International institute of digital forensic science and technology

28/04/2026

*Investment & Crypto Fraud on Facebook*

This is one of the fastest-growing cybercrimes in Pakistan. Scammers use fake ads, pages, and “success stories” to promise high returns, then disappear with investors’ money.

What is Investment / Crypto Fraud?

A scam where criminals:

* Promote fake investment opportunities
* Promise guaranteed or very high returns
* Collect money via bank, mobile wallets, or crypto
* Either disappear or keep asking for more deposits

Common platforms:

* Facebook
* WhatsApp groups
* Fake websites / apps

How the Scam Works (Step-by-Step)

1. Attraction (Fake Ads)

* Sponsored Facebook ads:
* “Earn Rs. 50,000 daily”
* “Invest Rs. 10,000 → Get Rs. 1 lakh in 7 days”

2. Lead Capture

* Victim clicks ad → joins WhatsApp/Telegram group
* “Investment manager” contacts victim

3. Trust Building

* Fake dashboards showing profits
* Screenshots of “other investors earning”
* Small initial profit given to build trust

4. Investment Phase

* Victim deposits money:
* Bank transfer
* Easypaisa / JazzCash
* Crypto wallets

5. Manipulation

* “Invest more to withdraw”
* “Pay tax / withdrawal fee”

6. Exit Scam

* Account blocked
* Website/app disappears

REAL CASE STUDY 1 (Pakistan Online Investment Scam)

Scenario: Facebook Investment Ad → Massive Fraud

What Happened:

* Victims saw Facebook ads promising daily profit
* Joined WhatsApp group
* Admin claimed to be “certified trader”

Fraud Pattern

* Initial deposit: Rs. 10,000–50,000
* Fake profit shown in app
* Asked to invest more

Total fraud (group): Millions of rupees

Investigation Steps

Step 1: Complaint

Filed with
National Cybercrime Investigation Agency
Helpline: 1799

Step 2: Evidence Collection

* Facebook ad screenshots
* Chat logs (WhatsApp groups)
* Transaction receipts

Step 3: Platform Analysis

* Fake pages identified
* Multiple ads linked to same network

Step 4: Financial Tracking

* Bank accounts traced
* Money moved to multiple accounts (layering)

Step 5: Digital Tracing

* IP logs requested from
Meta Platforms
* Devices linked to suspects

Step 6: Arrest

* Local agents (money handlers) arrested
* Mastermind often operating remotely

REAL CASE STUDY 2 (Crypto Investment Scam Pakistan)

Scenario: “Double Your Bitcoin” Fraud

What Happened:

* Victim approached via Facebook
* Offered crypto investment plan

Fraud Pattern

* Victim transferred crypto to wallet
* Website showed fake profits
* Asked for “withdrawal fee”

Total Loss: $5,000+ (PKR equivalent)

Investigation Steps

1. Wallet Analysis

* Blockchain tracing of crypto wallet

2. Exchange Coordination

* Contact crypto exchanges
* Identify linked accounts

3. KYC Data Collection

* Identify suspect through exchange records

4. Cross-Border Link

* Many wallets linked internationally

REAL CASE STUDY 3 (Ponzi Scheme – Pakistan)

Scenario: Fake Investment Company

What Happened:

* Company promoted on Facebook
* Claimed:
* “Halal investment”
* “Guaranteed monthly profit”

Fraud Model

* Early investors paid using new investors’ money
* Classic Ponzi scheme

Collapse → thousands affected

Investigation Steps

* Company records checked
* Bank accounts frozen
* Directors arrested
* Financial audit conducted

Red Flags (Very Important)

* Guaranteed profits (“no risk”)
* High returns in short time
* Pressure to invest quickly
* Fake testimonials
* No registered company details
* Asking for withdrawal fees

How to Protect Yourself

* Verify company registration
* ⁠Check with SECP (Pakistan regulator)
* ⁠Never trust “guaranteed profit”
* ⁠Avoid sending crypto to unknown wallets
* ⁠Don’t invest via social media ads

Legal Framework

Handled under:

* Prevention of Electronic Crimes Act 2016

Investigated by:

* National Cybercrime Investigation Agency

Professional Insight (For Your Training)

These scams succeed because:

* People are attracted to quick money
* Social proof (fake success stories)
* Lack of financial awareness

In Pakistan:

* Most fraud money flows through:
* Mobile wallets
* Bank accounts
* Crypto adds anonymity layer

Powerful Awareness Line (For Poster)

“If profit is guaranteed, fraud is guaranteed.”

