Spaces:
Running on Zero
Running on Zero
File size: 18,617 Bytes
2a071e1 | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 | # Research Notes: Pakistan Scam & Fraud Message Patterns
## Overview
This document summarizes publicly available research on scam, fraud, and confusing official-looking messages targeting Pakistani citizens. Sources include public advisories from PTA, FIA, FBR, State Bank of Pakistan, bank social media pages, Reddit discussions, and cybersecurity reports.
**Goal:** Build a local dataset of 50+ safe, anonymized examples for the "Pakistan Notice Helper" hackathon app.
---
## 1. FBR (Federal Board of Revenue) Scams
### Pattern: Fake Tax Notices & Refund Scams
- **Source:** FBR official website (fbr.gov.pk/beware-fradulant-sms)
- **Description:** Scammers send SMS claiming to be from FBR, offering tax refunds or threatening penalties. They ask victims to call a mobile number and disclose bank account details.
- **Red flags:** FBR never sends SMS to obtain banking information; messages ask for bank details; urgency language
- **Example text:** "Dear Taxpayer, your refund of Rs. XX,XXX is pending. Call [number] to claim."
- **Official advisory:** FBR warns taxpayers never to share banking info via SMS/email
### Pattern: Fake Income Tax Return Filing Reminders
- **Source:** Reddit r/pakistan
- **Description:** Users report receiving SMS about filing income tax returns that look official but contain suspicious links
- **Red flags:** Links to non-official domains, pressure to act immediately
### Pattern: Fake Invoices/Receipts
- **Source:** FBR Facebook page (Oct 2024)
- **Description:** FBR warns about fake invoices circulating; encourages using TaxAsaan App to verify receipts via QR codes
- **Red flags:** Receipts that cannot be verified through official app
---
## 2. Bank Scams (HBL, UBL, Meezan, Bank Alfalah, etc.)
### Pattern: Fake Reward Points
- **Source:** HBL official Facebook page
- **Description:** Scammers send SMS claiming reward points are about to expire, with a link to "redeem" them
- **Red flags:** Suspicious links, banks never ask for sensitive info via SMS/calls/emails
- **Example text:** "Dear HBL customer, your 5000 reward points expire today! Redeem now: [link]"
### Pattern: Account Blocking/KYC Update
- **Source:** Meezan Bank Facebook page
- **Description:** Messages claiming account will be blocked unless KYC is updated immediately
- **Red flags:** Urgency, links to non-bank domains, requests for personal/financial details
- **Example text:** "Your account will be blocked in 24 hours. Update KYC: [link]"
### Pattern: Fake Fraud Alerts
- **Source:** Aura.com analysis, HBL advisories
- **Description:** Scammers send fake "fraud alert" messages asking customers to verify transactions
- **Red flags:** Requests to transfer money to "stop fraud", messages from unknown numbers
### Pattern: Bank Impersonation Calls
- **Source:** Instagram (HBL scam alert)
- **Description:** Fraudsters call posing as bank officials, trick people into transferring funds via mobile app
- **Red flags:** Calls from non-bank numbers, pressure to act immediately
---
## 3. Mobile Wallet Scams (Easypaisa, JazzCash)
### Pattern: Fake Payment Confirmation
- **Source:** Reddit r/PakistaniTech, YouTube
- **Description:** Scammer sends fake payment screenshot claiming money was sent "by mistake" and asks for refund
- **Red flags:** Payment not actually received, pressure to return money quickly
- **Example text:** "Maine galti se 5000 bhej diye hain aap ko. Please wapas kar dein."
### Pattern: "Mistaken Transfer" Call
- **Source:** Reddit (JazzCash employee account)
- **Description:** Caller claims they accidentally sent money to victim's account and wants it back
- **Red flags:** Actual balance doesn't match claimed amount, requests to send to different account
- **Notable:** JazzCash employee reported disabling 7 scam wallets in one session
### Pattern: Account Verification Scam
- **Source:** Reddit r/PakistaniTech
- **Description:** Call from number appearing as "+1950" claiming unauthorized transactions on JazzCash account
- **Red flags:** International-looking numbers, requests for account details
### Pattern: SBP Cooling Period Exploitation
- **Source:** Reddit r/PakistaniTech
- **Description:** State Bank introduced 2-hour hold on transfers to prevent fraud; scammers try to exploit this window
- **Context:** Legitimate policy to protect users
---
## 4. PTA & FIA Impersonation
### Pattern: PTA SIM Verification/Blocking
- **Source:** PTA Facebook page, PTA website
- **Description:** Messages claiming PTA will block SIM/phone unless verification is completed via a link
- **Red flags:** PTA never asks for personal details via SMS; suspicious links
- **Example text:** "PTA Alert: Your SIM will be blocked. Verify now: [link]"
- **Official advisory:** PTA warns citizens never to click suspicious links or share personal details
### Pattern: FIA Cyber Crime Threat Messages
- **Source:** Dawn.com (FIA warning)
- **Description:** Fake messages using FIA name and DG FIA position, with "Top Secret" stamp, accusing victims of cyber crimes
- **Red flags:** WhatsApp/email messages (FIA doesn't send these), blackmail attempts, fake stamps
- **Example text:** "FIA has detected illegal activity from your device. Contact immediately or face arrest."
