| “I |
couldn’t believe it. My WhatsApp account had been hacked. For 24 hours, I fought to regain access with the help of a tech-savvy friend,” recalled Muhammad Hussain (name changed), a professor at a leading university in Karachi. “During that time, my contacts began receiving frantic messages, supposedly from me, claiming that I was in trouble and needed money urgently.”
Within hours, Hussain’s phone was flooded with calls and messages, not only from colleagues in Pakistan but also from friends abroad. “One of my friends in the United States, trusting the message, transferred a couple of thousand dollars to the number the fraudster provided,” he said. “That’s hundreds of thousands of rupees, gone.”
Despite frequent public warnings, Hussain’s story shows how even educated, tech-aware individuals can fall prey to digital impersonation scams that exploit trust and urgency to steal money within minutes.
Taking over someone’s hatsApp account is one of the most common types of hacking. Scammers use phishing or social engineering to get victims to give them their six-digit verification codes. Once they get in, they can read chats, see contact lists and pretend to be the victim to ask friends and family for ‘emergency’ money. The trick works mostly because the messages come from a trusted number.
Some scammers go further, making up stories about kidnapping, medical emergency or accidents abroad. These scams often happen late at night or to weak relatives such as elderly parents, when people are too scared to think straight.
People often get panicked messages or calls saying that a family member is in trouble or that the caller is a police or bank officer who needs to take action right away. The strategies are easy to understand, but they have a big effect on people’s emotions and finances.
A banker narrates such an incident involving his close relatives. He said, “My relative from Diplo, Tharparkar, recently fell for a smart-phone scam.” Someone pretending to be a close relative from Karachi called him for help. He said that “his wife had gotten sick all of a sudden while they were driving to the village. The caller needed Rs 20,000 right away for her medical care.”
The Diplo resident sent the money to the number given without thinking twice. He called the family member in Karachi hours later because he was worried about the woman’s health. The answer shocked him. The relative said that his wife was okay and they were not going anywhere.
”The Karachi relative was also shocked when he heard about the earlier call and money transfer,” the banker said. “He wanted to know why no one thought to look into the situation before sending the money.”
The event shows how scammers trick people who live in rural areas by playing on their emotions and trust in their families.
Impersonation scams, where criminals pretend to be friends, family, bank staff or officials, have become a constant threat in Pakistan. Fraudsters use people’s feelings, trust and holes in digital security to get money, data or remote access to devices.
On September 10, the National Cyber Crime Investigation Agency told the Senate Standing Committee on Information that out of the 1,214 cybercrime cases reported this year, 611 were about online financial fraud, 320 were about harassment, 174 were about promoting hate speech, 55 were about defamation and 19 about illegal SIMs.
Impersonation scams, where criminals pretend to be friends, family, bank staff or officials, have become a constant threat. Fraudsters use people’s feelings, trust and holes in digital security.
In one case, the NCCIA investigators found sic people in Dunyapur, Multan, running a network of fake Facebook and WhatsApp accounts. They pretended to be trusted contacts to ask for money, which they then laundered through mobile wallets like JazzCash and Easypaisa. Fake chat logs and transaction records were found on the seized phones.
The Federal Investigation Agency’s National Response Centre for Cyber Crimes (NR3C) is in charge of the fight against cyber fraud, along with the newly formed NCCIA. The Cyber Alert Service sends users SMS tips to help them avoid scams, and the Pakistan Telecommunication Authority lets people report fake calls and SMS. The Digital Rights Foundation, a local NGO, also runs a helpline for people who have been victims of impersonation and harassment.
The DRF says between January and September 2025 its Digital Security Helpline got 45 calls about impersonation and 357 calls about hacking, financial fraud and impersonation on WhatsApp.
Nighat Dad, the DRF executive director, told TNS that fraud using WhatsApp has been on the rise for several years. She said 656 cases reported in 2024. The trend has continued into 2025.
“Online financial scams target everyone—young, old; men and women. Most of them start as WhatsApp hacking, which has seen several evolutions of social engineering, and move on to exploiting for money,” said Dad.
Other financial scams may use loan apps, which are slowly making a resurgence; fake kidnapping scams; impersonation of law enforcement; or scam online businesses, including matchmaking services, she added.
Another widespread scam involves fraudsters posing as officials from the Pakistan Telecommunication Authority or banks. These calls often use sophisticated “soft SIM” technology that allows scammers to display any number they choose on the recipient’s phone, including legitimate bank UAN numbers or help lines.
The State Bank of Pakistan has repeatedly cautioned the public about online banking fraud, urging customers to stay alert during digital transactions. Individual banks have enhanced their systems to prevent cyber attacks and safeguard user data. The financial payments via commercial banks’ applications have been made safer by introducing two-way factor authentication, which includes receiving codes via SMS or email and thumb biometrics.
“We have implemented multiple layers of ecurity checks and firewalls,” said a cyber security expert at the National Bank of Pakistan. “Our priority is ensuring that customers can use mobile apps and ATM cards without fear of fraud,” he added.
He said that biometric verification is now mandatory for app users. A two-hour “cooling-off” period is enforced before full access is granted after registration, a safeguard against unauthorised access.
Experts warn that as Pakistan’s digital banking landscape grows, regulators and financial institutions must remain a step ahead of cybercriminals who continuously refine their tactics.
“Most of the financial fraud victims do not report the loos as they lack awareness and, above all, confidence in law enforcement institutions,” said Jibran Sarfraz, a financial analyst at a brokerage house in Karachi. Nighat Dad too said that the inconvenient complaint process, including the requirement for physical presence, ends up discouraging many potential complainants.
Another effective institution is Banking Mohtasib (Ombudsman) Pakistan, which receives financial fraud complaints directly from customers via post, email, and walk-in at both our Secretariat and regional offices at Karachi, Lahore, Multan, Peshawar, Rawalpindi, Quetta, Faisalabad and Muzaffarabad.
According to the Banking Mohtasib’s latest report, during the year 2024, it held a record number of hearings, totalling 1530, compared to 760 hearings in 2023.
The author is a senior journalist currently working as a development communication professional in Karachi.