Dubai: On December 7, 2010, Dubai-based Indian businessman Kannaiyan Shankear lost Dh10,000 in phone re-charge transactions on his Mashreq Bank account while he was sleeping.
The 20 recharges worth Dh500 each were credited to different mobile numbers which went ‘dead' the following morning.
On December 17, Peter Troiano, an American professor in Fujairah, lost Dh2,000 in a similar mobile phone recharge scam.
Two months earlier, in September, Al Ain resident Sunil Mohammad lost Dh2,000.
Dubai resident M. Nadeem Siddiqui lost Dh3,000 when his credit card was hacked to recharge du telephone numbers. The list of UAE residents who have lost their hard-earned money to phishing gangs in recent times goes on. Not surprising, considering cybercrimes account for a staggering 70 per cent of all crimes in the UAE.
In Abu Dhabi alone, 235 cyber-crimes were registered in 2010 — a stark contrast to 2007 when only three such cases were reported.
Every day, 80 million spam messages targetted UAE residents last year, said computer security firm Trend Micro.
Russian computer security company Kaspersky said 56 per cent of cyber attacks within the region are directed at the UAE.
Phishing is not only escalating in the country, it's also getting more sophisticated, say experts who reckon that phishing gangs may have netted millions from not just PC but Mac users too.
People in the Gulf have lost an estimated Dh735m to cyber criminals in 2007 alone. In 2009, the Telecommunications Regulatory Authority (TRA) recorded 51 cases of cyber attacks targeting the UAE's IT infrastructure, prompting the agency to issue warnings about their "devastating" effect.
Last December, scores of unsuspecting bank customers were directed to websites they believed to be secure, divulging confidential login credentials in the process.
Some time back, internet security firm Symantec reported a ‘major attack' against a UAE bank. Around the same time, Dubai Police arrested a man who blackmailed women by hacking into their e-mail accounts and stealing their pictures. They also nabbed a hacker who siphoned off money from a financial company.
Major Saeed Al Hajiri, Director of Electronic Crimes of Dubai Police, said his department was trying to raise awareness of cyber-crimes like forgery and hacking. The Interpol, meanwhile, lists financial fraud among the top cyber-crimes in the Gulf region.
The TRA said phishing e-mails are the most pervasive cyber attacks hitting those having little knowledge of online security.
TRA's emergency arm, aeCERT, blocks websites through the local internet service providers and works with Anti Working Phishing Group (APWG).
TRA's Cyber-crime Litigation Guide defines various types of cyber-crimes and related evidence material such as hard disks, e-mails, files, mobile phone records, RAM and cache memory, digital photographs and multimedia content.
The challenge is not lost on judicial authorities.
Justice Minister Dr Hadef Jua'an Al Daheri last year proposed the creation of a new section dedicated to tackle cyber-crime cases. "Cyber-crime does not just affect individuals but it is increasingly becoming a huge security threat to governments, public departments as well as private institutions worldwide," he told a conference.
Dubai-based lawyer Haroun Tahlak said most cyber crime cases are related to online theft. "People fall into phishing traps even if they are educated or well informed. I think there needs to be a serious awareness (drive) against cyber crime. People need to be taught how to protect their money online."
Dubai Police, who have set up a dedicated department to solve high-tech crimes, said cross-border cooperation is the key to bringing cyber criminals to justice. Most cyber criminals launch their attacks from outside. But there are signs the threats come from within too, states Symantec.
In this cat-and-mouse game, little is known about the perpetrators.
"The UAE and the Gulf is in the cross hairs of cyber criminals," said Omar Djani, director for systems engineering, emerging markets at Symantec. "The origins of what seems to be home-grown threats are hard to track as it is possible that UAE's networks are unwittingly being take over as a launch pad by cyber criminals from outside."
The country ranks 36th in the world for being a source of malicious internet activity. Within the EMEA (Europe, Middle East and Africa), the UAE ranks No 18 for being a source of malicious activity, said Djani. "It's difficult to tell whether an attack originates from the UAE or outside.