- **Official statement:** "The FIA does not send such messages to any individual through WhatsApp or email"
### Pattern: WhatsApp Account Hijacking via OTP Scam
- **Source:** National CERT Pakistan advisory, LinkedIn, multiple sources
- **Description:** Attacker poses as trusted contact or WhatsApp support, requests 6-digit verification code
- **Methods:** Social engineering (OTP request), call forwarding exploits (USSD codes), phishing links
- **Red flags:** Request for verification code, messages from "new number claiming to be friend"
- **Official advisory:** National CERT issued detailed advisory (NCA-01.011226)
---
## 5. Courier & Customs Scams
### Pattern: Fake Delivery Notifications
- **Source:** PTA Instagram/Facebook, Group-IB research
- **Description:** SMS claiming package delivery failed, asking to click link to update address or pay fees
- **Red flags:** Sender ID spoofing, urgency, requests for "handling fees" or "taxes"
- **Example text:** "Your parcel could not be delivered. Update address: [link]"
- **Technical detail:** Scammers use SMS gateway sender ID spoofing to merge with legitimate message threads
### Pattern: Fake Customs Duty Payment
- **Source:** Facebook groups (Voice of Customer PK)
- **Description:** Messages claiming customs duty must be paid before package release
- **Red flags:** Links to payment portals, requests for advance payment
### Pattern: Parcel Content Replacement
- **Source:** Facebook groups
- **Description:** Riders from various courier companies allegedly replacing package contents
- **Context:** Reported with Daraz, TCS, Pakistan Post, Daewoo, Leopards
---
## 6. E-Challan & Traffic Fine Scams
### Pattern: Fake E-Challan SMS
- **Source:** Facebook (Cars of Pak), Reddit r/pakistan, multiple news sources
- **Description:** SMS claiming traffic violation with link to pay fine online
- **Red flags:** Links not from official PSCA (9915) or Safe City Authority, urgent payment requests
- **Example text:** "Traffic police: Your vehicle has an overdue challan. Pay now: [link]"
- **Official advisory:** PSCA e-challan messages come only from 9915; Islamabad Police warned about fake pop-ups
### Pattern: Motorway Phishing Pop-ups
- **Source:** Instagram
- **Description:** Fake pop-ups claiming unpaid motorway tolls/challans
- **Red flags:** Pop-up format, requests for payment details
---
## 7. Utility Bill Scams
### Pattern: Electricity Disconnection Threat
- **Source:** Connected Pakistan (Power Division warning), Facebook
- **Description:** Messages claiming power will be disconnected in 30 minutes unless bill is paid immediately
- **Red flags:** Extreme urgency, personal payment links, QR codes
- **Example text:** "K-Electric Alert: Your electricity will be disconnected in 30 minutes. Pay now: [link]"
- **Context:** Pakistan's Power Division issued warning after hackers reportedly created fake QR codes on bills
### Pattern: Fake Gas/Water Bill Links
- **Source:** SNGC/LESCO advisories
- **Description:** Messages with links to pay overdue utility bills
- **Red flags:** Links to non-official domains, requests for immediate payment
---
## 8. Prize, Lottery & Refund Scams
### Pattern: Congratulations Winner Messages
- **Source:** PTA Facebook, HBL Facebook, Soneri Bank Facebook
- **Description:** Messages/calls claiming you've won a prize in a lottery you never entered
- **Red flags:** You didn't enter any lottery, requests for "processing fees" or "taxes"
- **Example text:** "Congratulations! You have won Rs. 500,000 in lucky draw. Send Rs. 2,000 processing fee to claim."
### Pattern: Fake Tax Refund
- **Source:** FBR advisory
- **Description:** Messages claiming FBR has a tax refund ready, need bank details to process
- **Red flags:** FBR never asks for banking info via SMS
### Pattern: Fake Cashback/Reward
- **Source:** Various bank advisories
- **Description:** Messages offering cashback or rewards for clicking links
- **Red flags:** Too-good-to-be-true offers, suspicious links
---
## 9. Job & Employment Scams
### Pattern: WhatsApp Job Offers (Daraz/company impersonation)
- **Source:** LinkedIn, Facebook groups
- **Description:** WhatsApp messages offering part-time jobs with daily earnings of Rs. 25,000-68,000
- **Red flags:** Unsolicited offers, requests to join Telegram groups, "add products to wishlist" tasks
- **Example text:** "Congratulations! You have been selected for online employee position. Daily salary Rs. 25,000-68,000. Contact recruiter on WhatsApp."
