Cybercriminals are deceiving citizens by impersonating the Office of Commissioner Police Department through fraudulent emails, falsely accusing recipients of cybercrime offenses.
CERT Warns Against Phishing Campaign
The National Computer Emergency Response Team (CERT) has issued a warning about a phishing campaign designed to instill fear and manipulate individuals into revealing personal and financial information. The advisory highlights multiple red flags, indicating that the attack is part of a widespread social engineering scam.
READ MORE: Pakistan’s Current Account Turns Deficit of $420 Million in January 2025
How the Scam Works
The fraudulent emails pressure recipients to respond within 24 hours, using threats of:
- Legal action
- Arrest
- Media exposure
- Blacklisting
Major Inconsistencies Identified
National CERT identified several inconsistencies in these emails, exposing them as fraudulent:
- No “Commissioner Police Department” exists in Pakistan.
- The emails cite Indian laws, including the POCSO Act 2012 and Sections 67A & 67B of the IT Act, which do not apply in Pakistan.
- The scam uses a fake domain (officereportcrime.org) instead of an official .gov.pk address.
- The emails falsely claim affiliation with the National Highway & Motorway Police, an agency that does not handle cybercrime cases.
Key Risks of the Scam
CERT warns that the phishing campaign poses severe risks, including:
✅ Identity Theft – Stolen personal data may be misused.
✅ Financial Fraud – Victims may be tricked into making payments.
✅ Credential Theft – Cybercriminals may gain access to sensitive accounts.
✅ Data Breaches – Organizations may suffer network intrusions if employee accounts are compromised.
How to Protect Yourself
To counter the phishing threat, CERT advises:
🔹 Do not respond to suspicious emails.
🔹 Verify sender authenticity before taking any action.
🔹 Enable Multi-Factor Authentication (MFA) for added security.
🔹 Report phishing attempts to the relevant authorities.
Organizations are also urged to:
- Conduct security awareness training for employees.
- Implement email security protocols.
- Deploy advanced threat detection measures.
- Monitor network traffic for anomalies.
- Maintain an incident response plan.
Long-Term Measures for Cybersecurity
CERT emphasizes the need for:
🔸 Regular cybersecurity audits
🔸 Public awareness campaigns
🔸 Stronger policies against phishing scams
🔸 Legal frameworks to combat cyber fraud
🔸 A zero-trust security approach
CERT urges both individuals and organizations to stay vigilant, report suspicious activity, and take proactive steps to safeguard against phishing attacks.
