You can unsubscribe at any time.
05 November 2025
Author: Asif S Kasbati (FCA, FCMA & LLB)
From: Asif Siddiq Kasbati <asif.s.kasbati@professional-
A. Background
1. This refers to the related Important QCs in trail, blue, italic and double line (a) FRQC279 of 22.9.25 about Cyber Attack: KC Recommendation as EU Airports faced & Disruption (b) FRQC247 of 10.8.25 about Cyber Attack disrupted Pakistan Petroleum’s (PPL) IT Systems for ransom & KC Recommendation
2. We also refer to several Other matters including (a) COQC648 of 29.5.25 about SECP Cyber Security Advisory & KCR (b) FRQC214 of 22.4.24 about Pak Suzuki Data Leakage and KCR (c) FRQC195 of 24.2.24 about Cyber Threats surge by 17% in 2023; Be careful (d) Official work at field formations: KTBA concerned at involvement of ex-FBR staff (e) KTBA slams access to taxpayers’ information
B. Executive Summary
1. Further to KQU 3621 of 28.10.25, being an important matter, we would inform you about Video Online Scam Alert! New Method Drains Bank Accounts People must Be Careful (Attachment 336.1).
2. A Karachi resident was defrauded of Rs 85 lakh (8.5 million) after scammers obtained a duplicate mobile SIM card without biometric verification, leading to approximately 100 unauthorized bank transactions overnight.
C. Key Details of the Fraud
1. The Scam Method
(a) The victim's mobile SIM suddenly stopped working in the evening.
(b) The next day, the victim learned that a duplicate SIM had been issued from Hyderabad the previous night without biometric.
2. biometric verification
Using this duplicate SIM, the scammers gained access, resulting in about 100 transactions that withdrew Rs 85 lakh from the victim's account
3. Negligence and Violations
The case highlights significant failures by both the cellular service provider and the bank:
(a) Cellular Service Provider Failure: Issuing a duplicate SIM without biometric verification is a clear violation of PTA orders and standard procedure, which the National Cyber Crime Investigation Authority (NCCIA) termed “criminal negligence"
(b) Bank Failure: The bank's system failed to recognize the 100 continuous transactions as a red flag and did not send any alert to the customer, despite the large amount being withdrawn, which is contrary to the bank's typical system model for high-value transactions.
4. Investigation Status
(a) The victim has contacted the court regarding the fraud
(b) The National Cyber Crime Investigation Authority (NCCIA) has reached out to both the bank and the mobile phone service company for data
(c) Both the bank and the cellular company have not fully cooperated with the NCCIA by failing to provide complete data, a fact noted in the report submitted to the court.
D. KC Recommendation
Always pray from Almighty Allah to keep all your assets safe, while leaving home, post Namaz 5 times with Jamaat by Males and on time by Ladies; Behave with Poors & Others in a better manner; Give Sadaqah and do other Good deeds.
E. Multiplications
Although all the Commentaries are to the extent of the Subscribed IDs only, however, your Goodself is allowed to share this QC to Impart Knowledge to save maximum Employees, Relatives, Groups, etc as soon as possible in order to be vigilant.
F. Further Details & Services
Should you require any clarification or explanations in respect of the above or otherwise, please feel free to email Mr Amsal at amsal@kasbati.co with CC to info.kasbati@professional-
Best regards for Here & Hereafter
Asif S Kasbati (FCA, FCMA & LLB)
Managing Partner
Kasbati & Co (1400+ Tax, Levies, Companies, Economy, Inflation, HR, Banking, Finance, etc
Quick Commentary Service Provider and High Level 440+ Tax & Levies Laws Consultants)
Head of Tax & Professional Excellence Services (Symbols of High Quality Practical Tax, Levies & Corporate Training for Beginners to High Levels' Professionals) PTCL: 92-21-
Google Map link: Tax Excellence YouTube Channel Tax Excellence
I. Kasbati & Co Recommendation
Owing to serious matters stated in Para II and III, all the Entities are recommended to be careful about their Data Protection & All IT Security, in order to avoid such extreme adverse eventuality, which may ruin the entity or at least affect its Goodwill.
