File size: 18,617 Bytes
2a071e1
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
# Research Notes: Pakistan Scam & Fraud Message Patterns

## Overview

This document summarizes publicly available research on scam, fraud, and confusing official-looking messages targeting Pakistani citizens. Sources include public advisories from PTA, FIA, FBR, State Bank of Pakistan, bank social media pages, Reddit discussions, and cybersecurity reports.

**Goal:** Build a local dataset of 50+ safe, anonymized examples for the "Pakistan Notice Helper" hackathon app.

---

## 1. FBR (Federal Board of Revenue) Scams

### Pattern: Fake Tax Notices & Refund Scams
- **Source:** FBR official website (fbr.gov.pk/beware-fradulant-sms)
- **Description:** Scammers send SMS claiming to be from FBR, offering tax refunds or threatening penalties. They ask victims to call a mobile number and disclose bank account details.
- **Red flags:** FBR never sends SMS to obtain banking information; messages ask for bank details; urgency language
- **Example text:** "Dear Taxpayer, your refund of Rs. XX,XXX is pending. Call [number] to claim."
- **Official advisory:** FBR warns taxpayers never to share banking info via SMS/email

### Pattern: Fake Income Tax Return Filing Reminders
- **Source:** Reddit r/pakistan
- **Description:** Users report receiving SMS about filing income tax returns that look official but contain suspicious links
- **Red flags:** Links to non-official domains, pressure to act immediately

### Pattern: Fake Invoices/Receipts
- **Source:** FBR Facebook page (Oct 2024)
- **Description:** FBR warns about fake invoices circulating; encourages using TaxAsaan App to verify receipts via QR codes
- **Red flags:** Receipts that cannot be verified through official app

---

## 2. Bank Scams (HBL, UBL, Meezan, Bank Alfalah, etc.)

### Pattern: Fake Reward Points
- **Source:** HBL official Facebook page
- **Description:** Scammers send SMS claiming reward points are about to expire, with a link to "redeem" them
- **Red flags:** Suspicious links, banks never ask for sensitive info via SMS/calls/emails
- **Example text:** "Dear HBL customer, your 5000 reward points expire today! Redeem now: [link]"

### Pattern: Account Blocking/KYC Update
- **Source:** Meezan Bank Facebook page
- **Description:** Messages claiming account will be blocked unless KYC is updated immediately
- **Red flags:** Urgency, links to non-bank domains, requests for personal/financial details
- **Example text:** "Your account will be blocked in 24 hours. Update KYC: [link]"

### Pattern: Fake Fraud Alerts
- **Source:** Aura.com analysis, HBL advisories
- **Description:** Scammers send fake "fraud alert" messages asking customers to verify transactions
- **Red flags:** Requests to transfer money to "stop fraud", messages from unknown numbers

### Pattern: Bank Impersonation Calls
- **Source:** Instagram (HBL scam alert)
- **Description:** Fraudsters call posing as bank officials, trick people into transferring funds via mobile app
- **Red flags:** Calls from non-bank numbers, pressure to act immediately

---

## 3. Mobile Wallet Scams (Easypaisa, JazzCash)

### Pattern: Fake Payment Confirmation
- **Source:** Reddit r/PakistaniTech, YouTube
- **Description:** Scammer sends fake payment screenshot claiming money was sent "by mistake" and asks for refund
- **Red flags:** Payment not actually received, pressure to return money quickly
- **Example text:** "Maine galti se 5000 bhej diye hain aap ko. Please wapas kar dein."

### Pattern: "Mistaken Transfer" Call
- **Source:** Reddit (JazzCash employee account)
- **Description:** Caller claims they accidentally sent money to victim's account and wants it back
- **Red flags:** Actual balance doesn't match claimed amount, requests to send to different account
- **Notable:** JazzCash employee reported disabling 7 scam wallets in one session

### Pattern: Account Verification Scam
- **Source:** Reddit r/PakistaniTech
- **Description:** Call from number appearing as "+1950" claiming unauthorized transactions on JazzCash account
- **Red flags:** International-looking numbers, requests for account details

### Pattern: SBP Cooling Period Exploitation
- **Source:** Reddit r/PakistaniTech
- **Description:** State Bank introduced 2-hour hold on transfers to prevent fraud; scammers try to exploit this window
- **Context:** Legitimate policy to protect users

---

## 4. PTA & FIA Impersonation

### Pattern: PTA SIM Verification/Blocking
- **Source:** PTA Facebook page, PTA website
- **Description:** Messages claiming PTA will block SIM/phone unless verification is completed via a link
- **Red flags:** PTA never asks for personal details via SMS; suspicious links
- **Example text:** "PTA Alert: Your SIM will be blocked. Verify now: [link]"
- **Official advisory:** PTA warns citizens never to click suspicious links or share personal details