- **Modus operandi:** Start with small payments (Rs. 100 per task) to build trust, then ask for "investment"
### Pattern: Fake Overseas Job Ads
- **Source:** ICMPD research
- **Description:** Fraudulent job ads on Facebook/WhatsApp/Instagram for Gulf countries
- **Red flags:** Requests for upfront fees, "car registration" or "insurance" charges
- **Context:** Pakistan has 9M+ workers who migrated between 2011-2024
### Pattern: Recruitment Scam (Lahore-based)
- **Source:** LinkedIn
- **Description:** Scammers create professional-looking fake job listings, conduct fake interviews
- **Red flags:** Vague job details, pressure to complete "new hire paperwork" before meeting employer
---
## 10. University & Education Scams
### Pattern: Fake HEC Scholarship Announcements
- **Source:** HEC Pakistan Facebook page
- **Description:** Fake scholarship announcements asking for money to secure spots
- **Red flags:** HEC warns that anyone demanding money for scholarships is fake/fraud
### Pattern: Fake University Admissions
- **Source:** BBC News, Inside Higher Ed
- **Description:** AI-generated fake university websites designed to steal money and personal data
- **Context:** Axact scandal (2015) - Pakistan's largest fake degree operation
---
## 11. Account Blocking & Verification Scams
### Pattern: WhatsApp Account Blocking
- **Source:** PTA Facebook, Express News
- **Description:** Messages claiming WhatsApp account will be blocked on fake/inactive numbers
- **Red flags:** Links to verify account, requests for personal information
### Pattern: NADRA/CNIC Verification
- **Source:** Facebook (Aniqa Nisar)
- **Description:** Calls claiming to be from NADRA/Army/FIA asking for OTP to "unblock" account
- **Red flags:** "NADRA, Army, or FIA NEVER call you via WhatsApp"
- **Example text:** "Your CNIC has been blocked. Share the OTP code to verify your identity."
### Pattern: SIM Blocking Threats
- **Source:** PTA advisories
- **Description:** Messages threatening SIM blockage unless action is taken
- **Red flags:** PTA official channels don't send such messages
---
## 12. General Red Flags (Cross-Category)
1. **Urgency:** "Act now", "24 hours", "immediately", "or else..."
2. **Requests for personal info:** Bank details, CNIC, OTP codes, passwords
3. **Suspicious links:** Non-official domains, URL shorteners, misspelled domains
4. **Threats:** Account blocking, service disconnection, legal action
5. **Too-good-to-be-true:** Prizes, refunds, job offers with high pay
6. **Sender mismatch:** Messages from personal numbers claiming to be organizations
7. **Grammar/spelling errors:** Common in phishing messages
8. **Requests to call unknown numbers:** Especially mobile numbers for "official" matters
9. **Requests to transfer money:** "Return" mistaken transfers, pay "fees" to claim prizes
10. **Pressure to bypass security:** "Ignore warnings", "don't tell anyone"
---
## Official Reporting Channels
| Organization | Channel | Contact |
|---|---|---|
| PTA | Complaint portal | complaints.pta.gov.pk |
| FIA/NCCIA | Cyber crime helpline | 1991 |
| SBP | Banking complaints | 021-111-727-727 |
| FBR | Tax fraud | fbr.gov.pk |
| National CERT | pkcert.gov.pk | pkcert.gov.pk |
---
## Sources Used
1. FBR Official Website - Beware of Fraudulent SMS advisory
2. PTA Facebook/Instagram - Multiple scam warnings
3. HBL Facebook - Fake Reward Point Scam warning
4. Meezan Bank Facebook - Impersonation fraud warning
5. UBL Facebook - Prize scam awareness
6. Dawn.com - FIA warns against fake messages
7. Reddit r/pakistan - FBR SMS, e-challan scam discussions
8. Reddit r/PakistaniTech - Easypaisa/JazzCash scam reports
9. National CERT Pakistan - WhatsApp hijacking advisory (NCA-01.011226)
10. Connected Pakistan - Power Division warning about QR codes
11. Facebook groups (Voice of Customer PK) - Courier scam reports
12. Cars of Pak Facebook - E-challan scam alert
13. LinkedIn - Job scam reports, WhatsApp hacking analysis
14. Group-IB - Fake shipment tracking scam research
15. ICMPD - Fake job ads research
16. HEC Pakistan Facebook - Fake scholarship warnings
17. BBC News - Axact fake degree scandal
18. Soneri Bank Facebook - Lottery scam warning
19. CyberPeace - E-challan scam advisory
20. FBR Facebook - Fake invoices/receipts warning
---
## Notes on Data Privacy
- All examples in the dataset are anonymized
- Phone numbers, CNIC numbers, account numbers, addresses are masked
- No personal data from private individuals is stored
- Examples are recreated based on public patterns, not copied verbatim from private messages
- Source URLs are included only for public advisories and official pages
---
## Publicly Available Scam Advisory Images
These images are from official advisories and are publicly shared for awareness purposes. They have been downloaded to `sample_inputs/` for reference.
