Islamabad, December 30, 2023 – The Federal Tax Ombudsman (FTO) has taken a decisive stance against cybercrime, directing the Federal Board of Revenue (FBR) to promptly address instances of hacking and manipulation within the tax system.
This move comes in response to allegations of cybercriminals fabricating sales and purchases data to gain illicit financial advantages amounting to billions.
The FTO’s directive follows a formal complaint lodged against the Member IR (Operations) at FBR and the Director of Intelligence and Investigation (IR) in Karachi. The complaint, invoking the Federal Tax Ombudsman Ordinance, 2000 (FTO Ordinance), highlights a failure to address false entries in the sales tax returns of a registered taxpayer (RP) for the month of September 2023.
The affected party, a business engaged in the production of paper and paperboard products and assessed at RTO-1, Karachi, uncovered unauthorized changes to their login credentials. Attempts to recover the password were thwarted as the hackers also altered the associated mobile number and email. Swift action was taken upon contacting the tax office in Karachi, where an FBR official facilitated the restoration of the complainant’s contact information and password recovery.
Upon regaining access to their account, the complainant discovered that their sales tax return for September 2023 had already been submitted. Notably, the submitted return contained fraudulent entries of significant purchases and sales in the relevant annexures. In response, the complainant urgently requested the removal of these falsified entries, citing the subsequent disruption to their business operations as they were unable to submit sales tax returns for the following periods.
Allegedly, the department failed to take any substantial action on the complainant’s request, leading to the escalation of the issue to the Federal Tax Ombudsman. During the proceedings, both parties presented their cases, and records were thoroughly scrutinized. The Senior Manager from the Pakistan Revenue Automation Limited (PRAL) was also consulted for insights.
The PRAL official clarified that field officers of FBR/PRAL lacked the authority to delete the fraudulent annexures. Given that these deceptive entries were uploaded for September 2023, it was suggested that the hackers may have already benefited from these false claims. Consequently, a comprehensive investigation was deemed necessary to uncover the extent of the fraudulent activity.
The FTO has recommended that the Member (IT) at FBR play a key role in identifying the machine (computer) ID responsible for the creation of the allegedly fake annexures. Simultaneously, the Director General of Intelligence and Investigation (IR) has been tasked with conducting a detailed investigation to unravel the entire chain of the alleged fraud and identify the individuals or groups behind it.
As the FBR intensifies efforts to address this cyber threat to the tax system, the outcomes of these investigations are anticipated to shed light on the scope of the fraudulent activity and contribute to fortifying the security of taxpayer information in the digital age. The incident underscores the critical need for robust cybersecurity measures within financial institutions and tax systems to safeguard sensitive data from malicious actors.
