.
The victims face credential theft and responding to the email may expose login credentials, enabling attackers to hijack online accounts.
PKCERT recommended that citizens should not respond to such emails and also verify the sender’s authenticity by checking whether the email originates from a legitimate government domain such as gov.pk.
It also urged the public to monitor bank accounts and emails regularly for unauthorised activity and report phishing attempts to the PKCERT or relevant law enforcement agencies.
Published in Dawn, February 20th, 2025
- Desk Reporthttps://foresightmags.com/author/admin/
- Desk Reporthttps://foresightmags.com/author/admin/
- Desk Reporthttps://foresightmags.com/author/admin/
- Desk Reporthttps://foresightmags.com/author/admin/
