Five common types of bank fraud in the UAE

Even as the novel coronavirus continues to mutate into ever more dangerous forms, hackers and fraudsters have similarly stepped up their efforts to parting unsuspecting UAE residents from their money with financial scams. Several new variations on established dodges have made their way to the UAE this year, from cryptocurrency counterfeiters to Expo 2020 Dubai imitation rackets. As cybercriminals take advantage of the pandemic, global digital fraud attempts rose 149 per cent from January to April this year as compared to the previous four months, consumer credit reporting agency TransUnion reported recently.

Here’s how some of the latest scams have played out in the UAE over recent months and how to handle them. In all cases, if you’ve shared any confidential financial information, immediately report your actions to your bank and to the police.

1. The Emirates Post Email Trap

In March, Emirates Post posted on social media that fraudsters were sending fake emails in its name, asking recipients to reveal personal information such as passwords or bank details. It advised UAE residents not to respond to these emails.

This type of social engineering attack, called phishing, dupes victims into opening emails or SMS and text messages where they are asked to share confidential information. Such bogus emails may appear to come from banks, big-name brands or other organisations.

How to avoid it: Don’t open unfamiliar emails or text messages – the subject line is usually a giveaway, and email providers often mark emails as spam. If you do, flag the message as spam. Then disconnect your device from the internet and any networks it may be linked to and run an antivirus program. Then log on again and change all your password details.

2. The Fake UAE Central Bank Call

This month, authorities in Abu Dhabi warned of deceptive phone calls from hucksters pretending to represent the UAE Central Bank. The callers asked victims for their bank account details or having already obtained these through other methods, for One-Time Passwords. This is typical of vishing, a type of voice phishing call where victims are targeted with personalised communication messages. Other examples include calls from people pretending to be bank officers, lottery officials, Expo 2020 Dubai organisers or representatives of well-known brands.

How to avoid it: Don’t take calls from unfamiliar numbers. If you do, hang up immediately. Conduct an independent web search to verify the offer or issue and visit the organisation’s website.

3. The Dubai Coin Dodge

In May, Dubai’s government flagged up that the relaunch of Dubai Coin, a counterfeit cryptocurrency that was being peddled as a digital payment option online and in stores, which had no official backing. The cryptocurrency had been used for a trial in 2017 and later shelved, but in its new avatar it was an example of domain spoofing, a type of phishing attack where you click on what appears to be a legitimate webpage but is actually a malicious site. In this case, the scam drove the coin’s value from below $0.09 to $1.13 within two days. Similar fake domains purportedly represent Amazon, Google and even the UAE government.

How to avoid it: Watch for misspellings, look for the lock icon next to the website URL and only share the bare minimum. Triple check any emails that look like they’re from retailers, including courier and delivery notifications.

4. The Simple SIM Swap

Has your phone suddenly gone dead? Or perhaps you’ve lost your network? Your account could have been compromised by SIM card fraud, where a fraudster obtains a replacement SIM card of a registered mobile number and fake identity documents or information from social media. They then transfer money via online banking services or takeover your social media accounts. This sort of account takeover fraud has declined to almost zero since mobile providers now require customers to request a replacement SIM card in person with their original Emirates ID and fingerprint verification.

How to handle it: Contact your mobile provider, your bank and the police. From another device, log on to social media and any applications you may use and change your password.

5. The Covid-19 Cure Investment Con

Last year, the Central Bank of the UAE spoke of how coronavirus scammers were contacting residents via email, text messages, phone calls and home visits to discuss investing in a cure for the novel coronavirus, in a medical equipment production centre, in insurance protection or towards investments or charity. Such fraudsters asked for credit card details, cheques or funds in a form of outright theft.

How to handle it: Never provide cash, credit cards or personal information without verifying the details of the vendor. Check their trade licence and registration papers. If something sounds too good to be true, it probably is.