# Research Notes: Pakistan Scam & Fraud Message Patterns ## Overview This document summarizes publicly available research on scam, fraud, and confusing official-looking messages targeting Pakistani citizens. Sources include public advisories from PTA, FIA, FBR, State Bank of Pakistan, bank social media pages, Reddit discussions, and cybersecurity reports. **Goal:** Build a local dataset of 50+ safe, anonymized examples for the "Pakistan Notice Helper" hackathon app. --- ## 1. FBR (Federal Board of Revenue) Scams ### Pattern: Fake Tax Notices & Refund Scams - **Source:** FBR official website (fbr.gov.pk/beware-fradulant-sms) - **Description:** Scammers send SMS claiming to be from FBR, offering tax refunds or threatening penalties. They ask victims to call a mobile number and disclose bank account details. - **Red flags:** FBR never sends SMS to obtain banking information; messages ask for bank details; urgency language - **Example text:** "Dear Taxpayer, your refund of Rs. XX,XXX is pending. Call [number] to claim." - **Official advisory:** FBR warns taxpayers never to share banking info via SMS/email ### Pattern: Fake Income Tax Return Filing Reminders - **Source:** Reddit r/pakistan - **Description:** Users report receiving SMS about filing income tax returns that look official but contain suspicious links - **Red flags:** Links to non-official domains, pressure to act immediately ### Pattern: Fake Invoices/Receipts - **Source:** FBR Facebook page (Oct 2024) - **Description:** FBR warns about fake invoices circulating; encourages using TaxAsaan App to verify receipts via QR codes - **Red flags:** Receipts that cannot be verified through official app --- ## 2. Bank Scams (HBL, UBL, Meezan, Bank Alfalah, etc.) ### Pattern: Fake Reward Points - **Source:** HBL official Facebook page - **Description:** Scammers send SMS claiming reward points are about to expire, with a link to "redeem" them - **Red flags:** Suspicious links, banks never ask for sensitive info via SMS/calls/emails - **Example text:** "Dear HBL customer, your 5000 reward points expire today! Redeem now: [link]" ### Pattern: Account Blocking/KYC Update - **Source:** Meezan Bank Facebook page - **Description:** Messages claiming account will be blocked unless KYC is updated immediately - **Red flags:** Urgency, links to non-bank domains, requests for personal/financial details - **Example text:** "Your account will be blocked in 24 hours. Update KYC: [link]" ### Pattern: Fake Fraud Alerts - **Source:** Aura.com analysis, HBL advisories - **Description:** Scammers send fake "fraud alert" messages asking customers to verify transactions - **Red flags:** Requests to transfer money to "stop fraud", messages from unknown numbers ### Pattern: Bank Impersonation Calls - **Source:** Instagram (HBL scam alert) - **Description:** Fraudsters call posing as bank officials, trick people into transferring funds via mobile app - **Red flags:** Calls from non-bank numbers, pressure to act immediately --- ## 3. Mobile Wallet Scams (Easypaisa, JazzCash) ### Pattern: Fake Payment Confirmation - **Source:** Reddit r/PakistaniTech, YouTube - **Description:** Scammer sends fake payment screenshot claiming money was sent "by mistake" and asks for refund - **Red flags:** Payment not actually received, pressure to return money quickly - **Example text:** "Maine galti se 5000 bhej diye hain aap ko. Please wapas kar dein." ### Pattern: "Mistaken Transfer" Call - **Source:** Reddit (JazzCash employee account) - **Description:** Caller claims they accidentally sent money to victim's account and wants it back - **Red flags:** Actual balance doesn't match claimed amount, requests to send to different account - **Notable:** JazzCash employee reported disabling 7 scam wallets in one session ### Pattern: Account Verification Scam - **Source:** Reddit r/PakistaniTech - **Description:** Call from number appearing as "+1950" claiming unauthorized transactions on JazzCash account - **Red flags:** International-looking numbers, requests for account details ### Pattern: SBP Cooling Period Exploitation - **Source:** Reddit r/PakistaniTech - **Description:** State Bank introduced 2-hour hold on transfers to prevent fraud; scammers try to exploit this window - **Context:** Legitimate policy to protect users --- ## 4. PTA & FIA Impersonation ### Pattern: PTA SIM Verification/Blocking - **Source:** PTA Facebook page, PTA website - **Description:** Messages claiming PTA will block SIM/phone unless verification is completed via a link - **Red flags:** PTA never asks for personal details via SMS; suspicious links - **Example