The National Telecom and Information Technology Security Board (NTISB) has issued a stern warning to the Federal Board of Revenue (FBR) that new cyberattacks on the FBR’s IT systems are expected in order to obtain confidential information held by the FBR.
On Wednesday, the NTSIB issued a warning to the FBR, recommending precautionary measures for FBR employees who work with IT systems, computers, and taxpayer databases.
The NTISB has warned the FBR in a new letter that hackers are sending government job advertisement-related emails to unrestricted users in order to obtain confidential information and launch a cyberattack on government institutions.
Hackers are disseminating a phishing email with the subject “Govt Jobs/ Recruitment” and an attachment containing a malicious Word document.
When you download the attachment, malware is installed in the background. Confucius APT Group is conducting a spear-phishing attack to collect information on a large scale via a biodata form.
When a person downloads a malicious email attachment, his or her computer or device is compromised, and the hacker gains access to all stored data.
End users are advised not to download attachments or click links sent via such enticing emails in order to protect their personal information, according to NTISB.
On Wednesday, the FBR’s IT arm, Pakistan Revenue Automation Limited (PRAL), issued an advisory notice to the FBR on the prevention of fake FBR emails.
PRAL directed FBR employees to strictly adhere to the FBR-approved IT Security Policy. Employees were instructed not to open attachments in suspicious emails, particularly those in Word, Excel, PowerPoint, or PDF format.
Employees of the FBR were also asked to verify the senders by checking their email addresses. PRAL also advised FBR employees to exercise caution when disclosing personal information and not to provide credentials to third parties.
Other recommendations stated that all sensitive information should be handled with care and disseminated through secure channels.
Employees were also instructed to change their passwords for their respective accounts on a regular basis. Employees were advised to contact the local PRAL technical support team if they needed assistance.
It also stated that if an employee’s computer system is compromised, the employee should immediately disconnect the computer from the internet and contact the PRAL Technical Support Team.
To read our blog on “Govt. of Pakistan websites are under attack,” click here.
