It has been reported that some hackers are using a fake webpage of FBR created for nefarious purposes. The taxpayers receive an email about their tax refund from fake email addresses e.g. customerservice@fbr.gov.pk which appear to be originating from FBR but in fact are not. The email informs the taxpayers to collect their tax refund by clicking on the designated link to a fake website of FBR which has links to banks. FBR’s official website is http://www.fbr.gov.pk but the click leads to fake web address http://www.springtowinter.gr/fbr.gov.pk/fbr.gov.refundportal.htm asking for their bank account number and password. If the users provide the information, their identity thus gets stolen and their bank accounts are then hacked.

This is called Phishing and it is used by identity thieves around the world who misuse the online financial systems and deprive unsuspecting people of their money. Globally phishing deprives people of around a billion US$ annually.

The taxpayers and general public are advised not to send their bank account details and password to any emails received from any email address that is apparently from FBR. Any link to any bank is not provided on FBR’s website and FBR would never ask for your bank details and passwords on its home page. Banks always advise their customers against disclosing their password even to bank officials or bank’s genuine websites. Public is requested to be careful and prudent regarding such emails and the links provided through such emails. All taxpayers and general public are requested not to trust such emails and never disclose their bank account numbers, passwords and other details.

These precautionary instructions are being issued in the public interest and public is also advised that if someone has become a victim of this phishing attack through using the link sent through above mentioned email, they must immediately change the password of the relevant online bank and never share it with anyone.

Mohammad Shahzad
Secretary PR