Hence this email be forwarded to the IT team and Internal Auditor who is also recommended to consider the same on an urgent basis.
External Auditors data may also be affected in respect of the entity, etc, hence, they should also be careful.
Although all the Commentaries are to the extent of the Subscribed IDs only, however, your Goodself is allowed to share this QC is for the Noble Cause to Impart Knowledge.
II. Background (BG)
1. This refers to the related Important QCs in trail, blue, italic and double line (a) FRQC247 of 10.8.25 about Cyber Attack disrupted Pakistan Petroleum’s (PPL) IT Systems for ransom & KC Recommendation
(b) COQC648 of 29.5.25 about SECP Cyber Security Advisory & KCR (c) FRQC214 of 22.4.24 about Pak Suzuki Data Leakage and KCR
2. We also refer to several Other matters including (a) FRQC195 of 24.2.24 about Cyber Threats surge by 17% in 2023; Be careful (b) Official work at field formations: KTBA concerned at involvement of ex-FBR staff (c) KTBA slams access to taxpayers’ information
III. Updated Commentary
A. On 22.925 (click the link) European Airports face a Fourth day of Disruption on today after weekend cyberattack, as covered in para B.
B. Earlier Status
1. Further to KQU 3565 dated 22.9.25, being an important matter, we would inform you about Disruption continues at Heathrow, Brussels and Berlin airports after cyber-attack (Attachment 249.1) in the ensuing paragraph, with emphasis in bold & Underline for quick reading.
2. Hundreds of thousands of passengers at Heathrow and Berlin airports faced flight delays on Sunday after a cyber-attack hit check-in desk software, while cancellations at Brussels airport suggested that disruption of Europe’s air travel would continue into Monday.
3. Airlines were forced to revert to slower manual check-ins from Friday night after the attack hit Collins Aerospace, which provides check-in desk technology to various airlines.
4. Brussels airport asked airlines on Sunday afternoon to cancel half of the departing flights scheduled for Monday. The airport said Collins was “not yet able to deliver a new secure version of the check-in system”, and confirmed a cyber-attack had taken place.
5. Airports urged passengers to check the status of their flights before travelling and asked them to arrive no earlier than three hours before long-haul flights and two hours before shorter journeys.
6. Collins said on Saturday it was dealing with a “cyber-related incident”. The hack joins a long line of attacks that have hit big companies in recent months. The UK’s largest automotive employer, Jaguar Land Rover, has been unable to produce any cars for three weeks because of a hack, while the British retailers Marks & Spencer and the Co-op were also hit by separate attacks earlier this year.
7. Airlines were still able to check in passengers manually.
8. At Heathrow 90% of more than 350 flights had been delayed by 15 minutes or more, while six were cancelled by 3pm on Sunday afternoon, according to the data company Flightradar24. The average delay was 34 minutes. Thirteen flights were cancelled on Saturday, although the vast majority of hundreds of flights were delayed.
9. A Heathrow spokesperson said the “underlying problem was outside our influence” but added that the airport had brought in extra staff to help cope with any disruption. It is understood that Heathrow has not mandated any cancellations for Monday, and the majority of flights are expected to be operating.
10. “Work continues to resolve and recover from Friday’s outage of a Collins Aerospace airline system that impacted check-in,” Heathrow said in a statement. “We apologise to those who have faced delays, but by working together with airlines, the vast majority of flights have continued to operate.”
11. In Brussels 86% of flights by 3pm on Sunday had been delayed at the airport at Zaventem, one of two serving the Belgian capital. Delays ranged from 15 minutes to four hours.
12. The airport said 15% of its scheduled flights would be cancelled overall this weekend. It cancelled 25 departures out of 234 on Saturday, and 50 out of 257 on Sunday “in order to avoid long queues and late cancellations”, a spokesperson said.
