Earlier this year, the UAE Banks Federation (UBF), Central Bank of the UAE (CBUAE), and Abu Dhabi and Dubai Police joined forces to launch the country’s first large-scale national fraud awareness campaign. The initiative was rolled out during the UAE National Sterlisation Programme, with larger numbers of residents turning to digital banking as they stayed home to help flatten the coronavirus curve. The ongoing awareness campaign’s primary aim is to educate consumers about the UAE’s most common cybercrime and fraud techniques.
“The fraud awareness campaign, underscored by a series of interactive and educational materials, is aimed at informing consumers about the proliferation of phishing activities while enabling them to stay alert,” said Abdulhamid Saeed, Governor of the CBUAE, in the press release announcing the news.
Here GN Focus profiles eight types of fraud you need to watch out for in the UAE.
1. Email
What is it? An email, purportedly from the UAE Central Bank, with an alarming message: Your debit card and bank account are now frozen due to “security reasons”. It also contains an urgent call to action, pushing the reader to dial a mobile number within 24 hours to reactivate their account. The person picking up will ask for details of your account for “verification purposes”. Alternatively, there may be a link present that takes you to a form, where you are asked to type the information in. The mail, which may include the Central Bank’s logo, may have these contents in an attached PDF.
An email, purportedly from the UAE Central Bank, with an alarming message: Your debit card and bank account are now frozen due to “security reasons”. It also contains an urgent call to action, pushing the reader to dial a mobile number within 24 hours to reactivate their account. The person picking up will ask for details of your account for “verification purposes”. Alternatively, there may be a link present that takes you to a form, where you are asked to type the information in. The mail, which may include the Central Bank’s logo, may have these contents in an attached PDF.
Tip: Call your bank using one of the registered numbers on its official website. They will be able to tell you if your account or card has been frozen.
2. Lottery
What is it? This usually takes the form of an image sent from an unregistered number via WhatsApp. There will be a large logo at the top, typically of a hypermarket or major UAE retailer, followed by a message informing you that you have won a large cash prize. The message will then direct you to contact a mobile number and share personal finance details such as your account number. Two years ago, fraudulent messages bearing the logo of LuLu hypermarket were so prevalent that the retailer took out ads in national newspapers warning residents about the scam.
Tip Mark the message as spam and delete.
3. ATMs
What is it? Thieves employ a number of devious tricks at ATMs. They may strategically place a tiny camera facing the machine’s keypad in a bid to record your hand typing in your PIN. Another technique sees the thief place a false keypad, which records your PIN, on top of the real thing. Once you’ve concluded your business at the machine, the false keypad is removed. Finally, fraudsters may attach a device on top of an ATM’s card slot. When you put your card in, it scans both sides of your card to memory, giving the scammer the number, expiry date and three-digit security code.
Tip Before putting your card in, take a close look at the ATM on your next visit. Is the keypad fixed into the machine and easy to hide with one hand? Is there a removable object around the card slot? Always be aware of your surroundings.
4. SIM swap
What is it? This technique works using mobile phone-based authentication, a process your bank uses when you want to pay for something online from a previously unused website or app. After you’ve input your payment details and hit order, the bank will SMS a one-time password (OTP) to your registered mobile number. SIM swappers try to play the system by contacting the victim’s mobile service provider and, using personal information gleaned from social media and other sources, impersonates the victim by answering security questions. The fraudster reports the phone as lost and requests activation of a new SIM card, which is in the fraudster’s possession. Then, using your email address, they will request a new password through OTP, which then gives them access to the account.
Tip: If you find your phone suddenly has no coverage, contact your service provider and check what the problem is. Never share the answers to your security questions with a random caller, and read your bank statements regularly.
5. Magic ink
What is it? Unlike the other fraud types on this list, magic ink fraud requires a personal touch. After inviting their target out for a coffee in the guise of a banker, the fraudster will present them with pre-filled forms and paperwork for a new credit card or personal loan, as well as a cheque that requires the victim’s signature. However, the writing that’s already on the cheque is no ordinary ink — it vanishes once the paper is heated to a particular temperature. The scammer now has a blank cheque with the victim’s original signature to do with as they please — and with their account details, they know exactly how much they’ll be able to withdraw from an account.
Tips: Always request a proper look at a financial representative’s official ID. Sign and fill out forms using your own pen. Contact the bank prior to your appointment to verify the person.
6. Fund transfer
What is it? In a bustling trading hub such as the UAE, businesses tend to deal with suppliers and clients from all over the world, primarily via email. It’s important to heed caution before clicking links in suspicious mails, as malware may be surreptitiously downloaded to your PC or smartphone. This may give hackers access to your screen and keystrokes, which they can then use to find out supplier information and create impostor accounts. The fake account will get in touch with the victim and ask them to send payments to a new bank or number.
Tip Look carefully at the email address when you receive a mail requesting a new payment avenue. Is it slightly different? If not, get in touch with the person to check whether they have indeed asked you to change the means of payment — it could be that their email has been hacked and they are unaware of the message.
7. Phone fraud
What is it? Also known as voice phishing, or vishing, this happens when you get a call from a person claiming to be employed by your bank. They will ask some personal information under the cover of security questions to try and glean responses to your account’s security questions. They may tell you that an Emirates ID or debit/credit card has been temporarily blocked. Alternatively, you may receive an automated robocall requesting that you type in details such as card number, expiry date and security code.
Tip: Don’t tell them anything. Hang up, and get in touch with your bank via its official call centre to check whether any cards or accounts have indeed been frozen.
8. Data privacy
What is it? A breach of personal information such as your Emirates ID number, passport details, mother’s birthday or maiden name, and sensitive data such as debit/credit card numbers, ATM PIN or your bank account details.
Tips: Review the personal details you have shared on social media platforms — including ones you barely use — and remove phone numbers and dates of birth; periodically change your passwords, ensuring they are strong and complex; avoid using public Wi-Fi for accessing digital banking or other sensitive data; use an antivirus software on your PC; avoid downloading apps from unknown or unverified sources; and ensure your phone has the latest security updates.