### E-Challan Scam Advisory (Associated Press of Pakistan)
- **Source:** APP.com.pk - CTO Islamabad advisory (Sep 2025)
- **Image 1:** `sample_inputs/echallan_scam_advisory_app.jpeg`
- URL: https://www.app.com.pk/wp-content/uploads/2025/09/7c3a2991-d26f-4d2f-bc26-cc69b1707237.jpeg
- **Image 2:** `sample_inputs/echallan_scam_advisory_detail.jpeg`
- URL: https://www.app.com.pk/wp-content/uploads/2025/09/ce896b99-e57d-419d-814c-c022ddadb1ea.jpeg
### Pakistan Post Fake SMS (Resecurity Research)
- **Source:** Resecurity - Smishing Triad targeting Pakistan
- **Image 1:** `sample_inputs/pakistan_post_fake_sms_resecurity.jpeg`
- URL: https://www.resecurity.com/uploads/post/331/a900a7a910364a6ba3a9a15524e32886.jpeg
- Description: Fake SMS claiming package cannot be delivered due to incorrect address
- **Image 2:** `sample_inputs/pakistan_post_fake_sms_2_resecurity.png`
- URL: https://www.resecurity.com/uploads/post/331/4ef4601adbde0a5ec50e4453a3ac0df5.png
- Description: Fake Pakistan Post SMS with suspicious link
### Additional Public Image References (Not Downloaded - For Reference Only)
#### E-Challan Scam Images (Instagram/Facebook)
- PSCA Official Warning: https://www.instagram.com/reel/DV0dOC7ADYf
- Description: Official PSCA warning about fake e-challan SMS from non-9915 numbers
- Punjab Safe Cities: https://www.facebook.com/punjabsafecities/posts/1146666947636867
- Description: E-challan scam alert with example messages
#### Bank Scam Images (Facebook)
- HBL Fake Reward Points: https://www.facebook.com/HBLBank/posts/1300972745547014
- Description: HBL warning about fake reward point SMS scams
- Meezan Bank Impersonation: https://www.facebook.com/MeezanBank/posts/1404461508375967
- Description: Warning about fraudsters impersonating Meezan Bank
#### Courier Scam Images (NCERT Advisory)
- NCERT Advisory PDF: https://pkcert.gov.pk/advisory/24-11.pdf
- Description: Contains examples of fake Pakistan Post SMS and counterfeit websites
- TCS Scam Alert: https://www.facebook.com/tcscouriers/posts/1146049587565703
- Description: TCS warning about fake SMS and WhatsApp messages
#### PTA Advisories
- PTA Phishing Warning: https://www.facebook.com/PTAOfficialPK/posts/1306871771606204
- Description: PTA warning about phishing scams
- PTA Fake Courier Warning: https://www.pta.gov.pk/category/beware-of-fake-courier-messages-1528511679-2025-07-28
- Description: Official PTA advisory about fake courier messages
#### WhatsApp Hijacking (National CERT)
- CERT Advisory: https://pkcert.gov.pk/advisory/26/1.pdf
- Description: Detailed advisory on WhatsApp account hijacking methods including OTP scams, call forwarding exploits, and phishing links
### Image Dataset (Updated)
The `data/examples.jsonl` file now contains 27 image-based examples with the following structure:
- `image`: Path to the screenshot in `sample_inputs/`
- `category`: traffic_challan, courier, FBR, bank, wallet, unknown
- `risk_label`: Likely scam, Suspicious, Verify first, Looks normal
- `source_type`: reddit, official_advisory, other
- `source_url`: Public URL where the image was found
- `description`: What the screenshot shows
- `red_flags`: Array of warning signs visible in the image
### Image Categories in Dataset
- **E-Challan Scams (3 images)**: Fake traffic fine SMS from non-9915 numbers
- **Courier Scams (18 images)**: Pakistan Post, TCS, Leopards fake delivery SMS
- **Bank Scams (3 images)**: HBL, generic bank fraud alerts
- **FBR Tax Scams (2 images)**: Fake tax refund messages
- **WhatsApp Scams (1 image)**: Verification code request scam
### Image Usage Notes
- All downloaded images are from official government advisories, security research reports, and public Reddit/social media posts
- These are shared publicly for awareness and educational purposes
- No private or personal data is included in these images
- Images show real scam patterns that Pakistani citizens encounter daily
- For the hackathon app, use these as training data for scam detection
|