27/04/2026

*Romance Scams on Facebook Complete Guide*

Romance scams are among the most psychologically powerful cybercrimes. The criminal doesn’t hack systems first they hack emotions.

*What is a Romance Scam?*

A scammer creates a fake identity (often attractive, professional, or foreign) and builds an emotional relationship with the victim. After gaining trust, they ask for money, gifts, or financial help.

How Romance Scams Work (Step-by-Step)

1. Fake Identity Creation

* Uses stolen photos (often military officers, doctors, engineers)
* Claims to be:
* US/UK army officer
* Oil engineer
* UN worker

2. Target Selection

* Targets:
* Women / widows
* Overseas Pakistanis
* Lonely individuals

3. Relationship Building

* Daily chatting (morning/night messages)
* Emotional bonding:
* “I love you”
* “I want to marry you”

4. Trust Reinforcement

* Sends fake:
* Passport
* ID cards
* Pictures
* Avoids video calls

5. Crisis Creation (Key Stage)

Common excuses:

* “I’m stuck at airport”
* “Customs stopped my gift”
* “Medical emergency”
* “Need visa or ticket money”

6. Money Extraction

* Requests payment via:
* Easypaisa / JazzCash
* Bank transfer
* Cryptocurrency

7. Disappearance

* After receiving money:
* Blocks victim
* Or continues asking for more

REAL CASE STUDY 1 (Pakistan Pattern)

Scenario: “Foreign Army Officer” Scam

Victim: Woman in Lahore
Platform: Facebook

What Happened:

* Victim contacted by “US Army Officer”
* Daily chats → emotional attachment
* Promise of marriage

After 2 months:

Scammer said:

“I am sending you a gift parcel worth $50,000”

Then:

* Fake “custom officer” called victim
* Asked for:
* PKR 150,000 clearance fee
* PKR 80,000 tax

Total Loss: ~PKR 400,000

Investigation Steps

Step 1: Complaint

Reported to
National Cybercrime Investigation Agency
Helpline: 1799

Step 2: Evidence Collection

* Chat screenshots
* Fake IDs shared by scammer
* Payment receipts

Step 3: OSINT Analysis

* Reverse image search → stolen photos
* Same images used globally

Step 4: Financial Tracking

* Easypaisa accounts traced
* Linked to local “money mule”

Step 5: SIM & Device Tracking

* Pakistani numbers used by fake “custom officer”
* SIM registered on fake/third-party CNIC

Step 6: Arrest

* Local facilitator arrested
* Main scammer often operating internationally

REAL CASE STUDY 2 (Karachi – Gift Scam)

Scenario:

* Victim befriended by “UK engineer”
* Scammer claimed to send expensive gifts

Fraud Process:

* Victim received fake courier message
* Asked to pay:
* Delivery charges
* Customs clearance

Paid multiple times
Total Loss: PKR 250,000+

Investigation Steps

* Fake courier website identified
* Bank account traced
* Multiple victims linked
* Fraud network exposed

REAL CASE STUDY 3 (International + Pakistan Link)

Scenario:

* Organized African scam network
* Pakistani bank accounts used

Key Findings:

* Fake Facebook profiles operated abroad
* Local agents in Pakistan:
* Received money
* Withdraw cash

Investigation

* Cross-border coordination
* Financial intelligence sharing
* Arrest of local facilitators

Red Flags (Very Important)

* Falls in love very quickly
* Avoids video calls
* Claims to be abroad
* Talks about sending gifts or money
* Asks for:
* Fees
* Emergency help
* Customs charges

