FTO Directs FBR to Investigate IP Addresses in Major Sales Tax Fraud

The Federal Tax Ombudsman (FTO) has issued a directive to the Federal Board of Revenue (FBR) to conduct a thorough investigation into the IP addresses linked to a significant sales tax fraud case. The case involves the misuse of a commercial importer’s credentials to file fake invoices worth millions, highlighting a growing threat of cybercrime to Pakistan’s tax system.

The fraud came to light when a 68-year-old importer, who has been sales tax-registered since 2008, discovered that his credentials had been hacked. Cybercriminals had used his login to file a falsified sales tax return for April 2025, declaring fake supplies of Rs. 133.125 million with a resulting sales tax impact of Rs. 23.962 million. The fraudulent transactions were traced back to a taxpayer named Rafi Enterprises, located in RTO Quetta.

Investigators found that the fraud was executed using multiple IP addresses originating from Battagram, Islamabad, and Frankfurt. The use of a VPN is suspected to have masked the true identities of the perpetrators. Despite repeated requests from authorities, internet service providers have so far failed to disclose the subscriber details associated with these IP addresses. The FTO noted that both the FBR and Pakistan Revenue Automation Limited (PRAL) currently lack the advanced technical capabilities needed to effectively track such sophisticated cybercrimes.

The FTO’s inquiry concluded that the beneficiary of the fake transactions, Rafi Enterprises, knowingly purchased these fraudulent invoices to evade sales tax, which is a violation of Section 73 of the Sales Tax Act. The FTO has urged the FBR to register First Information Reports (FIRs) and prosecute all individuals and entities involved. Additionally, the FTO has recommended that the FBR strengthen its monitoring systems to prevent future misuse of taxpayer credentials and better protect the integrity of the tax collection process.