### Pattern: FIA Cyber Crime Threat Messages
- **Source:** Dawn.com (FIA warning)
- **Description:** Fake messages using FIA name and DG FIA position, with "Top Secret" stamp, accusing victims of cyber crimes
- **Red flags:** WhatsApp/email messages (FIA doesn't send these), blackmail attempts, fake stamps
- **Example text:** "FIA has detected illegal activity from your device. Contact immediately or face arrest."
- **Official statement:** "The FIA does not send such messages to any individual through WhatsApp or email"

### Pattern: WhatsApp Account Hijacking via OTP Scam
- **Source:** National CERT Pakistan advisory, LinkedIn, multiple sources
- **Description:** Attacker poses as trusted contact or WhatsApp support, requests 6-digit verification code
- **Methods:** Social engineering (OTP request), call forwarding exploits (USSD codes), phishing links
- **Red flags:** Request for verification code, messages from "new number claiming to be friend"
- **Official advisory:** National CERT issued detailed advisory (NCA-01.011226)

---

## 5. Courier & Customs Scams

### Pattern: Fake Delivery Notifications
- **Source:** PTA Instagram/Facebook, Group-IB research
- **Description:** SMS claiming package delivery failed, asking to click link to update address or pay fees
- **Red flags:** Sender ID spoofing, urgency, requests for "handling fees" or "taxes"
- **Example text:** "Your parcel could not be delivered. Update address: [link]"
- **Technical detail:** Scammers use SMS gateway sender ID spoofing to merge with legitimate message threads

### Pattern: Fake Customs Duty Payment
- **Source:** Facebook groups (Voice of Customer PK)
- **Description:** Messages claiming customs duty must be paid before package release
- **Red flags:** Links to payment portals, requests for advance payment

### Pattern: Parcel Content Replacement
- **Source:** Facebook groups
- **Description:** Riders from various courier companies allegedly replacing package contents
- **Context:** Reported with Daraz, TCS, Pakistan Post, Daewoo, Leopards

---

## 6. E-Challan & Traffic Fine Scams

### Pattern: Fake E-Challan SMS
- **Source:** Facebook (Cars of Pak), Reddit r/pakistan, multiple news sources
- **Description:** SMS claiming traffic violation with link to pay fine online
- **Red flags:** Links not from official PSCA (9915) or Safe City Authority, urgent payment requests
- **Example text:** "Traffic police: Your vehicle has an overdue challan. Pay now: [link]"
- **Official advisory:** PSCA e-challan messages come only from 9915; Islamabad Police warned about fake pop-ups

### Pattern: Motorway Phishing Pop-ups
- **Source:** Instagram
- **Description:** Fake pop-ups claiming unpaid motorway tolls/challans
- **Red flags:** Pop-up format, requests for payment details

---

## 7. Utility Bill Scams

### Pattern: Electricity Disconnection Threat
- **Source:** Connected Pakistan (Power Division warning), Facebook
- **Description:** Messages claiming power will be disconnected in 30 minutes unless bill is paid immediately
- **Red flags:** Extreme urgency, personal payment links, QR codes
- **Example text:** "K-Electric Alert: Your electricity will be disconnected in 30 minutes. Pay now: [link]"
- **Context:** Pakistan's Power Division issued warning after hackers reportedly created fake QR codes on bills

### Pattern: Fake Gas/Water Bill Links
- **Source:** SNGC/LESCO advisories
- **Description:** Messages with links to pay overdue utility bills
- **Red flags:** Links to non-official domains, requests for immediate payment

---

## 8. Prize, Lottery & Refund Scams

### Pattern: Congratulations Winner Messages
- **Source:** PTA Facebook, HBL Facebook, Soneri Bank Facebook
- **Description:** Messages/calls claiming you've won a prize in a lottery you never entered
- **Red flags:** You didn't enter any lottery, requests for "processing fees" or "taxes"
- **Example text:** "Congratulations! You have won Rs. 500,000 in lucky draw. Send Rs. 2,000 processing fee to claim."

### Pattern: Fake Tax Refund
- **Source:** FBR advisory
- **Description:** Messages claiming FBR has a tax refund ready, need bank details to process
- **Red flags:** FBR never asks for banking info via SMS

### Pattern: Fake Cashback/Reward
- **Source:** Various bank advisories
- **Description:** Messages offering cashback or rewards for clicking links
- **Red flags:** Too-good-to-be-true offers, suspicious links

---

## 9. Job & Employment Scams

### Pattern: WhatsApp Job Offers (Daraz/company impersonation)
- **Source:** LinkedIn, Facebook groups
- **Description:** WhatsApp messages offering part-time jobs with daily earnings of Rs. 25,000-68,000
- **Red flags:** Unsolicited offers, requests to join Telegram groups, "add products to wishlist" tasks
- **Example text:** "Congratulations! You have been selected for online employee position. Daily salary Rs. 25,000-68,000. Contact recruiter on WhatsApp."
- **Modus operandi:** Start with small payments (Rs. 100 per task) to build trust, then ask for "investment"