How to Protect Yourself

* Never send money to online relationships
* ⁠Always verify via live video call
* ⁠Do reverse image search
* ⁠Don’t trust “gift parcel” stories
* ⁠Report immediately

Legal Framework

Cases handled under:

* Prevention of Electronic Crimes Act 2016

Investigated by:

* National Cybercrime Investigation Agency

Professional Insight (Important for Your Training)

Romance scams are dangerous because:

* Victims don’t report early (due to shame)
* Emotional manipulation overrides logic
* Criminals use scripts and psychological tactics

In Pakistan:

* Most money flows through:
* Easypaisa
* JazzCash
* Recovery is difficult after withdrawal

One-Line Awareness Message (For Poster)

“If love asks for money, it’s not love—it’s a scam.”

25/04/2026

25/04/2026

*MOCK INVESTIGATION FILE*

*Case Title: Facebook Impersonation & Financial Fraud*

1. Case Information

* Case ID: NCCIA/KHI/2026/0419
* Agency: National Cybercrime Investigation Agency (NCCIA)
* Helpline: 1799
* Date of Complaint: 15 April 2026
* Location: Karachi
* Offence Type:
* Impersonation
* Electronic Fraud
* Identity Theft
* Law Applied:
* Prevention of Electronic Crimes Act 2016

2. Complainant Details

* Name: Ahmed Raza
* Contact: 03XX-######X
* Occupation: Businessman

3. Incident Summary

The complainant reported that an unknown individual created a fake profile on Facebook using his name and profile picture.

The suspect:

* Sent friend requests to victim’s contacts
* Claimed: “My account was hacked, this is my new account”
* Requested urgent financial help

Total fraud reported: PKR 275,000 from multiple victims.

4. Evidence Collected

A. Digital Evidence

* Fake Facebook Profile Link
* Screenshots of chat messages
* Profile comparison (real vs fake)
* Victim statements

B. Chat Extract (Sample Evidence)

Fake Account:
“Bhai I am in urgent trouble, please send Rs. 50,000 to this Easypaisa account.”

Victim Reply:
“Okay, sending now.”

C. Financial Evidence

* Easypaisa Account: 03XX-######X
* Transaction Receipts (3 victims)
* Total Amount: PKR 275,000

D. Technical Evidence

* IP Logs (requested from Meta Platforms)
* Registered Email: [email protected]
* Linked Mobile Number: 03XX-######X

5. Investigation Process

Step 1: Complaint Registration

* Complaint lodged via NCCIA helpline (1799)
* Case formally registered

Step 2: OSINT Analysis

* Compared real vs fake profile
* Observations:
* Recently created account
* Limited friends
* Same display picture

Step 3: Platform Coordination

* Request sent to Meta for:
* Login IP logs
* Device information
* Account creation data

Step 4: Technical Tracing

* IP Address traced to ISP (Karachi region)
* SIM ownership verified through PTA database

Step 5: Financial Investigation

* Easypaisa account traced
* Account registered under suspect CNIC
* Transaction flow mapped

Step 6: Surveillance & Raid

* Location identified via:
* SIM data
* IP logs
* Raid conducted in Karachi
* Seized:
* 2 Mobile Phones
* 1 Laptop

Step 7: Digital Forensic Examination

Tools Used:

* UFED (Mobile Extraction)
* FTK / Autopsy

Recovered Data:

* Fake Facebook accounts
* Chat logs with victims
* Stored images used for impersonation

Step 8: Attribution

Evidence linked:

* Device → Fake account login
* SIM → Financial account
* IP → Physical location

Strong linkage established

6. Charges Applied

Under Prevention of Electronic Crimes Act 2016:

* Section 16: Unauthorized use of identity
* Section 17: Electronic fraud
* Section 20: Offences against dignity

7. Accused Details

* Name: Muhammad Usman (Mock)
* Location: Karachi
* Status: Arrested

8. Case Outcome (Mock)

* Accused confessed during interrogation
* Digital evidence verified
* Case forwarded to prosecution

