Federal Tax Ombudsman Exposes Massive GST Fraud

Islamabad: The Federal Tax Ombudsman (FTO) has uncovered a major breach in Pakistan’s digital tax system, revealing fraudulent manipulation of sales tax returns and fake GST claims worth millions of rupees.

According to official findings, cybercriminals gained unauthorized access to a taxpayer’s IRIS account by exploiting compromised login credentials and revised the sales tax return for October 2025, resulting in unlawful adjustments to input tax credit.

An official statement disclosed that fake supplies amounting to Rs415.6 million were inserted into the system, creating a GST impact of Rs74.8 million and wiping out the taxpayer’s entire carry-forward input tax credit. The affected taxpayer approached the FTO seeking an independent inquiry, removal of fake invoices, restoration of tax credit, and strict legal action against those responsible.

Initial investigations indicate the fraud is part of a broader organized network. Authorities suspect possible involvement of individuals linked to the Federal Board of Revenue (FBR) and Pakistan Revenue Automation Limited (PRAL), raising serious concerns about insider access to sensitive taxpayer data. Cybercriminals reportedly targeted dormant and blocked accounts, as well as entities with large accumulated input tax credits, to inject fake transactions into the system.

The fraudulent supply chain has been traced across multiple cities, including Karachi, Lahore, Multan, Quetta, and Islamabad. Several beneficiaries have already been identified, and legal proceedings are expected to follow. However, the FTO noted that restoration of the fraudulently adjusted input tax credit would be premature until the investigation is completed and key perpetrators are identified.

Declaring the incident as maladministration, the FTO has directed the Directorate General of Intelligence and Investigation (Inland Revenue) to conduct a comprehensive probe using digital evidence, including IP tracking. Chief commissioners have been instructed to ensure full cooperation in identifying beneficiaries across the supply chain, while the IRS Business Process Re-engineering (BPR) team will recommend system upgrades such as stricter controls on credential changes, biometric verification, and enhanced supervisory oversight. The FBR has also been asked to submit a compliance report within 60 days.

The case highlights serious vulnerabilities in Pakistan’s digital tax infrastructure and underscores the urgent need for stronger cybersecurity measures, improved system controls, and enhanced internal accountability mechanisms.