Public alert: Beware of sham courier messages demanding verification codes
The Pakistan Telecommunication Authority (PTA) has issued a warning to the public about a new wave of fraudulent messages that appear to be from courier services and banks. These messages often request verification codes, which pose a significant risk of unauthorized digital access.
The PTA reaffirmed its commitment to safeguarding consumers from online fraud and urged the public to exercise caution and verify the authenticity of suspicious messages. Genuine courier companies do not require customers to input verification codes to receive their parcels, and banks also advise customers never to share One-Time Password (OTP) codes with anyone claiming to represent their bank or the central bank.
To protect your personal information and digital accounts from these fraudulent messages, consider the following best practices:
- Never share verification codes or passwords with anyone, even if the request appears to come from a bank, courier service, or someone claiming to be customer support.
- Verify messages carefully, especially if they contain verification codes or request you to click links. Look for signs of phishing such as missing expected security features. For example, KuCoin provides an Anti-Phishing Code, an 8-digit numeric code you set yourself, which appears in all official SMS and emails containing verification codes. Messages lacking this code indicate phishing attempts.
- Enable multi-factor authentication (MFA) on your accounts, preferably using hardware tokens (like FIDO2 keys) rather than just SMS codes, as some advanced phishing can bypass SMS-based MFA.
- Be cautious of app-specific passwords and avoid creating or sharing them unless absolutely necessary, since attackers use social engineering to obtain these passwords to bypass MFA and other protections.
- Use browser-based security tools or extensions (such as Push Security’s Employee Verification Codes) to add an additional layer of identity verification that helps confirm authentic communication during support calls or suspicious interactions.
- Educate yourself to recognize phishing attempts, scrutinize URLs carefully, and confirm the sender’s legitimacy independently by contacting the company’s official support channels directly rather than replying to suspicious messages.
In summary, do not respond to unsolicited requests for verification codes, use recognized security features like Anti-Phishing Codes, enable robust MFA with hardware tokens where possible, and rely on official communication channels for verification to protect yourself from fraudulent messages impersonating courier services or banks. Sharing verification codes may allow malicious actors to gain control of your personal information.
Stay vigilant and stay safe!
- It's crucial to be aware that cybercriminals may exploit the advancements in technology and engage in criminal activities, like phishing scams, under the guise of general-news or crime-and-justice headlines in news articles or emails, posing a threat to cybersecurity.
- To prevent unauthorized access to one's digital accounts, it's essential to adhere to cybersecurity best practices, such as the usage of multi-factor authentication (MFA), verifying the authenticity of messages, and implementing security tools or extensions to identify potential phishing attempts.
