UAE | Crime

Cyber gangs on the prowl in UAE

Of late there's been an explosion of internet fraud and phishing attacks in the UAE. Here's all you need to know about this new epidemic and how you can protect yourself when banking online

  • By Jay B. Hilotin and Lubna Bagsair, Chief Reporter and Staff Reporter
  • Published: 00:00 February 3, 2011
  • XPRESS

Cyber gangs on the prowl in UAE
  • Image Credit: Supplied
  • The list of UAE residents who have lost their hard-earned money to phishing gangs in recent times is long.
Image 1 of 15
123456789101112131415

Dubai: On December 7, 2010, Dubai-based Indian businessman Kannaiyan Shankear lost Dh10,000 in phone re-charge transactions on his Mashreq Bank account while he was sleeping.

The 20 recharges worth Dh500 each were credited to different mobile numbers which went ‘dead' the following morning.

On December 17, Peter Troiano, an American professor in Fujairah, lost Dh2,000 in a similar mobile phone recharge scam.

Two months earlier, in September, Al Ain resident Sunil Mohammad lost Dh2,000.

Dubai resident M. Nadeem Siddiqui lost Dh3,000 when his credit card was hacked to recharge du telephone numbers. The list of UAE residents who have lost their hard-earned money to phishing gangs in recent times goes on. Not surprising, considering cybercrimes account for a staggering 70 per cent of all crimes in the UAE.

In Abu Dhabi alone, 235 cyber-crimes were registered in 2010 — a stark contrast to 2007 when only three such cases were reported.

Related Links

Every day, 80 million spam messages targetted UAE residents last year, said computer security firm Trend Micro.

Russian computer security company Kaspersky said 56 per cent of cyber attacks within the region are directed at the UAE.

Phishing is not only escalating in the country, it's also getting more sophisticated, say experts who reckon that phishing gangs may have netted millions from not just PC but Mac users too.

People in the Gulf have lost an estimated Dh735m to cyber criminals in 2007 alone. In 2009, the Telecommunications Regulatory Authority (TRA) recorded 51 cases of cyber attacks targeting the UAE's IT infrastructure, prompting the agency to issue warnings about their "devastating" effect.

Last December, scores of unsuspecting bank customers were directed to websites they believed to be secure, divulging confidential login credentials in the process.

Some time back, internet security firm Symantec reported a ‘major attack' against a UAE bank. Around the same time, Dubai Police arrested a man who blackmailed women by hacking into their e-mail accounts and stealing their pictures. They also nabbed a hacker who siphoned off money from a financial company.

Major Saeed Al Hajiri, Director of Electronic Crimes of Dubai Police, said his department was trying to raise awareness of cyber-crimes like forgery and hacking. The Interpol, meanwhile, lists financial fraud among the top cyber-crimes in the Gulf region.

The TRA said phishing e-mails are the most pervasive cyber attacks hitting those having little knowledge of online security.

TRA's emergency arm, aeCERT, blocks websites through the local internet service providers and works with Anti Working Phishing Group (APWG).

TRA's Cyber-crime Litigation Guide defines various types of cyber-crimes and related evidence material such as hard disks, e-mails, files, mobile phone records, RAM and cache memory, digital photographs and multimedia content.

The challenge is not lost on judicial authorities.

Justice Minister Dr Hadef Jua'an Al Daheri last year proposed the creation of a new section dedicated to tackle cyber-crime cases. "Cyber-crime does not just affect individuals but it is increasingly becoming a huge security threat to governments, public departments as well as private institutions worldwide," he told a conference.

Dubai-based lawyer Haroun Tahlak said most cyber crime cases are related to online theft. "People fall into phishing traps even if they are educated or well informed. I think there needs to be a serious awareness (drive) against cyber crime. People need to be taught how to protect their money online."

Dubai Police, who have set up a dedicated department to solve high-tech crimes, said cross-border cooperation is the key to bringing cyber criminals to justice. Most cyber criminals launch their attacks from outside. But there are signs the threats come from within too, states Symantec.

In this cat-and-mouse game, little is known about the perpetrators.

"The UAE and the Gulf is in the cross hairs of cyber criminals," said Omar Djani, director for systems engineering, emerging markets at Symantec. "The origins of what seems to be home-grown threats are hard to track as it is possible that UAE's networks are unwittingly being take over as a launch pad by cyber criminals from outside."