text:** "PTA Alert: Your SIM will be blocked. Verify now: [link]" - **Official advisory:** PTA warns citizens never to click suspicious links or share personal details ### Pattern: FIA Cyber Crime Threat Messages - **Source:** Dawn.com (FIA warning) - **Description:** Fake messages using FIA name and DG FIA position, with "Top Secret" stamp, accusing victims of cyber crimes - **Red flags:** WhatsApp/email messages (FIA doesn't send these), blackmail attempts, fake stamps - **Example text:** "FIA has detected illegal activity from your device. Contact immediately or face arrest." - **Official statement:** "The FIA does not send such messages to any individual through WhatsApp or email" ### Pattern: WhatsApp Account Hijacking via OTP Scam - **Source:** National CERT Pakistan advisory, LinkedIn, multiple sources - **Description:** Attacker poses as trusted contact or WhatsApp support, requests 6-digit verification code - **Methods:** Social engineering (OTP request), call forwarding exploits (USSD codes), phishing links - **Red flags:** Request for verification code, messages from "new number claiming to be friend" - **Official advisory:** National CERT issued detailed advisory (NCA-01.011226) --- ## 5. Courier & Customs Scams ### Pattern: Fake Delivery Notifications - **Source:** PTA Instagram/Facebook, Group-IB research - **Description:** SMS claiming package delivery failed, asking to click link to update address or pay fees - **Red flags:** Sender ID spoofing, urgency, requests for "handling fees" or "taxes" - **Example text:** "Your parcel could not be delivered. Update address: [link]" - **Technical detail:** Scammers use SMS gateway sender ID spoofing to merge with legitimate message threads ### Pattern: Fake Customs Duty Payment - **Source:** Facebook groups (Voice of Customer PK) - **Description:** Messages claiming customs duty must be paid before package release - **Red flags:** Links to payment portals, requests for advance payment ### Pattern: Parcel Content Replacement - **Source:** Facebook groups - **Description:** Riders from various courier companies allegedly replacing package contents - **Context:** Reported with Daraz, TCS, Pakistan Post, Daewoo, Leopards --- ## 6. E-Challan & Traffic Fine Scams ### Pattern: Fake E-Challan SMS - **Source:** Facebook (Cars of Pak), Reddit r/pakistan, multiple news sources - **Description:** SMS claiming traffic violation with link to pay fine online - **Red flags:** Links not from official PSCA (9915) or Safe City Authority, urgent payment requests - **Example text:** "Traffic police: Your vehicle has an overdue challan. Pay now: [link]" - **Official advisory:** PSCA e-challan messages come only from 9915; Islamabad Police warned about fake pop-ups ### Pattern: Motorway Phishing Pop-ups - **Source:** Instagram - **Description:** Fake pop-ups claiming unpaid motorway tolls/challans - **Red flags:** Pop-up format, requests for payment details --- ## 7. Utility Bill Scams ### Pattern: Electricity Disconnection Threat - **Source:** Connected Pakistan (Power Division warning), Facebook - **Description:** Messages claiming power will be disconnected in 30 minutes unless bill is paid immediately - **Red flags:** Extreme urgency, personal payment links, QR codes - **Example text:** "K-Electric Alert: Your electricity will be disconnected in 30 minutes. Pay now: [link]" - **Context:** Pakistan's Power Division issued warning after hackers reportedly created fake QR codes on bills ### Pattern: Fake Gas/Water Bill Links - **Source:** SNGC/LESCO advisories - **Description:** Messages with links to pay overdue utility bills - **Red flags:** Links to non-official domains, requests for immediate payment --- ## 8. Prize, Lottery & Refund Scams ### Pattern: Congratulations Winner Messages - **Source:** PTA Facebook, HBL Facebook, Soneri Bank Facebook - **Description:** Messages/calls claiming you've won a prize in a lottery you never entered - **Red flags:** You didn't enter any lottery, requests for "processing fees" or "taxes" - **Example text:** "Congratulations! You have won Rs. 500,000 in lucky draw. Send Rs. 2,000 processing fee to claim." ### Pattern: Fake Tax Refund - **Source:** FBR advisory - **Description:** Messages claiming FBR has a tax refund ready, need bank details to process - **Red flags:** FBR never asks for banking info via SMS ### Pattern: Fake Cashback/Reward - **Source:** Various bank advisories - **Description:** Messages offering cashback or rewards for clicking links - **Red flags:** Too-good-to-be-true offers, suspicious links --- ## 9. Job & Employment Scams ### Pattern: WhatsApp Job Offers (Daraz/company impersonation) - **Source:** LinkedIn, Facebook groups - **Description:** WhatsApp messages offering part-time jobs with daily earnings of Rs. 25,000-68,000 - **Red flags:** Unsolicited offers, requests to join Telegram groups, "add products to wishlist" tasks - **Example text:** "Congratulations! You have been selected for online employee position. Daily salary Rs. 25,000-68,000. Contact recruiter on WhatsApp." - **Modus operandi:** Start with small payments (Rs. 100 per task) to build trust, then ask for "investment" ### Pattern: Fake Overseas Job Ads - **Source:** ICMPD research - **Description:** Fraudulent job ads on Facebook/WhatsApp/Instagram for Gulf countries - **Red flags:** Requests for upfront fees, "car registration" or "insurance" charges - **Context:** Pakistan has 9M+ workers who migrated between 2011-2024 ### Pattern: Recruitment Scam (Lahore-based) - **Source:** LinkedIn - **Description:** Scammers create professional-looking fake job listings, conduct fake interviews - **Red flags:** Vague job details, pressure to complete "new hire paperwork" before meeting employer --- ## 10. University & Education Scams ### Pattern: Fake HEC Scholarship Announcements - **Source:** HEC Pakistan Facebook page - **Description:** Fake scholarship announcements asking for money to secure spots - **Red flags:** HEC warns that anyone demanding money for scholarships is fake/fraud ### Pattern: Fake University Admissions - **Source:** BBC News, Inside Higher Ed - **Description:** AI-generated fake university websites designed to steal money and personal data - **Context:** Axact scandal (2015) - Pakistan's largest fake degree operation --- ## 11. Account Blocking & Verification Scams ### Pattern: WhatsApp Account Blocking - **Source:** PTA Facebook, Express News - **Description:** Messages claiming WhatsApp account will be blocked on fake/inactive numbers - **Red flags:** Links to verify account, requests for personal information ### Pattern: NADRA/CNIC Verification - **Source:** Facebook (Aniqa Nisar) - **Description:** Calls claiming to be from NADRA/Army/FIA asking for OTP to "unblock" account - **Red flags:** "NADRA, Army, or FIA NEVER call you via WhatsApp" - **Example text:** "Your CNIC has been blocked. Share the OTP code to verify your identity." ### Pattern: SIM Blocking Threats - **Source:** PTA advisories - **Description:** Messages threatening SIM blockage unless action is taken - **Red flags:** PTA official channels don't send such messages --- ## 12. General Red Flags (Cross-Category) 1. **Urgency:** "Act now", "24 hours", "immediately", "or else..." 2. **Requests for personal info:** Bank details, CNIC, OTP codes, passwords 3. **Suspicious links:** Non-official domains, URL shorteners, misspelled domains 4. **Threats:** Account blocking, service disconnection, legal action 5. **Too-good-to-be-true:** Prizes, refunds, job offers with high pay 6. **Sender mismatch:** Messages from personal numbers claiming to be organizations 7. **Grammar/spelling errors:** Common in phishing messages 8. **Requests to call unknown numbers:** Especially mobile numbers for "official" matters 9. **Requests to transfer money:** "Return" mistaken transfers, pay "fees" to claim prizes 10. **Pressure to bypass security:** "Ignore warnings", "don't tell anyone" --- ## Official Reporting Channels | Organization | Channel | Contact | |---|---|---| | PTA | Complaint portal | complaints.pta.gov.pk | | FIA/NCCIA | Cyber crime helpline | 1991 | | SBP | Banking complaints | 021-111-727-727 | | FBR | Tax fraud | fbr.gov.pk | | National CERT | pkcert.gov.pk | pkcert.gov.pk | --- ## Sources Used 1. FBR Official Website - Beware of Fraudulent SMS advisory 2. PTA Facebook/Instagram - Multiple scam warnings 3. HBL Facebook - Fake Reward Point Scam warning 4. Meezan Bank Facebook - Impersonation fraud warning 5. UBL Facebook - Prize scam awareness 6. Dawn.com - FIA warns against fake messages 7. Reddit r/pakistan - FBR SMS, e-challan scam discussions 8. Reddit r/PakistaniTech - Easypaisa/JazzCash scam reports 9. National CERT Pakistan - WhatsApp hijacking advisory (NCA-01.011226) 10. Connected Pakistan - Power Division warning about QR codes 11. Facebook groups (Voice of Customer PK) - Courier scam reports 12. Cars of Pak Facebook - E-challan scam alert 13. LinkedIn - Job scam reports, WhatsApp hacking analysis 14. Group-IB - Fake shipment tracking scam research 15. ICMPD - Fake job ads research 16. HEC Pakistan Facebook - Fake scholarship warnings 17. BBC News - Axact fake degree scandal 18. Soneri Bank Facebook - Lottery scam warning 