Pareesa Afreen 
Dec 31, 2025
For many Pakistanis, 2025 was the year cybercrime stopped feeling distant. A message from a bank representative, a link forwarded on WhatsApp, or a sudden request for money from a known contact was enough to put people at risk. By the end of the year, such stories had become common, cutting across age, profession, and location.
Pakistan has reported more than 142,000 online fraud grievances in 2025, which is the maximum in a year.
The figures, compiled from law enforcement agencies for cyber crimes, indicate a dramatic rise relative to the past, which may be accounted for by the growing use of cyber crimes, together with increased awareness of the reporting processes by the public.
However, this volume of complaints did not translate into equal measures of legal follow-through. According to government reports, from a total of over 142,000 complaints, only 26,036 inquiries were made, 1,955 filled, and only 31 convictions were secured across Pakistan in 2025.
The gap between complaints and convictions is an indication of significant institutional and process issues in Pakistan's cybercrime enforcement infrastructure.
Financial fraud: The most common type of cybercrime
Financial fraud was the major type of cyberspace crime that continued in 2025, in which cases, people have lost rupees from a few thousand to millions in minutes.
In Profit by Pakistan Today, there was an increase of 35% in cases of cybercrime in 2025, and online financial scams account for the largest number of cases.
These scams usually included:
- Fake investment plans involving instant profits
- Fraudulent online stores advertising discounted products
- Impersonation of bank employees or customer service representatives
- Phishing communications for harvesting OTPs and PINs
- Digital arrest by impersonating police officers
Mobile wallets and branchless banking platforms became prime targets as Pakistan pushed for financial inclusion. While millions of users adopted digital payments for the first time, many lacked the awareness needed to identify fraudulent links or social engineering tactics.
WhatsApp hacking and account takeovers
One of the most disconcerting trends of 2025 is the increase in WhatsApp account hacks. The hack is often just the starting point of other fraud.
The takeovers of WhatsApp accounts were among the most commonly reported cases of cybercrime, with the one-time passwords traded unsuspectedly by users being the technique leveraged by offenders.
After gaining entry, the hackers deceived victims by:
- Borrow money from friends and relatives
- Share malicious links
- Blackmail recipients by accessing private chats and media.
The simplicity of these hacks proved the ease with which a failure of basic digital hygiene had precipitated much of the recent spike in cybercrime.
Millions of cyber attacks on Pakistani systems
In addition to personal grievances, Pakistan was also hit by an unprecedented number of cyber-attacks. This was directed at personal devices, business networks, and governmental networks.
According to Kaspersky, more than 5.3 million cyber attacks have been recorded on Pakistani computer systems within the initial nine months of 2025.
These attacks were:
- Malware infection
- Ransomware attacks
- Spyware & data stealing trojan
- Phishing attacks and fake Wi-Fi attacks
In Pakistan, it was reported that around 27% of individual customers and 24% of business customers were affected by the attack, making it one of the most targeted nations in this region.
Experts had indicated that using outdated software, counterfeit operating systems, and the absence of enterprise-level security had made Pakistani users more vulnerable.
Social media scams, honey traps, and online extortion
The cybercrime cases in 2025 are not only about direct monetary loss. There is increasing psychological manipulation that takes place, particularly with the use of platforms such as Facebook, Instagram, WhatsApp, or Telegram
According to Photo News, law enforcement agencies recorded a high number of cases involving honey trap frauds, extortion through the internet, and job scams.
In most cases, victims were enticed into conversations via false profiles, persuaded to send personal photos, and then blackmailed for financial gain. In other cases, victims were threatened via video call scams or doctored content that implied damage to their reputation.
Though many people were affected, social rights organisations were quick to note that women were especially at risk fortaşımak istemiyorum stigma and thus harder to report.
Massive data leaks and sales of personal information
One of the most shocking revelations of 2025 was related to large-scale breaches of data and the sale of personal details of Pakistani citizens on the internet.
Sensitive information regarding more than 184 million records, including CNIC numbers, phone numbers, as well as bank details, was found on social media platforms as well as dark web sites.