The country ranks 36th in the world for being a source of malicious internet activity. Within the EMEA (Europe, Middle East and Africa), the UAE ranks No 18 for being a source of malicious activity, said Djani. "It's difficult to tell whether an attack originates from the UAE or outside.

"We know it originated from the UAE, but we can't tell if it's someone from within or outside, controlling a ‘botnet' here." For the uninitiated, a botnet is a robot computer that runs on its own. "Infected botnets - laptops or servers - go by the hundreds in the UAE," said Djani, adding this highlights the information security "deficit" in the Middle East.

Experts believe the phone recharge scams may be funding "underground economies" which exchange money via channels such as internet shopping sites or to finance a whole chain reaction of future scams.

Spam and phishing e-mails are a low-cost-high-returns activity.

"The scale and reach of spammers is growing because now it can be done with easily accessible tools on the net," said Djani.

He said financial institutions are partly to blame. "The onus is on the financial institutions to educate customers and raise awareness. I don't think they are doing enough," he said. "They (banks) are not getting the message across. It's as simple as ‘Do not ever give your user name and password or credit card information unless you initiate the contact."

Case studies

Dh121,000 was swiped from the account of Pravin Bakliwal, a 51-year-old Indian resident of Dubai in a phone recharge scam. Another Dh7,500 was charged to his credit card for a total of 135 phone recharges.

Bakliwal said the amount was actually earmarked for his son’s education. The amount was taken incrementally at Dh500and Dh1,000 per transaction. The father said he never used the direct debit service and recharged his mobile through a pay-as-you-go scheme. He took an extended leave to dispute the transactions but his employer fired him.

P. A. Savad, a car rental agent, lost Dh38,500 from his account in a similar scam. Savad, an Indian, swears he did not reply to unsolicited e-mails, nor did he recognise any of the phone numbers on his statements.

Mahmoud Mohammad, of Abu Dhabi, found that Dh27,500 had disappeared
from his account in a phone recharge scam. None of the 40 numbers that appeared on his bank statement worked when he called them. The Indian PR officer faces Dh1,200 in bank fees and has filed a case with the Abu Dhabi Judicial Department. He lodged a formally complaint with his bank to dispute the transactions, but the banks’ customer care staff told him the bank was not obligated to give a refund.

TYPES OF CYBER ATTACKS

  • COMPROMISED ACCOUNTS – where an e-mail or online bank account has been taken over by hackers
  • E-MAIL ABUSE – Sending spam (massive amounts of unsolicited e-mail), offensive or fake e-mail, and e-mails that propagate malicious (malware) codes
  • COMPROMISED WEBSITE - Defacement or phishing

HOW TO AVOID E-CRIME

  • Don’t scrimp on computer security. Use anti-virus software, keep it up to date and use spam filters
  • Update security patches, operating system and web browser; Use a personal firewall
  • Use a mix of letters and numbers for your password and change them often.
  • Don’t use words from the dictionary
  • Do not open or click on any unknown e-mail attachment; never click on hyperlinks within e-mails. Instead, copy and paste them into your browser
  • Always look for “https://” and padlock on web sites that require personal
  • information
  • Keep your computer clean from spyware
  • Educate yourself of fraudulent activity on the internet
  • Check and monitor your credit/bank report
  • Seek Advice - if you are unsure, talk to a computer security company like
  • Symantec, Trend Micro, Sophos, Kaspersky, McAfee, etc.

GLOSSARY

  • Spam – Unsolicited e-mails, sent in batches of 10,000s or 100,000s, using spamming tools available on the web.
  • Phishing – Criminally fraudulent process of attempting to obtain sensitive
  • information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
  • Malware – Malicious computer program or code written to steal user information and passwords.
  • Trojan – Malware that automatically download themselves (when launching infected web pages or opening spam e-mails) allowing hackers to take control of victim computers to launch attacks on other computers or networks.
  • “Smishing” or “vishing” – Fraudulent SMS message sent to your cellphone or
  • automated voice response call to your cellphone/landline phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable
  • information—like a bank account number, PIN, or credit card number—to fix
  • the problem.

Comments (13)

  1. Added 06:30 February 4, 2011

    Use Firefox with Adblock Plus to keep your browser free of ads which is the biggest reason of malware and spyware.

