KARACHI ( WEB NEWS )
The reports a major cyber fraud case in Karachi, where a Clifton resident lost Rs 8.5 million due to lapses by United Bank Limited (UBL) and Ufone. The National Cyber Crime Investigation Agency (NCCIA) has registered a case (No. 12/2026) against organized cybercriminals, highlighting negligence or possible collusion by the bank and telecom company.
Suni Kumar, a resident of Bath Island Lane, Clifton, Karachi, was at Dolmen Mall on September 29, 2025, when his Ufone SIM suddenly stopped working. The next day, he discovered a duplicate SIM had been issued in his name without biometric verification in Dhabiji, Hyderabad (62 km away), just 7 minutes after his last location at 7:43 PM in Clifton—physically impossible, indicating foul play.
Overnight, fraudsters accessed his UBL account linked to the SIM, conducting 104 unauthorized transactions in 137 minutes (about every 1.3 minutes), transferring nearly Rs 8.5 million to JazzCash merchant accounts and fake accounts in Habib Bank Limited (HBL) under Benazir Income Support Program (BISP).
Investigation Findings
NCCIA’s analysis of CDR, GPS, and SIM reissue records confirmed the timeline impossibility. The bank’s fraud monitoring system failed to alert despite the high-volume, rapid transactions and prior fraud from the same traced device a month earlier.
UBL admitted Mardan branch employee Zeeshan illegally accessed 28 accounts, including the victim’s, aiding accomplices; he was fired and went absconding after NCCIA probe began. Biometric logs showed 154 failed attempts and over 110 wrong fingerprints, violating NADRA limits.
Suspected Irregularities
Funds went to JazzCash merchant accounts opened without proper business verification or surveys—some names didn’t exist, no businesses found. BISP accounts used illiterate women’s thumbprints fraudulently via fake officials for JazzCash and HBL connect accounts.
NCCIA alleges criminal negligence or internal facilitation by Ufone (duplicate SIM) and UBL (bypassed OTP, device binding, anti-fraud), plus JazzCash/HBL lapses in account openings. The case exposes systemic vulnerabilities in digital banking and telecom security.