### Pattern: Fake Overseas Job Ads
- **Source:** ICMPD research
- **Description:** Fraudulent job ads on Facebook/WhatsApp/Instagram for Gulf countries
- **Red flags:** Requests for upfront fees, "car registration" or "insurance" charges
- **Context:** Pakistan has 9M+ workers who migrated between 2011-2024

### Pattern: Recruitment Scam (Lahore-based)
- **Source:** LinkedIn
- **Description:** Scammers create professional-looking fake job listings, conduct fake interviews
- **Red flags:** Vague job details, pressure to complete "new hire paperwork" before meeting employer

---

## 10. University & Education Scams

### Pattern: Fake HEC Scholarship Announcements
- **Source:** HEC Pakistan Facebook page
- **Description:** Fake scholarship announcements asking for money to secure spots
- **Red flags:** HEC warns that anyone demanding money for scholarships is fake/fraud

### Pattern: Fake University Admissions
- **Source:** BBC News, Inside Higher Ed
- **Description:** AI-generated fake university websites designed to steal money and personal data
- **Context:** Axact scandal (2015) - Pakistan's largest fake degree operation

---

## 11. Account Blocking & Verification Scams

### Pattern: WhatsApp Account Blocking
- **Source:** PTA Facebook, Express News
- **Description:** Messages claiming WhatsApp account will be blocked on fake/inactive numbers
- **Red flags:** Links to verify account, requests for personal information

### Pattern: NADRA/CNIC Verification
- **Source:** Facebook (Aniqa Nisar)
- **Description:** Calls claiming to be from NADRA/Army/FIA asking for OTP to "unblock" account
- **Red flags:** "NADRA, Army, or FIA NEVER call you via WhatsApp"
- **Example text:** "Your CNIC has been blocked. Share the OTP code to verify your identity."

### Pattern: SIM Blocking Threats
- **Source:** PTA advisories
- **Description:** Messages threatening SIM blockage unless action is taken
- **Red flags:** PTA official channels don't send such messages

---

## 12. General Red Flags (Cross-Category)

1. **Urgency:** "Act now", "24 hours", "immediately", "or else..."
2. **Requests for personal info:** Bank details, CNIC, OTP codes, passwords
3. **Suspicious links:** Non-official domains, URL shorteners, misspelled domains
4. **Threats:** Account blocking, service disconnection, legal action
5. **Too-good-to-be-true:** Prizes, refunds, job offers with high pay
6. **Sender mismatch:** Messages from personal numbers claiming to be organizations
7. **Grammar/spelling errors:** Common in phishing messages
8. **Requests to call unknown numbers:** Especially mobile numbers for "official" matters
9. **Requests to transfer money:** "Return" mistaken transfers, pay "fees" to claim prizes
10. **Pressure to bypass security:** "Ignore warnings", "don't tell anyone"

---

## Official Reporting Channels

| Organization | Channel | Contact |
|---|---|---|
| PTA | Complaint portal | complaints.pta.gov.pk |
| FIA/NCCIA | Cyber crime helpline | 1991 |
| SBP | Banking complaints | 021-111-727-727 |
| FBR | Tax fraud | fbr.gov.pk |
| National CERT | pkcert.gov.pk | pkcert.gov.pk |

---

## Sources Used

1. FBR Official Website - Beware of Fraudulent SMS advisory
2. PTA Facebook/Instagram - Multiple scam warnings
3. HBL Facebook - Fake Reward Point Scam warning
4. Meezan Bank Facebook - Impersonation fraud warning
5. UBL Facebook - Prize scam awareness
6. Dawn.com - FIA warns against fake messages
7. Reddit r/pakistan - FBR SMS, e-challan scam discussions
8. Reddit r/PakistaniTech - Easypaisa/JazzCash scam reports
9. National CERT Pakistan - WhatsApp hijacking advisory (NCA-01.011226)
10. Connected Pakistan - Power Division warning about QR codes
11. Facebook groups (Voice of Customer PK) - Courier scam reports
12. Cars of Pak Facebook - E-challan scam alert
13. LinkedIn - Job scam reports, WhatsApp hacking analysis
14. Group-IB - Fake shipment tracking scam research
15. ICMPD - Fake job ads research
16. HEC Pakistan Facebook - Fake scholarship warnings
17. BBC News - Axact fake degree scandal
18. Soneri Bank Facebook - Lottery scam warning
19. CyberPeace - E-challan scam advisory
20. FBR Facebook - Fake invoices/receipts warning

---

## Notes on Data Privacy

- All examples in the dataset are anonymized
- Phone numbers, CNIC numbers, account numbers, addresses are masked
- No personal data from private individuals is stored
- Examples are recreated based on public patterns, not copied verbatim from private messages
- Source URLs are included only for public advisories and official pages

---

## Publicly Available Scam Advisory Images

These images are from official advisories and are publicly shared for awareness purposes. They have been downloaded to `sample_inputs/` for reference.

### E-Challan Scam Advisory (Associated Press of Pakistan)
- **Source:** APP.com.pk - CTO Islamabad advisory (Sep 2025)
- **Image 1:** `sample_inputs/echallan_scam_advisory_app.jpeg`
  - URL: https://www.app.com.pk/wp-content/uploads/2025/09/7c3a2991-d26f-4d2f-bc26-cc69b1707237.jpeg
- **Image 2:** `sample_inputs/echallan_scam_advisory_detail.jpeg`
  - URL: https://www.app.com.pk/wp-content/uploads/2025/09/ce896b99-e57d-419d-814c-c022ddadb1ea.jpeg

### Pakistan Post Fake SMS (Resecurity Research)
- **Source:** Resecurity - Smishing Triad targeting Pakistan
- **Image 1:** `sample_inputs/pakistan_post_fake_sms_resecurity.jpeg`
  - URL: https://www.resecurity.com/uploads/post/331/a900a7a910364a6ba3a9a15524e32886.jpeg
  - Description: Fake SMS claiming package cannot be delivered due to incorrect address
- **Image 2:** `sample_inputs/pakistan_post_fake_sms_2_resecurity.png`
  - URL: https://www.resecurity.com/uploads/post/331/4ef4601adbde0a5ec50e4453a3ac0df5.png
  - Description: Fake Pakistan Post SMS with suspicious link

### Additional Public Image References (Not Downloaded - For Reference Only)

#### E-Challan Scam Images (Instagram/Facebook)
- PSCA Official Warning: https://www.instagram.com/reel/DV0dOC7ADYf
  - Description: Official PSCA warning about fake e-challan SMS from non-9915 numbers
- Punjab Safe Cities: https://www.facebook.com/punjabsafecities/posts/1146666947636867
  - Description: E-challan scam alert with example messages

#### Bank Scam Images (Facebook)
- HBL Fake Reward Points: https://www.facebook.com/HBLBank/posts/1300972745547014
  - Description: HBL warning about fake reward point SMS scams
- Meezan Bank Impersonation: https://www.facebook.com/MeezanBank/posts/1404461508375967
  - Description: Warning about fraudsters impersonating Meezan Bank

#### Courier Scam Images (NCERT Advisory)
- NCERT Advisory PDF: https://pkcert.gov.pk/advisory/24-11.pdf
  - Description: Contains examples of fake Pakistan Post SMS and counterfeit websites
- TCS Scam Alert: https://www.facebook.com/tcscouriers/posts/1146049587565703
  - Description: TCS warning about fake SMS and WhatsApp messages

#### PTA Advisories
- PTA Phishing Warning: https://www.facebook.com/PTAOfficialPK/posts/1306871771606204
  - Description: PTA warning about phishing scams
- PTA Fake Courier Warning: https://www.pta.gov.pk/category/beware-of-fake-courier-messages-1528511679-2025-07-28
  - Description: Official PTA advisory about fake courier messages

#### WhatsApp Hijacking (National CERT)
- CERT Advisory: https://pkcert.gov.pk/advisory/26/1.pdf
  - Description: Detailed advisory on WhatsApp account hijacking methods including OTP scams, call forwarding exploits, and phishing links

### Image Dataset (Updated)
The `data/examples.jsonl` file now contains 27 image-based examples with the following structure:
- `image`: Path to the screenshot in `sample_inputs/`
- `category`: traffic_challan, courier, FBR, bank, wallet, unknown
- `risk_label`: Likely scam, Suspicious, Verify first, Looks normal
- `source_type`: reddit, official_advisory, other
- `source_url`: Public URL where the image was found
- `description`: What the screenshot shows
- `red_flags`: Array of warning signs visible in the image

### Image Categories in Dataset
- **E-Challan Scams (3 images)**: Fake traffic fine SMS from non-9915 numbers
- **Courier Scams (18 images)**: Pakistan Post, TCS, Leopards fake delivery SMS
- **Bank Scams (3 images)**: HBL, generic bank fraud alerts
- **FBR Tax Scams (2 images)**: Fake tax refund messages
- **WhatsApp Scams (1 image)**: Verification code request scam

### Image Usage Notes
- All downloaded images are from official government advisories, security research reports, and public Reddit/social media posts
- These are shared publicly for awareness and educational purposes
- No private or personal data is included in these images
- Images show real scam patterns that Pakistani citizens encounter daily
- For the hackathon app, use these as training data for scam detection