A cyber security advisory has been launched concerning a hoax email attack that National Database and Registration Authority (NADRA) impersonators are preying on government entities, specifically the National Computer Emergency Response Team (nCERT).
The warning draws attention to a highly skilled phishing attempt that targets victims’ critical financial and personal information. Phishing emails from NADRA impersonators lead recipients to a fake website that impersonates the organization’s services and tricks users into divulging personal information—such as banking card numbers and CNIC numbers—under the pretense of offering tax refunds.
The phishing emails are designed to look like official NADRA correspondence, according to the attack’s investigation. NADRA impersonators use sophisticated social engineering strategies. They play with victims’ trust by making references to official government services such as tax returns. The phishing emails are sent from spoofed or compromised addresses, making them appear authentic to unsuspecting recipients. Users are instructed to click on a link, which is provided in the email. In order to collect their 2023 tax refund, the users are then taken to a NADRA service portal, which is bogus.
While using official branding and logos, the bogus website is designed to look just like a real NADRA portal. The attackers collect the data that victims enter, including their financial information and CNIC numbers. Following its transmission to malicious servers under the control of cybercriminals, the stolen data opens the door to identity theft and other fraud schemes.
Indicators of compromise (IOCs), according to nCERT, include particular malicious URLs connected to the phishing attempt. Among them are domains that have been linked to phishing activity. These domains have been marked as dangerous by Google Chrome, and users are advised to proceed with caution when dealing with such links.
nCERT advises the implementation of sophisticated email filtering and anti-phishing solutions to detect and stop malicious communications in response to the threats detailed in the report. It is recommended that government enterprises use email authentication standards like DKIM, DMARC, and SPF to prevent attackers from utilizing reputable government domains for phishing attacks. It is also essential to integrate these security measures with threat intelligence feeds in order to automatically ban known phishing domains.
Additionally, nCERT emphasized how crucial it is to mandate multi-factor authentication (MFA) on all systems if we want to improve security. Moreover, organizations must enforce strong password regulations and reset passwords, especially for users who could have interacted with phishing emails.
It is also recommended to put endpoint detection and response (EDR) systems in place to keep an eye out for any strange activity that might point to phishing-related dangers. Updating the security on all systems is a must for fixing known vulnerabilities that hackers could use against you.
In order to strengthen document security, it is advised to put in place policies that limit scripts and macros in office files and PDFs. Malicious code execution can be stopped using such measures. In addition, it also advises analyzing uncertain attachments before the user accesses them through sandboxing technology.
When it comes to network and domain security, organizations are warned to forbid discovered malicious domains and IP addresses in order to stop manipulation. It is important to continuously monitor network traffic for any indecent communication with bogus sites that have been uncovered.
In order to quickly detect and stop phishing assaults, the government agencies are required by the advice to create or update incident response procedures. Moreover, it is also advised to accommodate in a timely manner, with sector-specific and national CERTs to provide IOCs and threat intelligence.
