A sophisticated cyber scam has emerged in Pakistan, with fraudsters impersonating the Office of Commissioner Police Department to deceive citizens into revealing personal and financial information. The National Computer Emergency Response Team (CERT) has issued an urgent advisory, warning that these phishing emails falsely accuse recipients of cybercrime offenses, using intimidation tactics to manipulate victims into compliance.
The scam operates by sending fraudulent emails that pressure recipients to respond within 24 hours under the threat of legal action, arrest, media exposure, and blacklisting. The attackers use fear as a weapon, exploiting social engineering techniques to force people into making rushed decisions. However, CERT has identified multiple inconsistencies in these emails, exposing the deception behind the scheme.
One of the most glaring red flags is that no “Commissioner Police Department” exists in Pakistan. The scammers also reference Indian cyber laws, such as the POCSO Act 2012 and Sections 67A and 67B of the IT Act—legislation that holds no jurisdiction in Pakistan. Additionally, the emails are sent from a fake domain, officereportcrime.org, rather than an official .gov.pk email address. Another major discrepancy is the fraudulent claim that the National Highway & Motorway Police are involved in cybercrime investigations, which is entirely false.
CERT has outlined the risks posed by this phishing campaign, including identity theft, financial fraud, credential theft, and data breaches. Victims who respond may unknowingly provide sensitive details that cybercriminals can exploit for further scams or unauthorized access to bank accounts. Beyond individual targets, this scam also poses a significant risk to businesses. If an employee falls victim and their account is compromised, attackers could gain access to corporate networks, leading to widespread data breaches or financial losses.
To counter the threat, CERT has issued several security recommendations. Individuals are advised never to respond to suspicious emails, verify sender authenticity, enable multi-factor authentication (MFA), and report phishing attempts to the relevant authorities. Organizations, in particular, have been urged to implement stricter cybersecurity measures, including security awareness training, robust email security protocols, and advanced threat detection systems. Monitoring network traffic for anomalies and having an incident response plan in place are also crucial in minimizing the risk of such cyber fraud.
Beyond immediate countermeasures, CERT emphasizes the need for long-term strategies to combat phishing scams. These include regular cybersecurity audits, nationwide awareness campaigns, and updates to policies that strengthen protections against online fraud. CERT has also stressed the importance of enhancing legal frameworks to ensure stricter enforcement against cybercriminals. Adopting a zero-trust security model, which verifies every user and device before granting access to sensitive systems, could further reduce the risk of cyber threats.
As phishing scams become increasingly sophisticated, both individuals and organizations must remain vigilant. CERT urges the public to be cautious of any email that demands immediate action, especially those claiming to be from law enforcement agencies. Staying informed, practicing cybersecurity hygiene, and reporting suspicious activity can help prevent financial loss and protect Pakistan’s digital ecosystem from growing cyber threats.
