A sophisticated banking scam is currently targeting Meezan Bank customers, raising serious concerns about data privacy and cybersecurity in Pakistan’s banking sector. Scammers are now using “Caller ID Spoofing” to make phone calls appear as if they are coming directly from the bank’s official helpline.
This alarming trend came to light on November 25, when Islamabad-based journalist Ammar Khan Yasir exposed a fraud attempt that nearly cost him his savings.
Translation:
Data leak of Pakistan’s largest bank, everyone be careful. A call from the bank’s official number, how is this possible? Do scammers know everything?
The incident began when Yasir received a call from what appeared to be Meezan Bank’s official number. According to the journalist, the caller spoke with professional confidence and, shockingly, already possessed every single detail of his bank account.
The scammer’s objective was to trick the user into revealing the One-Time Password (OTP). This OTP was the final key required to empty the account within minutes. Fortunately, Yasir sensed something was wrong. He refused to share the code and recorded the call instead.
The most concerning aspect of this fraud is the source of the data. Yasir revealed that the specific ATM card the scammer attempted to use actually belonged to his wife.
Crucially, this card had a near-zero digital footprint. It was used only a few times a year and strictly at ATMs. The card had never been swiped at a Point of Sale (POS) machine, never used for online shopping, and never inserted at a shop.
Consequently, there was no logical way for the card’s information to be skimmed or hacked through normal usage. This led Yasir to conclude that the sensitive data was leaked from within the banking system itself.
After the incident, the clip Yasir posted on social media quickly went viral, amassing over two million views. Soon, his inbox was flooded with messages from other victims who were not as lucky.
Multiple users reported falling prey to the exact same tactic. Losses ranged significantly:
Following the viral outcry, Meezan Bank’s headquarters contacted the journalist on the morning of November 26. The bank stated that they are taking the matter seriously. They also expressed a desire to collaborate with Yasir to better educate the public regarding these frauds.
In response, Yasir advised the bank to deploy cybersecurity experts rather than just PR representatives. He emphasised that the public needs to understand the technical mechanisms of these scams, specifically how spoofing works, to effectively protect themselves.
This incident proves that scammers are becoming more sophisticated. Even the most cautious users can be fooled by spoofed official numbers. Please remember these safety rules: