docs/research_notes.md

Research Notes: Pakistan Scam & Fraud Message Patterns

Overview

This document summarizes publicly available research on scam, fraud, and confusing official-looking messages targeting Pakistani citizens. Sources include public advisories from PTA, FIA, FBR, State Bank of Pakistan, bank social media pages, Reddit discussions, and cybersecurity reports.

Goal: Build a local dataset of 50+ safe, anonymized examples for the "Pakistan Notice Helper" hackathon app.

---

1. FBR (Federal Board of Revenue) Scams

Pattern: Fake Tax Notices & Refund Scams

• Source: FBR official website (fbr.gov.pk/beware-fradulant-sms)
• Description: Scammers send SMS claiming to be from FBR, offering tax refunds or threatening penalties. They ask victims to call a mobile number and disclose bank account details.
• Red flags: FBR never sends SMS to obtain banking information; messages ask for bank details; urgency language
• Example text: "Dear Taxpayer, your refund of Rs. XX,XXX is pending. Call [number] to claim."
• Official advisory: FBR warns taxpayers never to share banking info via SMS/email

Pattern: Fake Income Tax Return Filing Reminders

• Source: Reddit r/pakistan
• Description: Users report receiving SMS about filing income tax returns that look official but contain suspicious links
• Red flags: Links to non-official domains, pressure to act immediately

Pattern: Fake Invoices/Receipts

• Source: FBR Facebook page (Oct 2024)
• Description: FBR warns about fake invoices circulating; encourages using TaxAsaan App to verify receipts via QR codes
• Red flags: Receipts that cannot be verified through official app

---

2. Bank Scams (HBL, UBL, Meezan, Bank Alfalah, etc.)

Pattern: Fake Reward Points

• Source: HBL official Facebook page
• Description: Scammers send SMS claiming reward points are about to expire, with a link to "redeem" them
• Red flags: Suspicious links, banks never ask for sensitive info via SMS/calls/emails
• Example text: "Dear HBL customer, your 5000 reward points expire today! Redeem now: [link]"

Pattern: Account Blocking/KYC Update

• Source: Meezan Bank Facebook page
• Description: Messages claiming account will be blocked unless KYC is updated immediately
• Red flags: Urgency, links to non-bank domains, requests for personal/financial details
• Example text: "Your account will be blocked in 24 hours. Update KYC: [link]"

Pattern: Fake Fraud Alerts

• Source: Aura.com analysis, HBL advisories
• Description: Scammers send fake "fraud alert" messages asking customers to verify transactions
• Red flags: Requests to transfer money to "stop fraud", messages from unknown numbers

Pattern: Bank Impersonation Calls

• Source: Instagram (HBL scam alert)
• Description: Fraudsters call posing as bank officials, trick people into transferring funds via mobile app
• Red flags: Calls from non-bank numbers, pressure to act immediately

---

3. Mobile Wallet Scams (Easypaisa, JazzCash)

Pattern: Fake Payment Confirmation

• Source: Reddit r/PakistaniTech, YouTube
• Description: Scammer sends fake payment screenshot claiming money was sent "by mistake" and asks for refund
• Red flags: Payment not actually received, pressure to return money quickly
• Example text: "Maine galti se 5000 bhej diye hain aap ko. Please wapas kar dein."

Pattern: "Mistaken Transfer" Call

• Source: Reddit (JazzCash employee account)
• Description: Caller claims they accidentally sent money to victim's account and wants it back
• Red flags: Actual balance doesn't match claimed amount, requests to send to different account
• Notable: JazzCash employee reported disabling 7 scam wallets in one session

Pattern: Account Verification Scam

• Source: Reddit r/PakistaniTech
• Description: Call from number appearing as "+1950" claiming unauthorized transactions on JazzCash account
• Red flags: International-looking numbers, requests for account details

Pattern: SBP Cooling Period Exploitation

• Source: Reddit r/PakistaniTech
• Description: State Bank introduced 2-hour hold on transfers to prevent fraud; scammers try to exploit this window
• Context: Legitimate policy to protect users

---

4. PTA & FIA Impersonation

Pattern: PTA SIM Verification/Blocking

• Source: PTA Facebook page, PTA website
• Description: Messages claiming PTA will block SIM/phone unless verification is completed via a link
• Red flags: PTA never asks for personal details via SMS; suspicious links
• Example text: "PTA Alert: Your SIM will be blocked. Verify now: [link]"
• Official advisory: PTA warns citizens never to click suspicious links or share personal details

Pattern: FIA Cyber Crime Threat Messages

• Source: Dawn.com (FIA warning)
• Description: Fake messages using FIA name and DG FIA position, with "Top Secret" stamp, accusing victims of cyber crimes
• Red flags: WhatsApp/email messages (FIA doesn't send these), blackmail attempts, fake stamps
• Example text: "FIA has detected illegal activity from your device. Contact immediately or face arrest."
• Official statement: "The FIA does not send such messages to any individual through WhatsApp or email"

Pattern: WhatsApp Account Hijacking via OTP Scam

• Source: National CERT Pakistan advisory, LinkedIn, multiple sources
• Description: Attacker poses as trusted contact or WhatsApp support, requests 6-digit verification code
• Methods: Social engineering (OTP request), call forwarding exploits (USSD codes), phishing links
• Red flags: Request for verification code, messages from "new number claiming to be friend"
• Official advisory: National CERT issued detailed advisory (NCA-01.011226)

---

5. Courier & Customs Scams

Pattern: Fake Delivery Notifications

• Source: PTA Instagram/Facebook, Group-IB research
• Description: SMS claiming package delivery failed, asking to click link to update address or pay fees
• Red flags: Sender ID spoofing, urgency, requests for "handling fees" or "taxes"
• Example text: "Your parcel could not be delivered. Update address: [link]"
• Technical detail: Scammers use SMS gateway sender ID spoofing to merge with legitimate message threads

Pattern: Fake Customs Duty Payment

• Source: Facebook groups (Voice of Customer PK)
• Description: Messages claiming customs duty must be paid before package release
• Red flags: Links to payment portals, requests for advance payment

Pattern: Parcel Content Replacement

• Source: Facebook groups
• Description: Riders from various courier companies allegedly replacing package contents
• Context: Reported with Daraz, TCS, Pakistan Post, Daewoo, Leopards

---

6. E-Challan & Traffic Fine Scams

Pattern: Fake E-Challan SMS

• Source: Facebook (Cars of Pak), Reddit r/pakistan, multiple news sources
• Description: SMS claiming traffic violation with link to pay fine online
• Red flags: Links not from official PSCA (9915) or Safe City Authority, urgent payment requests
• Example text: "Traffic police: Your vehicle has an overdue challan. Pay now: [link]"
• Official advisory: PSCA e-challan messages come only from 9915; Islamabad Police warned about fake pop-ups

Pattern: Motorway Phishing Pop-ups

• Source: Instagram
• Description: Fake pop-ups claiming unpaid motorway tolls/challans
• Red flags: Pop-up format, requests for payment details

---

7. Utility Bill Scams

Pattern: Electricity Disconnection Threat

• Source: Connected Pakistan (Power Division warning), Facebook
• Description: Messages claiming power will be disconnected in 30 minutes unless bill is paid immediately
• Red flags: Extreme urgency, personal payment links, QR codes
• Example text: "K-Electric Alert: Your electricity will be disconnected in 30 minutes. Pay now: [link]"
• Context: Pakistan's Power Division issued warning after hackers reportedly created fake QR codes on bills

Pattern: Fake Gas/Water Bill Links

• Source: SNGC/LESCO advisories
• Description: Messages with links to pay overdue utility bills
• Red flags: Links to non-official domains, requests for immediate payment

---

8. Prize, Lottery & Refund Scams

Pattern: Congratulations Winner Messages

• Source: PTA Facebook, HBL Facebook, Soneri Bank Facebook
• Description: Messages/calls claiming you've won a prize in a lottery you never entered
• Red flags: You didn't enter any lottery, requests for "processing fees" or "taxes"
• Example text: "Congratulations! You have won Rs. 500,000 in lucky draw. Send Rs. 2,000 processing fee to claim."

Pattern: Fake Tax Refund

• Source: FBR advisory
• Description: Messages claiming FBR has a tax refund ready, need bank details to process
• Red flags: FBR never asks for banking info via SMS

Pattern: Fake Cashback/Reward

• Source: Various bank advisories
• Description: Messages offering cashback or rewards for clicking links
• Red flags: Too-good-to-be-true offers, suspicious links

---

9. Job & Employment Scams

Pattern: WhatsApp Job Offers (Daraz/company impersonation)

• Source: LinkedIn, Facebook groups
• Description: WhatsApp messages offering part-time jobs with daily earnings of Rs. 25,000-68,000
• Red flags: Unsolicited offers, requests to join Telegram groups, "add products to wishlist" tasks
• Example text: "Congratulations! You have been selected for online employee position. Daily salary Rs. 25,000-68,000. Contact recruiter on WhatsApp."
• Modus operandi: Start with small payments (Rs. 100 per task) to build trust, then ask for "investment"

Pattern: Fake Overseas Job Ads

• Source: ICMPD research
• Description: Fraudulent job ads on Facebook/WhatsApp/Instagram for Gulf countries
• Red flags: Requests for upfront fees, "car registration" or "insurance" charges
• Context: Pakistan has 9M+ workers who migrated between 2011-2024

Pattern: Recruitment Scam (Lahore-based)

• Source: LinkedIn
• Description: Scammers create professional-looking fake job listings, conduct fake interviews
• Red flags: Vague job details, pressure to complete "new hire paperwork" before meeting employer

---

10. University & Education Scams

Pattern: Fake HEC Scholarship Announcements

• Source: HEC Pakistan Facebook page
• Description: Fake scholarship announcements asking for money to secure spots
• Red flags: HEC warns that anyone demanding money for scholarships is fake/fraud

Pattern: Fake University Admissions

• Source: BBC News, Inside Higher Ed
• Description: AI-generated fake university websites designed to steal money and personal data
• Context: Axact scandal (2015) - Pakistan's largest fake degree operation

---

11. Account Blocking & Verification Scams

Pattern: WhatsApp Account Blocking

• Source: PTA Facebook, Express News
• Description: Messages claiming WhatsApp account will be blocked on fake/inactive numbers
• Red flags: Links to verify account, requests for personal information

Pattern: NADRA/CNIC Verification

• Source: Facebook (Aniqa Nisar)
• Description: Calls claiming to be from NADRA/Army/FIA asking for OTP to "unblock" account
• Red flags: "NADRA, Army, or FIA NEVER call you via WhatsApp"
• Example text: "Your CNIC has been blocked. Share the OTP code to verify your identity."

Pattern: SIM Blocking Threats

• Source: PTA advisories
• Description: Messages threatening SIM blockage unless action is taken
• Red flags: PTA official channels don't send such messages

---

12. General Red Flags (Cross-Category)

1. Urgency: "Act now", "24 hours", "immediately", "or else..."
2. Requests for personal info: Bank details, CNIC, OTP codes, passwords
3. Suspicious links: Non-official domains, URL shorteners, misspelled domains
4. Threats: Account blocking, service disconnection, legal action
5. Too-good-to-be-true: Prizes, refunds, job offers with high pay
6. Sender mismatch: Messages from personal numbers claiming to be organizations
7. Grammar/spelling errors: Common in phishing messages
8. Requests to call unknown numbers: Especially mobile numbers for "official" matters
9. Requests to transfer money: "Return" mistaken transfers, pay "fees" to claim prizes
10. Pressure to bypass security: "Ignore warnings", "don't tell anyone"

---

Official Reporting Channels

Organization	Channel	Contact
PTA	Complaint portal	complaints.pta.gov.pk
FIA/NCCIA	Cyber crime helpline	1991
SBP	Banking complaints	021-111-727-727
FBR	Tax fraud	fbr.gov.pk
National CERT	pkcert.gov.pk	pkcert.gov.pk

---

Sources Used

1. FBR Official Website - Beware of Fraudulent SMS advisory
2. PTA Facebook/Instagram - Multiple scam warnings
3. HBL Facebook - Fake Reward Point Scam warning
4. Meezan Bank Facebook - Impersonation fraud warning
5. UBL Facebook - Prize scam awareness
6. Dawn.com - FIA warns against fake messages
7. Reddit r/pakistan - FBR SMS, e-challan scam discussions
8. Reddit r/PakistaniTech - Easypaisa/JazzCash scam reports
9. National CERT Pakistan - WhatsApp hijacking advisory (NCA-01.011226)
10. Connected Pakistan - Power Division warning about QR codes
11. Facebook groups (Voice of Customer PK) - Courier scam reports
12. Cars of Pak Facebook - E-challan scam alert
13. LinkedIn - Job scam reports, WhatsApp hacking analysis
14. Group-IB - Fake shipment tracking scam research
15. ICMPD - Fake job ads research
16. HEC Pakistan Facebook - Fake scholarship warnings
17. BBC News - Axact fake degree scandal
18. Soneri Bank Facebook - Lottery scam warning
19. CyberPeace - E-challan scam advisory
20. FBR Facebook - Fake invoices/receipts warning

---

Notes on Data Privacy

• All examples in the dataset are anonymized
• Phone numbers, CNIC numbers, account numbers, addresses are masked
• No personal data from private individuals is stored
• Examples are recreated based on public patterns, not copied verbatim from private messages
• Source URLs are included only for public advisories and official pages

---

Publicly Available Scam Advisory Images

These images are from official advisories and are publicly shared for awareness purposes. They have been downloaded to sample_inputs/ for reference.

E-Challan Scam Advisory (Associated Press of Pakistan)

• Source: APP.com.pk - CTO Islamabad advisory (Sep 2025)
• Image 1: sample_inputs/echallan_scam_advisory_app.jpeg
  • URL: https://www.app.com.pk/wp-content/uploads/2025/09/7c3a2991-d26f-4d2f-bc26-cc69b1707237.jpeg
• Image 2: sample_inputs/echallan_scam_advisory_detail.jpeg
  • URL: https://www.app.com.pk/wp-content/uploads/2025/09/ce896b99-e57d-419d-814c-c022ddadb1ea.jpeg

Pakistan Post Fake SMS (Resecurity Research)

• Source: Resecurity - Smishing Triad targeting Pakistan
• Image 1: sample_inputs/pakistan_post_fake_sms_resecurity.jpeg
  • URL: https://www.resecurity.com/uploads/post/331/a900a7a910364a6ba3a9a15524e32886.jpeg
  • Description: Fake SMS claiming package cannot be delivered due to incorrect address
• Image 2: sample_inputs/pakistan_post_fake_sms_2_resecurity.png
  • URL: https://www.resecurity.com/uploads/post/331/4ef4601adbde0a5ec50e4453a3ac0df5.png
  • Description: Fake Pakistan Post SMS with suspicious link

Additional Public Image References (Not Downloaded - For Reference Only)

E-Challan Scam Images (Instagram/Facebook)

• PSCA Official Warning: https://www.instagram.com/reel/DV0dOC7ADYf
  • Description: Official PSCA warning about fake e-challan SMS from non-9915 numbers
• Punjab Safe Cities: https://www.facebook.com/punjabsafecities/posts/1146666947636867
  • Description: E-challan scam alert with example messages

Bank Scam Images (Facebook)

• HBL Fake Reward Points: https://www.facebook.com/HBLBank/posts/1300972745547014
  • Description: HBL warning about fake reward point SMS scams
• Meezan Bank Impersonation: https://www.facebook.com/MeezanBank/posts/1404461508375967
  • Description: Warning about fraudsters impersonating Meezan Bank

Courier Scam Images (NCERT Advisory)

• NCERT Advisory PDF: https://pkcert.gov.pk/advisory/24-11.pdf
  • Description: Contains examples of fake Pakistan Post SMS and counterfeit websites
• TCS Scam Alert: https://www.facebook.com/tcscouriers/posts/1146049587565703
  • Description: TCS warning about fake SMS and WhatsApp messages

PTA Advisories

• PTA Phishing Warning: https://www.facebook.com/PTAOfficialPK/posts/1306871771606204
  • Description: PTA warning about phishing scams
• PTA Fake Courier Warning: https://www.pta.gov.pk/category/beware-of-fake-courier-messages-1528511679-2025-07-28
  • Description: Official PTA advisory about fake courier messages

WhatsApp Hijacking (National CERT)

• CERT Advisory: https://pkcert.gov.pk/advisory/26/1.pdf
  • Description: Detailed advisory on WhatsApp account hijacking methods including OTP scams, call forwarding exploits, and phishing links

Image Dataset (Updated)

The data/examples.jsonl file now contains 27 image-based examples with the following structure:

• image: Path to the screenshot in sample_inputs/
• category: traffic_challan, courier, FBR, bank, wallet, unknown
• risk_label: Likely scam, Suspicious, Verify first, Looks normal
• source_type: reddit, official_advisory, other
• source_url: Public URL where the image was found
• description: What the screenshot shows
• red_flags: Array of warning signs visible in the image

Image Categories in Dataset

• E-Challan Scams (3 images): Fake traffic fine SMS from non-9915 numbers
• Courier Scams (18 images): Pakistan Post, TCS, Leopards fake delivery SMS
• Bank Scams (3 images): HBL, generic bank fraud alerts
• FBR Tax Scams (2 images): Fake tax refund messages
• WhatsApp Scams (1 image): Verification code request scam

Image Usage Notes

• All downloaded images are from official government advisories, security research reports, and public Reddit/social media posts
• These are shared publicly for awareness and educational purposes
• No private or personal data is included in these images
• Images show real scam patterns that Pakistani citizens encounter daily
• For the hackathon app, use these as training data for scam detection