9. Key Forensic Findings

Same device used for:

* Fake account login
* Financial transactions

Recovered chats matched victim statements

Money trail confirmed fraud

10. Lessons Learned (For Training)

* Impersonation relies on social trust
* Financial trails are critical evidence
* Early reporting increases recovery chances

11. Recommendations

* Enable 2FA on Facebook
* Verify requests via phone call
* Report immediately to NCCIA

24/04/2026

*Fake Profiles / Impersonation on Facebook*

Definition:
Impersonation is when a criminal creates a fake account using someone else’s name, photos, or identity to deceive people for money, data, or reputation damage.

How It Works (Step-by-Step)

1. Data Collection
* Photos and info copied from a real person’s profile (DP, bio, friends list)
2. Fake Account Creation
* Similar name (e.g., Ali Khan → Ali Khaan)
* Same profile picture
3. Targeting Victims
* Sends friend requests to victim’s friends/family
* Joins same groups (business, university, family circles)
4. Trust Building
* Messages like:
* “My old account got hacked”
* “Please save my new number”
5. Ex*****on (Fraud Stage)
* Requests money (emergency, hospital, travel)
* Asks for OTP, bank details, or mobile wallet transfer

Practical Example (Real-Life Style Scenario)

Scenario:

A scammer copies your cousin’s Facebook profile.

* Creates fake ID with same photo
* Sends you friend request
* Messages:
“Yaar I’m stuck, urgently need Rs. 30,000. Send to this Easypaisa account.”

Because you recognize the face, you trust and send money.

Reality: Your real cousin knows nothing about it.

Real Pakistani Case (Pattern-Based Common NCCIA Cases)

Case: Impersonation for Money Fraud (Karachi/Lahore Pattern)

What Happened:

* Criminal created fake Facebook account of a businessman
* Contacted his friends and clients
* Claimed:
“I am in urgent trouble, send money immediately”
* Multiple victims transferred money via:
* Easypaisa / JazzCash
* Bank accounts

Investigation Steps (Professional – Pakistan Context)

1. Complaint Registration

* Victims report to
National Cybercrime Investigation Agency (NCCIA)
* Helpline: 1799
* Website: https://www.nccia.gov.pk

2. Evidence Collection

* Fake profile link
* Screenshots of chats
* Transaction receipts
* Phone numbers used

3. OSINT (Open Source Intelligence)

* Compare real vs fake profile
* Check:
* Profile creation date
* Friends list pattern
* Activity timeline

4. Platform Coordination

* Request data from Meta Platforms:
* Login IP logs
* Device info
* Linked email/phone

5. Technical Tracing

* IP address → Internet Service Provider (ISP)
* SIM ownership verification (through PTA database)
* IMEI tracking of device

6. Financial Investigation

* Trace money flow:
* Mobile wallets (Easypaisa/JazzCash)
* Bank accounts
* Identify money mules

7. Raid & Arrest

* Location identified through:
* SIM + IP correlation
* Devices seized:
* Mobile phones
* Laptops

8. Digital Forensics

* Extract:
* Fake accounts used
* Chat logs
* Contact lists
* Link suspect with multiple fraud cases

9. Legal Action

* Charged under:
* Prevention of Electronic Crimes Act 2016
* Offences:
* Identity theft
* Electronic fraud

Red Flags (Very Important for Awareness Posters)

* New account with same photo
* Message like:
* “Old account hacked”
* “Urgent money needed”
* Asking for OTP or payment quickly
* Refuses voice/video call verification

Prevention Tips (Simple but Powerful)

* Always verify via call before sending money
* ⁠Check profile history (old posts, mutuals)
* ⁠Enable 2-Factor Authentication
* ⁠Report fake accounts immediately

Professional Insight (For Your Training)

Impersonation cases are highly successful because:

* They exploit trust relationships
* Require no hacking skills
* Depend on social engineering

In Pakistan:

* Most payments go through mobile wallets
* Quick reporting increases recovery chances

