1. Sim Swap
A popular technique employed by fraudsters, SIM swapping relies on mobile phone-based authentication. Phone authentication is a process your bank uses when it sees you attempting to pay for something online from a website or portal you hadn’t used previously. The bank will text a one-time password (OTP) to your registered phone number. SIM swappers take advantage of this process, also called two-factor authentication, by contacting the victim’s mobile provider and, using personal information gleaned from social media and other sources, impersonates the victim by answering security questions. The fraudster reports the phone as lost and requests activation of a new SIM card, which is in the fraudster’s possession.
TIPS: Contact telecom operator in case of a network outage; register a complaint if they confirm no outage or you receive notification of a new SIM card being issued; check statements regularly; and never reveal answers to your security questions.
A combination of the words voice and phishing, vishing occurs when you receive a call from someone claiming to be from your financial services provider. The fraudster may then pose a series of security questions in order to trick you into revealing personal information. In terms of technique, this is essentially the same as phishing – the only difference being the medium of a phone call versus an email or text message. In the UAE, a visher may tell you that your debit card or Emirates ID has been blocked. Vishing calls may also come from pre-recorded messages claiming to be from your bank, which then ask you to type in information such as your credit-card number, along with the date of expiry and three-digit verification code.
TIPS: Never respond to warnings that require imminent action on your part – call your bank’s call centre instead; be judicious about sharing your contact number online; and never share passwords, PINs or OTPs over the phone.
This is a relatively recent word – Oxford English Dictionary dates it to the 1990s. The dictionary defines the term as: “The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit-card numbers.” Such emails will often state that there’s an issue with your account or payment details. They’ll request an action such as confirmation or sharing of personal data, bank account number or other information.
According to data and email security provider Mimecast, 94 per cent of UAE organisations experienced phishing attacks from May 2018 to 2019.
TIPS: Enable spam filters on your email account; don’t respond to unsolicited messages from your bank, just call them; review account and card activity regularly; and avoid downloading or giving permissions to unknown apps.
4. Lottery scam
Longtime UAE residents may be familiar with this one. You get a call with some unbelievably good news — the caller informs you that you’ve won the “Etisalat” lottery. People have also reported poorly written WhatsApp messages claiming their name has been drawn in the so-called LuLu lottery. SMS is another common medium through which scammers attempt to fool victims.
These tend to be messages sent in bulk, and there’s always a catch — usually involving the payment of some amount of money to “unlock” your prize, or credit/debit card information.
TIPS: Never divulge sensitive information — such as PINs, credit- card details and OTPs — over the phone, email, text or WhatsApp; always call the organisation claiming to be giving the prize through their official number to verify; and if you do divulge sensitive information, alert your financial services provider immediately.