13. In Berlin 73% of about 200 flights were delayed. “Due to a systems outage at a service provider, there are longer waiting times,” Berlin airport said on its website. “Please use online check-in, self-service check-in and the fast bag drop service.”
14. Dublin airport also said it was affected by the attack, with the majority of flights from the Irish capital delayed.
15. On Saturday, Collins Aerospace said “cyber-related disruption” had affected its Muse software used for electronic customer check-in and baggage drop.
16. Collins is owned by the New York-listed RTX, one of the world’s largest aerospace and weapons conglomerates. The company said it was “actively working to resolve the issue and restore full functionality to our customers as quickly as possible”.
17. The UK’s National Cyber Security Centre said it was working with Collins, UK airports and British law enforcement to assess the impact of the incident.
What we know about the cyberattack that hit major European airports (Attachment 249.2).
KEY POINTS
Disruption at some European airports continued for a second day on Sunday after a cyberattack targeted check-in technology company Collins Aerospace.
The U.K.'s largest airport, Heathrow, was among those affected, along with airports in Berlin and Brussels.
IV. Further Details & Services
Should you require any clarification or explanations in respect of the above or otherwise, please feel free to email Mr Amsal at amsal@kasbati.co with CC to info.kasbati@professional-
Best regards for Here & Hereafter
Asif S Kasbati (FCA, FCMA & LLB)
------------------------------
From: Asif Siddiq Kasbati <asif.s.kasbati@
A. Background (BG)
1. This refers to the related Important QCs in trail, blue, italic and double line (a) COQC648 of 29.5.25 about SECP Cyber Security Advisory & KCR (b) FRQC214 of 22.4.24 about Pak Suzuki Data Leakage and KCR (c) FRQC195 of 24.2.24 about Cyber Threats surge by 17% in 2023; Be careful
2. We also refer to several Other matters including (a) Official work at field formations: KTBA concerned at involvement of ex-FBR staff (b) KTBA slams access to taxpayers’ information (c) DNVC dated 24.8.21 KTBA urges FBR to secure data centre from hacking - TNS (d) DNVC dated 24.8.21 Unauthorized access
B. Updated Commentary
1. Further to KQU 3505 dated 8.8.25, being an important matter, we would inform you about Pakistan Petroleum IT system hit by cyber attack (Attachment 247.1) reported 24News TV Channel in the ensuing paragraph, with emphasis in bold & Underline for quick reading.
2. Pakistan Petroleum Limited (PPL) faced a cyber-attack on its IT system as company's system related to the sale of oil and gas has been inactive for the past two days.
3. The hackers have demanded a ransom. Negotiations are going on between the company's IT experts and the hackers. The hackers had taken over the control of the company's IT system, and the management no longer has control over the PPL's financial affairs.
4. The Government and the relevant institutions have been informed about the situation. The company has also requested to activate the system from the relevant institutions. The other gas and oil companies have also been alerted and given a warning to take immediate precautions and actions.
C. Kasbati & Co Recommendation
KC reiterate our recommendation as earlier given vide FRQC 214 of 22.4.24 & COQC 648 of 29.5.25 that all the entities should be careful about their Data security, in order to avoid such extreme adverse eventuality, which may ruin the entity; or at least affect its Good name and Goodwill.
The IT team and Internal Auditor may also consider the same on an urgent basis
External Auditors data may also be affected in respect of the entity, etc, hence, they should also be careful.
D. Further Details & Services
Should you require any clarification or explanations in respect of the above or otherwise, please feel free to email Mr Amsal at amsal@kasbati.co with CC to info.kasbati@professional-
Best regards for Here & Hereafter
Asif S Kasbati (FCA, FCMA & LLB)
Copyright © 2023 Kasbati | Email: info.kasbati@tax-excellence.com | Phone No: 02134329108, 02137296771, 02137296783