23/04/2026

*REAL FACEBOOK FRAUD CASES PAKISTAN*

Prof. Dr. Qamar ul Arafeen
Forensic Advisor

Case Highlights

Lahore Case
• Facebook hacked → private data stolen
• Victim blackmailed

Karachi Case
• Fake online business
• Millions of rupees fraud

Multan Case
• Organized cyber gang
• Banking data theft

Investigation Steps

* Complaint Registered
* ⁠Digital Evidence Collected
* ⁠IP & Device Tracking
* ⁠Financial Transaction Tracing
* ⁠Suspect Identification
* ⁠Arrest & Prosecution

Legal Framework

* Prevention of Electronic Crimes Act 2016

REPORT CYBER CRIME

National Cybercrime Investigation Agency (NCCIA)
🌐 https://www.nccia.gov.pk
📞 Helpline: 1799

REAL CASE STUDIES (UPDATED WITH NCCIA CONTEXT)

Case 1: Facebook Hacking & Blackmail (Lahore)

Investigation Flow:

* Victim complaint → NCCIA
* Account access logs from Facebook
* IP tracing → ISP verification
* Device seizure → forensic extraction
* Recovery of chats/media
* Suspect linked → prosecution under PECA

Case 2: Facebook Business Fraud (Karachi)

Investigation Flow:

* Multiple victim complaints
* Bank account tracing
* Fake pages analysis
* Admin/IP identification
* Financial trail → suspect location
* Raid & arrest

Case 3: Organized Cyber Fraud Gang (Multan)

Investigation Flow:

* Intelligence from victims
* SIM & IMEI tracking
* Monitoring call patterns
* Raid → devices seized
* Data extraction (scripts, accounts)
* Network mapping → arrests

Case 4: Facebook Romance Scam (Pakistan Pattern)

Investigation Flow:

* Fake profile verification (OSINT)
* Reverse image tracing
* Chat pattern analysis
* Wallet/bank tracking
* Linking multiple victims
* Identification & legal action

21/04/2026

*Case Studies*

*Case Study 1: Facebook Hacking & Blackmail (Lahore)*

Case Summary

A suspect hacked Facebook accounts, accessed private photos, and used them for blackmail.

Crime Type

* Account hacking
* Sextortion / blackmail

Investigation Steps (Professional Approach)

1. Complaint Registration

* Victim reports to Federal Investigation Agency (now transitioned to NCCIA )

1. Digital Evidence Collection

* Screenshots of messages
* Facebook profile URLs
* Email/phone linked to account

1. Account Access Analysis

* Check login history (IP logs)
* Identify suspicious devices/locations

1. Device Seizure

* Confiscate suspect’s:
* Mobile phones
* Laptops
* Internet devices

1. Forensic Examination

* Recover:
* Stored passwords
* Browser history
* Cached images/videos
* Extract chat logs using forensic tools

1. Attribution

* Match IP addresses with ISP records
* Link suspect device to victim account access

1. Legal Action

* Charges under PECA (unauthorized access + blackmail)

Case Study 2: Rs 200 Million Online Fraud (Karachi)

Case Summary

Two suspects ran fake online businesses and scammed people through digital platforms and cryptocurrency.

Crime Type

* Facebook business fraud
* Investment scam
* Crypto laundering

Investigation Steps

1. Financial Trail Analysis

* Trace bank transactions
* Identify crypto wallets
* Follow money movement abroad

1. Platform Intelligence

* Analyze pages:
* Ads
* Customer interactions
* Fake reviews

1. Victim Pattern Analysis

* Collect multiple complaints
* Identify common payment accounts

1. Technical Investigation

* Domain/IP tracing of apps/websites
* Link multiple apps to same operators

1. Coordination

* Contact crypto platforms (e.g., exchanges)
* Freeze suspicious accounts

1. Raids & Arrests

* Physical locations identified
* Suspects arrested from residences

Case Study 3: Organized Cyber Fraud Gang (Multan)

Case Summary

An 18-member gang used social engineering, fake calls, and online platforms (including Facebook) to steal banking data.

