Indian Spy Network Stealing Pakistani Data Through Fake Job Offers, PTA Issues Alert

The Pakistan Telecommunication Authority (PTA) has issued a serious warning about fraudulent job offers allegedly linked to Indian entities. These schemes are being used to deceive unsuspecting Pakistanis and obtain sensitive personal and institutional information — posing a potential threat to national security.

How the Scheme Works

According to PTA sources, the campaigns typically start with fake job listings posted on LinkedIn, regional websites, or social media platforms. Applicants — especially young professionals, freelancers, and those seeking overseas employment — are invited to join “recruitment hubs” on WhatsApp or Telegram.

Once inside, victims are often asked to share selfies, identification documents, location data, and even operational details of their workplaces. Some have also been blackmailed into paying extortion amounts ranging between PKR 1 million and 1.5 million to avoid exposure.

Fraudsters often impersonate HR personnel, sending messages about interviews, onboarding, or remote work assessments. In some cases, applicants are told to download “assessment” applications that secretly extract data. Reports suggest that the stolen information targets critical infrastructure, telecom networks, and institutional employees.

National and Diplomatic Alerts

In the summer of 2025, Pakistan’s National Computer Emergency Response Team (CERT) warned of similar fraudulent job schemes. The alert specifically advised youth and freelance workers to avoid unverified recruitment groups that later demand extortion payments.

Authorities also reported that spy agencies based in Israel had previously targeted Pakistani youth through Google ads offering high-paying jobs — a tactic now allegedly being used by Indian-linked groups through messaging apps.

The threat has extended beyond Pakistan’s borders. In May 2025, the Pakistani Embassy in the UAE cautioned citizens about fake overseas job offers, particularly those advertising lucrative positions abroad. This indicated that diaspora communities are also being targeted.

Earlier, in April 2025, the PTA had blocked 604 URLs connected to similar fraudulent operations, underscoring that these activities are part of an ongoing and persistent cyber threat landscape.

Attribution and Evidence

While several media outlets have described the campaign as being operated by “Indian websites or agencies,” no definitive indicators of compromise (IOCs) or forensic evidence have been publicly released as of October 7 to confirm these claims.

Cybersecurity experts have urged caution, emphasizing the distinction between media-based attribution and attribution supported by verified technical evidence. The investigation into the matter remains ongoing.

Practical Guidance and Reporting

The PTA advises victims and witnesses to report any related incidents to Pakistan’s Federal Investigation Agency (FIA) and its National Response Center for Cyber Crime. Complaints can be filed through the Cyber Alert Service portal, while the FIA continues to run awareness programs through mainstream and digital media.

Safety tips to avoid job scams:

• Be cautious of unsolicited job offers promising unusually high salaries.

• Never share sensitive ID information or workplace details prematurely.

• Avoid joining Telegram or WhatsApp recruitment groups unless the employer is verified.

• Report any suspicious recruiters or advertisements immediately to the PTA.

Global Context

Such deceptive practices are not limited to Pakistan. According to the U.S. Federal Trade Commission (FTC), American victims lost more than $450 million in 2024 due to fake job offer scams. These schemes exploit trust within professional networks and take advantage of hybrid or remote work models.

Unlike traditional cyberattacks, these campaigns focus on human manipulation rather than malware deployment. When personal data such as IDs, locations, and workplace details are exposed, the risks of espionage, blackmail, and threats to national infrastructure increase significantly.

The cross-border and diaspora-focused nature of these schemes makes regulatory action difficult. Experts stress that without robust public awareness, quick reporting mechanisms, and structural cybersecurity measures, such fraudulent networks are likely to continue evolving.

Read More: How Marketers Are Using AI in 2025: Latest Insights