    Anonymous, Ajman, United Arab Emirates

  2. Added 18:10 February 3, 2011

    A lot of these scams are related to mobile recharges. Where does the money go from the scammers’ mobiles? In some places, people offer mobile credits for nominal charges (recharge with Dh5), usually from a street vendor. Is the source of the money in these mobiles bogus? Are these amounts scam or taken from stolen mobiles?

    Anonymous, Dubai, United Arab Emirates

  3. Added 14:54 February 3, 2011

    There were fraudulent transactions on my ADCB credit card on January 29. All transactions -- Dh500, Dh 500, Dh 500, Dh 500 and Dh 250 -- were made to du. A total of Dh2250 was transacted from my card. I have signed the dispute forms.

    Basker, Sharjah, India

  4. Added 10:33 February 3, 2011

    I lost Dh2,000 from my Mashreq Bank account. The transactions -- in multiples of Dh500 -- were made to an Etisalat number. I never use Internet banking. We have seen unauthorised people near major hypermarkets in Ajman offering mobile to mobile recharge credit transfers. They might be linked to this scam.

    Shaji, Ajman, United Arab Emirates

  5. Added 10:11 February 3, 2011

    Avoid online banking/payments. Visit your bank for all kinds of transactions. Even if you install good anti-virus or anti-spyware software to protect your computer, hackers can still find a way to hack your system.

    Travis, Abu Dhabi, United Arab Emirates

  6. Added 09:41 February 3, 2011

    My Mashreq account was hacked in a similar manner. On November 10, 2010, I lost Dh 3,500. I lodged complaints with the bank and police too. Seven transactions of Dh500 each were made to an Etisalat recharge number. That night I received two messages on my mobile on the transactions. I immediately blocked my internet bank account by calling Mashreq’s customer care number. However, the next morning I was shocked to see the statement. Even after blocking my net account, five more transactions were made. Since November 10 to date, no action has been taken. The bank is still investigating. Why is this happening with Mashreq accounts only? I have not heard of any other bank account being hacked. I am still waiting for Mashreq’s reply. The bank must return the Dh2,500 to me as I lost this amount after I blocked my account.

    Anonymous, Sharjah, United Arab Emirates

  7. Added 08:17 February 3, 2011

    I am surprised to read about the mobile recharge scam. Isn’t it easy to trace the mobile numbers that were recharged and the owners of these SIM cards?

    Anonymous, Dubai, United Arab Emirates

  8. Added 07:27 February 3, 2011

    I have also been a victim of a similar scam. I went on vacation on November 20, 2010, and returned on December 21, 2010. When I received my monthly credit card bill, I discovered Dh2,000 was missing from my card. Four transactions of Dh500 each were made against four different mobile numbers. I lodged a complaint with the bank but I have not received any favourable reply to date.

    Zeshan Haider, Sharjah, United Arab Emirates

  9. Added 07:20 February 3, 2011

    There are few things that are worth noting in the UAE: 1. While using credit cards for shopping, no pin numbers are required. This gives easy access to the criminals to copy card details. 2. In most outlets, the credit card is collected from the customer and is swiped by the shop employee or supplier. Mostly, this happens in the absence of the card holder. I have a suggestion to make: All credit cards must require pin numbers for any transactions and must be equipped with chips. Hence, there must be a system in all outlets where customers can swipe the card and punch in pin numbers themselves, like in other countries.

    Sundar, Oslo, Norway, Norway

  10. Added 06:56 February 3, 2011

    I was once a victim. My Mashreq credit card was used to purchase Emirates and Gulf Airlines tickets totalling around Dh20,000. Both the transactions were made on the same day. When the bank called for verification, I denied the purchase. And the transaction was reversed.

    Anonymous, Dubai, United Arab Emirates

    11. View more comments

More from UAE Crime

  1. Two women jailed for seven years for smuggling

  2. Clerk stabbed while trying to break up fight

  3. Maid sentenced to death for murders

  4. Twitter assault defendants fined Dh5,000 each

All articles in Crime

More from UAE

XPRESS
Popular in UAE

More from UAE

Crackdown

Passports seized in Dish TV crackdown

Dubai airport

Swords, knives, fake guns seized in Dubai

India-Pakistan

New visa rules thrill cross-border couples

Community Reports

More from Community Reports

Latest news

Video

In the lanes of Deira Spice Souq

Gallery

A pick of the best pictures taken by readers