Crime Type

* Identity theft
* Social engineering
* Banking fraud

Investigation Steps

1. Intelligence Gathering

* Complaints of fake calls posing as bank officials

1. Undercover Monitoring

* Track communication patterns
* Analyze call spoofing systems

1. Digital Surveillance

* Monitor:
* SIM usage
* IP addresses
* Device fingerprints

1. Raid Operation

* Seized:
* 12 smartphones
* 9 laptops
* ATM cards & bank data

1. Forensic Linking

* Extract:
* Contact lists
* Fraud scripts
* Transaction logs

1. Network Mapping

* Identify roles:
* Caller
* Data collector
* Money mule

Case Study 4: Facebook Matrimony / Romance Scam Pattern

Case Insight (Research-Based Pakistan Context)

Users in Facebook marriage groups share personal data, leading to fraud, blackmail, and identity theft risks.

Investigation Steps

1. Profile Verification

* Check fake identity indicators
* Reverse image search

1. Communication Analysis

* Chat patterns (romantic manipulation)
* Requests for money

1. Financial Tracking

* Bank accounts / wallets used
* Cross-check with other victims

1. OSINT (Open Source Intelligence)

* Trace profile activity across platforms
* Identify reused photos / fake identities

Key Investigation Techniques Used in Pakistan

Digital Forensics

* Mobile extraction (UFED, Oxygen)
* Disk imaging
* Log analysis

OSINT

* Social media profiling
* Metadata analysis

Financial Forensics

* Bank trail
* Mobile wallet tracking
* Crypto tracing

Technical Tracking

* IP logs
* SIM registration data
* Device IMEI tracking

Legal Framework

All these cases are prosecuted under:

* Prevention of Electronic Crimes Act 2016

Common sections:

* Unauthorized access
* Electronic fraud
* Cyber harassment

Key Lessons Learned

* Most Facebook crimes rely on social engineering
* Multiple victims help build stronger cases
* Financial trails are critical evidence
* Early reporting increases recovery chances

20/04/2026

*Common Types of Facebook Crimes & Frauds*

1. Fake Profiles / Impersonation

Criminals create fake accounts using someone else’s name/photos.

How it works:

* They copy profile pictures and details
* Send friend requests to victim’s contacts
* Ask for money or sensitive info

Example:
A fake profile pretending to be a relative asks for urgent financial help.

2. Romance Scams

Scammers build emotional relationships and later ask for money.

Tactics:

* Pretend to be foreign (army officer, engineer, doctor)
* Promise marriage or visit
* Ask for “visa fee”, “gift clearance”, etc.

3. Investment & Crypto Fraud

Fake ads/posts promising high returns.

Common schemes:

* Forex trading scams
* Cryptocurrency investment traps
* “Double your money” offers

4. Online Shopping Fraud

Fake pages selling products.

Modus Operandi:

* Attractive deals (low prices)
* Advance payment required
* No delivery after payment

5. Job Scams

Fake job offers posted in groups/pages.

Red flags:

* Asking for registration fee
* Too-good-to-be-true salary
* No official company verification

6. Blackmail / Sextortion

Victims are tricked into sharing private content.

Process:

* Fake female profile contacts target
* Video call recording
* Threat to share video unless money paid

7. Phishing Attacks

Fake login pages to steal passwords.

Example:

* “Your account will be disabled—click here”
* Leads to fake Facebook login page

8. Giveaway & Lottery Scams

Fake promotions claiming you’ve won prizes.

Goal:

* Collect personal data
* Ask for “processing fee”

9. Business Page Hijacking

Hackers take control of business pages.