This is because the magnitude of the leak is enough for the authorities to set up an investigation team, although they have not revealed the source of the leak yet. Experts pointed out that leaks of this sort make it possible to conduct fraud and identity theft crimes even years later.
Major cities continued to record the largest number of cybercrime cases, which is evidence of high internet usage across the cities.
According to reports, more than 29,000 cases of cybercrime were registered in Karachi alone in 2025. Financial fraud, harassment, and identity theft headed the list.
Nevertheless, a significant increase in complaints has recently been observed from smaller cities and semi-urban areas, establishing the fact that cybercrime is not limited to city-based Internet users alone.
During 2025, with an increase in cybercrime-related cases, Pakistan's regulation and law enforcement agencies have gradually started to emphasise prevention and awareness, recognising that mere enforcement is not effective in curbing cyber fraud and exploitation on the internet.
The rise in phishing scams, WhatsApp hacking, and online fraud led the Pakistan Telecommunication Authority (PTA) to issue a number of public warnings about misinformation and deceptive practices online.
PTA cautioned Pakistani WhatsApp users about phishing links that have been circulating with official alerts and advised them to refrain from trusting any suspicious links and sharing verification code information.
Likewise, as cases of fraud related to finances intensified, PTA warned people about fraudsters who posed as representatives of banking or courier companies, as well as the government.
The PTA warned the public against giving out one-time passwords, CNIC numbers, or login credentials and emphasised that authentic institutions do not ask for them through voice or text calls.
These advisories directly addressed the most common scam tactics reported in 2025: social engineering, impersonation, and OTP-based fraud.
While the FIA and the National Cyber Crime Investigation Agency (NCCIA) continued investigations, they also raised awareness and amplified calls on reporting cybercrime incidents in time.
Victim officials further urged victims to report incidents through the official complaint portal against cybercrime and not try to make any private settlements or even remain silent out of fear or embarrassment.
FIA officials also warned that delays in reporting often reduce the chances of recovering the stolen money or tracing digital footprints in cases involving online financial fraud and hacked accounts.
Beyond advisories, PTA took technical action to reduce the spread of scams and other digital harm.
Chairman PTA informed that during 2025, more than 1.5 million URLs pertaining to fraud, impersonation, defamation, and other unlawful activities were blocked as part of continuous monitoring.
These blocks were put in place to limit public exposure to scam sites, fake investment portals, and phishing pages masquerading as legitimate platforms.
Moreover, the PTA took action against those platforms which were selling personal data of individuals illegally.
According to The News International, it blocked upwards of 1,300 websites and digital platforms accused of selling or sharing subscriber information unlawfully.
How to stay safe online and to avoid cybercrime?
As cybercrime cases surged across Pakistan in 2025, regulators and investigators repeatedly stressed that most scams succeed because of basic lapses in digital safety. Based on advisories issued by authorities and patterns seen in reported cases, experts say a few precautionary steps can significantly reduce risk.
Scammers often pretend to be representatives of banks, courier companies, or even government agencies in order to get one-time passwords. Nobody asks for one-time passwords through calls, texts, or social media from legit institutions.
Phishing links would always feature among the most popular tools utilised within financial scams. Refrain from clicking on links that are sent by unsolicited messages, no matter how safe the site may seem.
Turning on Two-Step Verification on WhatsApp, email providers, banking applications, and social networks can provide an additional level of security and can actually protect your account from takeover, even if your password is stolen.
Many scams involve a feeling of urgency in relation to a compromised contact who might need assistance. It is always worth checking such a request before sending out money.
Offering promising fast returns, work-from-home opportunities requiring initial investments, or guaranteed profits are some of the warning signs of a money scam. Legitimate employers and investment sites never request registration fees and copies of personal papers.
Oversharing information like phone numbers, work-related details, or family ties can help scammers develop more believable impersonation attacks.
Victims or potential victims should immediately lodge complaints via the government cybercrime complaint portal sites. This will improve the likelihood of tracking cybercrime trails.
The use of old software and illegally installed operating systems is an open invitation to malware and spyware. Updating software regularly fixes security vulnerabilities.