19. CyberPeace - E-challan scam advisory 20. FBR Facebook - Fake invoices/receipts warning --- ## Notes on Data Privacy - All examples in the dataset are anonymized - Phone numbers, CNIC numbers, account numbers, addresses are masked - No personal data from private individuals is stored - Examples are recreated based on public patterns, not copied verbatim from private messages - Source URLs are included only for public advisories and official pages --- ## Publicly Available Scam Advisory Images These images are from official advisories and are publicly shared for awareness purposes. They have been downloaded to `sample_inputs/` for reference. ### E-Challan Scam Advisory (Associated Press of Pakistan) - **Source:** APP.com.pk - CTO Islamabad advisory (Sep 2025) - **Image 1:** `sample_inputs/echallan_scam_advisory_app.jpeg` - URL: https://www.app.com.pk/wp-content/uploads/2025/09/7c3a2991-d26f-4d2f-bc26-cc69b1707237.jpeg - **Image 2:** `sample_inputs/echallan_scam_advisory_detail.jpeg` - URL: https://www.app.com.pk/wp-content/uploads/2025/09/ce896b99-e57d-419d-814c-c022ddadb1ea.jpeg ### Pakistan Post Fake SMS (Resecurity Research) - **Source:** Resecurity - Smishing Triad targeting Pakistan - **Image 1:** `sample_inputs/pakistan_post_fake_sms_resecurity.jpeg` - URL: https://www.resecurity.com/uploads/post/331/a900a7a910364a6ba3a9a15524e32886.jpeg - Description: Fake SMS claiming package cannot be delivered due to incorrect address - **Image 2:** `sample_inputs/pakistan_post_fake_sms_2_resecurity.png` - URL: https://www.resecurity.com/uploads/post/331/4ef4601adbde0a5ec50e4453a3ac0df5.png - Description: Fake Pakistan Post SMS with suspicious link ### Additional Public Image References (Not Downloaded - For Reference Only) #### E-Challan Scam Images (Instagram/Facebook) - PSCA Official Warning: https://www.instagram.com/reel/DV0dOC7ADYf - Description: Official PSCA warning about fake e-challan SMS from non-9915 numbers - Punjab Safe Cities: https://www.facebook.com/punjabsafecities/posts/1146666947636867 - Description: E-challan scam alert with example messages #### Bank Scam Images (Facebook) - HBL Fake Reward Points: https://www.facebook.com/HBLBank/posts/1300972745547014 - Description: HBL warning about fake reward point SMS scams - Meezan Bank Impersonation: https://www.facebook.com/MeezanBank/posts/1404461508375967 - Description: Warning about fraudsters impersonating Meezan Bank #### Courier Scam Images (NCERT Advisory) - NCERT Advisory PDF: https://pkcert.gov.pk/advisory/24-11.pdf - Description: Contains examples of fake Pakistan Post SMS and counterfeit websites - TCS Scam Alert: https://www.facebook.com/tcscouriers/posts/1146049587565703 - Description: TCS warning about fake SMS and WhatsApp messages #### PTA Advisories - PTA Phishing Warning: https://www.facebook.com/PTAOfficialPK/posts/1306871771606204 - Description: PTA warning about phishing scams - PTA Fake Courier Warning: https://www.pta.gov.pk/category/beware-of-fake-courier-messages-1528511679-2025-07-28 - Description: Official PTA advisory about fake courier messages #### WhatsApp Hijacking (National CERT) - CERT Advisory: https://pkcert.gov.pk/advisory/26/1.pdf - Description: Detailed advisory on WhatsApp account hijacking methods including OTP scams, call forwarding exploits, and phishing links ### Image Dataset (Updated) The `data/examples.jsonl` file now contains 27 image-based examples with the following structure: - `image`: Path to the screenshot in `sample_inputs/` - `category`: traffic_challan, courier, FBR, bank, wallet, unknown - `risk_label`: Likely scam, Suspicious, Verify first, Looks normal - `source_type`: reddit, official_advisory, other - `source_url`: Public URL where the image was found - `description`: What the screenshot shows - `red_flags`: Array of warning signs visible in the image ### Image Categories in Dataset - **E-Challan Scams (3 images)**: Fake traffic fine SMS from non-9915 numbers - **Courier Scams (18 images)**: Pakistan Post, TCS, Leopards fake delivery SMS - **Bank Scams (3 images)**: HBL, generic bank fraud alerts - **FBR Tax Scams (2 images)**: Fake tax refund messages - **WhatsApp Scams (1 image)**: Verification code request scam ### Image Usage Notes - All downloaded images are from official government advisories, security research reports, and public Reddit/social media posts - These are shared publicly for awareness and educational purposes - No private or personal data is included in these images - Images show real scam patterns that Pakistani citizens encounter daily - For the hackathon app, use these as training data for scam detection