Impact:

* Run fraudulent ads
* Scam followers
* Damage brand reputation

2. Legal Perspective in Pakistan

These crimes fall under:

* Prevention of Electronic Crimes Act 2016 (PECA)

Relevant offences:

* Identity theft
* Electronic fraud
* Cyber harassment
* Unauthorized access

Authority:

* Federal Investigation Agency Cyber Crime Wing

3. Psychological Techniques Used by Scammers

* Trust Building: Friendly conversation
* Urgency: “Send money now!”
* Fear: Threats or account suspension
* Greed: High profits / cheap deals
* Emotion: Love, sympathy, panic

4. How to Protect Yourself

Basic Safety

* Never share passwords or OTPs
* Enable Two-Factor Authentication
* Verify profiles before trusting

Financial Safety

* Avoid advance payments
* Use trusted platforms for shopping
* Confirm bank details

Privacy Control

* Limit profile visibility
* Don’t accept unknown friend requests
* Avoid sharing personal data publicly

5. What To Do If You Are a Victim

1. Immediately secure your account
2. Inform your bank (if financial fraud)
3. Report to:
* FIA Cyber Crime Wing
4. Keep evidence:
* Screenshots
* Chat logs
* Transaction records

6. Realistic Case Pattern (Pakistan)

A typical case:

* Victim receives friend request from “relative”
* Fake account asks for Rs. 50,000 emergency help
* Money sent via mobile wallet
* Real person later denies any request

7. Key Risk Areas in Pakistan

* Students & job seekers
* Small business owners
* Women targeted in blackmail cases
* Overseas Pakistani-related scams

Final Insight

Facebook fraud is not just a technical issue t’s social engineering. Criminals exploit human behavior more than technology.

18/04/2026

*Prevention of Electronic Crimes Act 2016*

Designed for training, simulations, and university teaching
(With your designation: Prof. Dr. Qamar ul Arafeen – Forensic Advisor)

Mock Courtroom Script (Cyber Crime Case)

Case Title: Online Banking Phishing Fraud

Court: Sessions Court, Karachi

Characters

* Judge
* Prosecutor
* Defense Lawyer
* Forensic Expert
* Accused
* Victim

Scene 1: Court Opening

Judge:
“Court is now in session. Present the case.”

Scene 2: Prosecution Statement

Prosecutor:
“My Lord, this case involves electronic fraud under PECA. The accused created a fake banking website and stole credentials.”

Scene 3: Defense Statement

Defense Lawyer:
“My Lord, there is no direct evidence linking my client to the crime.”

Scene 4: Victim Testimony

Victim:
“I received a message from my bank. I clicked the link and entered my details. Later, money was deducted.”

Scene 5: Forensic Expert Testimony

(Prof. Dr. Qamar ul Arafeen – Forensic Advisor)

Expert:
“My analysis shows that the phishing website was hosted on a server linked to the accused.”

Evidence Presented

* IP Address logs
* ⁠Email headers
* ⁠Bank transaction logs
* ⁠Device forensic report

Scene 6: Cross-Examination

Defense Lawyer:
“Is it possible that someone else used the same IP address?”

Expert Response:
“Yes, but additional evidence confirms attribution:

* SIM registered to accused
* Device recovered from accused
* Matching login timestamps”

Scene 7: Technical Explanation (Simplified)

Expert:
“Think of the IP address like a digital home address. In this case, multiple pieces of evidence point to the same individual.”

Scene 8: Legal Arguments

Prosecutor:

* Accused committed fraud
* Evidence is consistent
* Digital trail is clear

Defense:

* Possibility of doubt
* No eyewitness

Scene 9: Judge Questions

Judge:
“Is the evidence tamper-proof?”

Expert:
“Yes, My Lord. Hash values verify integrity and chain of custody is maintained.”

Scene 10: Judgment

Judge:
“Based on evidence and expert testimony, the accused is found guilty under PECA.”

Training Objectives

* Improve courtroom confidence
* ⁠Practice expert testimony
* ⁠Handle cross-examination
* ⁠Explain technical evidence simply

Common Mistakes (During Simulation)

* Using too technical language
* ⁠Weak confidence under pressure
* ⁠Poor documentation explanation

Advanced Simulation Variations

Scenario 1: Weak Evidence Case

* Missing logs
* Challenge: defend incomplete evidence

Scenario 2: Encrypted Device

* Locked mobile
* Challenge: explain limitations

Scenario 3: Cross-Border Crime

* Foreign server
* Challenge: jurisdiction issues

Golden Rule

“In court, clarity wins cases not complexity.”

