
Alert: Cybercriminals Posing as Fake Police Commissioners Targeting Pakistani Citizens
Cybercriminals are targeting citizens by impersonating the Office of Commissioner Police Department through fraudulent emails, falsely accusing recipients of cybercrime offenses.
The National Computer Emergency Response Team (CERT) has issued a warning about this phishing campaign, which aims to instill fear and manipulate individuals into revealing personal and financial information. The advisory highlights several red flags, indicating that the attack is part of a broader social engineering scam.
Key Points:
-
The fraudulent emails pressure recipients to respond within 24 hours by threatening legal action, arrest, media exposure, and blacklisting.
-
National CERT identified major inconsistencies in the emails, such as the non-existence of a “Commissioner Police Department” in Pakistan.
-
The emails cite Indian laws, which do not apply to Pakistan, and use a fake domain (officereportcrime.org) instead of an official .gov.pk address.
-
The scam falsely claims affiliation with the National Highway & Motorway Police, an agency that does not handle cybercrime cases.
Risks Associated with the Scam:
-
Identity theft
-
Financial fraud
-
Credential theft
-
Data breaches
Victims who respond may unknowingly provide sensitive information that cybercriminals can exploit. Attackers use intimidation and urgency to manipulate recipients, increasing the likelihood of fraudulent success. The scam also poses a risk to organizations, as compromised employee accounts could expose entire corporate networks to cyberattacks.
Recommendations from National CERT:
-
Do not respond to suspicious emails.
-
Verify sender authenticity.
-
Enable multi-factor authentication (MFA).
-
Report phishing attempts to authorities.
-
Conduct security awareness training.
-
Implement email security protocols.
-
Deploy advanced threat detection measures.
-
Monitor network traffic for anomalies.
-
Maintain an incident response plan.
The advisory calls for long-term measures, including regular cybersecurity audits, public awareness campaigns, and updates to policies combating phishing scams. Strengthening legal frameworks and adopting a zero-trust security approach could help mitigate future threats. National CERT urges individuals and organizations to remain vigilant, report suspicious activity, and take proactive measures to safeguard against phishing attacks.
Image by CyberHoot