"We know it originated from the UAE, but we can't tell if it's someone from within or outside, controlling a ‘botnet' here." For the uninitiated, a botnet is a robot computer that runs on its own. "Infected botnets - laptops or servers - go by the hundreds in the UAE," said Djani, adding this highlights the information security "deficit" in the Middle East.
Experts believe the phone recharge scams may be funding "underground economies" which exchange money via channels such as internet shopping sites or to finance a whole chain reaction of future scams.
Spam and phishing e-mails are a low-cost-high-returns activity.
"The scale and reach of spammers is growing because now it can be done with easily accessible tools on the net," said Djani.
He said financial institutions are partly to blame. "The onus is on the financial institutions to educate customers and raise awareness. I don't think they are doing enough," he said. "They (banks) are not getting the message across. It's as simple as ‘Do not ever give your user name and password or credit card information unless you initiate the contact."
Dh121,000 was swiped from the account of Pravin Bakliwal, a 51-year-old Indian resident of Dubai in a phone recharge scam. Another Dh7,500 was charged to his credit card for a total of 135 phone recharges.
Bakliwal said the amount was actually earmarked for his son’s education. The amount was taken incrementally at Dh500and Dh1,000 per transaction. The father said he never used the direct debit service and recharged his mobile through a pay-as-you-go scheme. He took an extended leave to dispute the transactions but his employer fired him.
P. A. Savad, a car rental agent, lost Dh38,500 from his account in a similar scam. Savad, an Indian, swears he did not reply to unsolicited e-mails, nor did he recognise any of the phone numbers on his statements.
Mahmoud Mohammad, of Abu Dhabi, found that Dh27,500 had disappeared
from his account in a phone recharge scam. None of the 40 numbers that appeared on his bank statement worked when he called them. The Indian PR officer faces Dh1,200 in bank fees and has filed a case with the Abu Dhabi Judicial Department. He lodged a formally complaint with his bank to dispute the transactions, but the banks’ customer care staff told him the bank was not obligated to give a refund.
TYPES OF CYBER ATTACKS
- COMPROMISED ACCOUNTS – where an e-mail or online bank account has been taken over by hackers
- E-MAIL ABUSE – Sending spam (massive amounts of unsolicited e-mail), offensive or fake e-mail, and e-mails that propagate malicious (malware) codes
- COMPROMISED WEBSITE - Defacement or phishing
HOW TO AVOID E-CRIME
- Don’t scrimp on computer security. Use anti-virus software, keep it up to date and use spam filters
- Update security patches, operating system and web browser; Use a personal firewall
- Use a mix of letters and numbers for your password and change them often.
- Don’t use words from the dictionary
- Do not open or click on any unknown e-mail attachment; never click on hyperlinks within e-mails. Instead, copy and paste them into your browser
- Always look for “https://” and padlock on web sites that require personal
- Keep your computer clean from spyware
- Educate yourself of fraudulent activity on the internet
- Check and monitor your credit/bank report
- Seek Advice - if you are unsure, talk to a computer security company like
- Symantec, Trend Micro, Sophos, Kaspersky, McAfee, etc.
- Spam – Unsolicited e-mails, sent in batches of 10,000s or 100,000s, using spamming tools available on the web.
- Phishing – Criminally fraudulent process of attempting to obtain sensitive
- information such as user names, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication.
- Malware – Malicious computer program or code written to steal user information and passwords.
- Trojan – Malware that automatically download themselves (when launching infected web pages or opening spam e-mails) allowing hackers to take control of victim computers to launch attacks on other computers or networks.
- “Smishing” or “vishing” – Fraudulent SMS message sent to your cellphone or
- automated voice response call to your cellphone/landline phone saying there’s a problem with your bank account. You’re given a phone number to call or a website to log into and asked to provide personal identifiable
- information—like a bank account number, PIN, or credit card number—to fix
- the problem.