Conclusion

This mock courtroom script helps:

* Forensic experts
* ⁠Law students
* ⁠Investigators

to bridge the gap between technology and law

17/04/2026

*Real Pakistan-Based Cyber Crime Case Studies (PECA Law)*

Case Study 1: Online Banking Phishing Fraud

Scenario:

A victim in Karachi received a fake bank email and entered credentials.

Loss:

PKR 850,000 transferred to unknown accounts

Investigation Highlights:

* Phishing domain hosted internationally
* IP traced to local SIM registration
* Bank mule accounts identified

Applicable PECA Sections:

* Section 3 → Unauthorized Access
* Section 4 → Unauthorized Data Copying
* Section 13 → Electronic Fraud

Outcome:

* Suspect arrested
* ⁠Funds partially recovered

Lesson Learned:

* Public awareness on phishing
* ⁠Bank-level fraud detection systems

Case Study 2: Social Media Blackmail (Sextortion)

Scenario:

Victim in Lahore targeted via fake profile.

Crime:

* Private images obtained
* Blackmail for money

Investigation Highlights:

* Fake account traced via IP logs
* Device seized and analyzed
* Chat history recovered

Applicable PECA Sections:

* Section 20 → Offences Against Dignity
* Section 21 → Cyber Stalking

Outcome:

* Accused convicted
* ⁠Digital evidence accepted

Lesson Learned:

* Strong privacy awareness
* ⁠Rapid reporting mechanisms

Case Study 3: E-Commerce Fraud

Scenario:

Fake online store scammed multiple victims in Islamabad

Modus Operandi:

* Fake ads on social media
* Advance payment required
* No product delivered

Investigation Highlights:

* Payment wallets tracked
* Phone numbers linked
* Organized fraud network exposed

Applicable PECA Sections:

* Section 13 → Electronic Fraud
* Section 18 → Offences Against Property

Outcome:

* Multiple arrests
* ⁠Fraud network dismantled

Lesson Learned:

* Verify online sellers
* ⁠Use escrow/payment protection

Case Study 4: ATM Skimming & Card Cloning

Scenario:

Victims across Rawalpindi reported ATM fraud.

Investigation Highlights:

* Skimming devices recovered
* CCTV analysis performed
* Foreign suspects involved

Applicable PECA Sections:

* Section 3 → Unauthorized Access
* Section 13 → Electronic Fraud

Outcome:

* International coordination
* ⁠Arrest of suspects

Lesson Learned:

* ATM security upgrades
* ⁠User awareness (cover PIN, alerts)

Case Study 5: Corporate Data Breach

Scenario:

IT company in Karachi suffered insider data theft.

Investigation Highlights:

* USB data exfiltration detected
* Employee activity logs analyzed
* Confidential data leaked

Applicable PECA Sections:

* Section 3 → Unauthorized Access
* Section 4 → Data Copying
* Section 14 → Data Damage

Outcome:

* Employee prosecuted
* ⁠Data recovery initiated

Lesson Learned:

* Insider threat monitoring
* ⁠Data Loss Prevention (DLP) systems

Advanced Insights Across All Cases

Common Patterns:

* Social engineering
* ⁠Weak user awareness
* ⁠Delayed reporting

Major Challenges:

* Cross-border data access
* ⁠Encryption barriers
* ⁠Legal delays

Strategic Recommendations:

* Strengthen Federal Investigation Agency cyber units
* ⁠Implement national cyber awareness programs
* ⁠Improve digital forensic labs
* ⁠Enhance inter-agency coordination

Training Value

These case studies help in:

* Forensic skill development
* ⁠Legal understanding (PECA)
* ⁠Real-world investigation practice
* ⁠Courtroom preparation

Golden Rule

“Cyber crime investigation is not just technical — it is legal, strategic, and human-focused.”