Rupinder Kaur Dhanjal complains of a bank fraud that took place in May this year. Image Credit: Clint Egbert/Gulf News

Dubai: A Dubai resident is crying foul over the loss of Dh42,000, which she had kept aside to pay her rent but was stolen by a fraudster to buy smartphones in the UK.

Kenyan national Rupinder Kaur Dhanjal got the shock of her life on May 2 when she read a series of SMSs that said Dh42,032.08 had been siphoned from her Emirates NBD account via telegraphic transfer.

Before the transfer was done, the fraudster had activated her Smart Pass, Emirates NBD’s new digital banking security feature that serves as a secure replacement of the SMS Authentication Code. When bank clients wish to transact online, they need to enter the Smart Pass or token to authorise these transactions without having to wait for the SMS authentication code.


bank fraud cases in Dubai in last three years, according to Dubai Police

The Smart Pass was introduced following a series of SIM swap frauds where conmen would get replacement SIM cards to intercept SMS authentication codes and fraudulently transfer funds.

Dhanjal, 50, a commercial manager in Dubai, said: “I was shocked. I had not done this transfer. I immediately called the customer service but it took me four minutes to get through. I told the agent to block the transaction as I did not ask for a transfer. I told him, ‘Stop it! Stop it! Stop it!’ That money was for my rent that was due the day before. Can you just imagine, it felt as if there was no ground beneath my feet. I was really in a panic.”

Dhanjal rushed to the bank and to the police station to file a complaint. Based on bank documents, Dhanjal’s money was transferred to a bank in the UK “for iPhone order”.

Armed with evidence of the bank fraud, she elevated her complaint with the UAE Central Bank on June 9.

Bank says it is a case of cyber attack

When contacted, an Emirates NBD spokesperson confirmed that the incident took place and they are in touch with relevant authorities investigating the case.

“After a thorough investigation of the circumstances associated with this particular incident, there appears to have been a cyber attack on the customer by a fraudster whereby confidential personal information and online banking log-in credentials of the customer were compromised and used to carry out fraudulent transactions,” the spokesperson said.

“The information could have possibly been obtained by the fraudster through a vishing/phishing attack. Emirates NBD’s systems have at no point in time been compromised.”

“Emirates NBD takes cybersecurity and fraud attempts on our customer accounts very seriously, and investigate and address security-related concerns with the highest priority in close cooperation with the UAE’s law enforcement authorities.”

In June, Dubai Police said more than 800 bank fraud cases were reported in the emirate over the last three years.

Emirates NBD that same month partnered with Dubai Police for their #SecureYourAccount ad campaign alerting UAE customers to be more vigilant and to not share their bank details with anyone.

Dhanjal, however, maintains she did not share her details with anyone. More than two months on, she has yet to recover her money.

“I am in real distress and have exhausted all my sources now and need help,” said Dhanjal, a single parent.

“We can understand the distress this has caused Rupinder Kaur Dhanjal and as she has reported the crime to Dubai Police. We urge her to follow up on the status of the investigation with Dubai Police. We are extending our full collaboration to Dubai Police and other law enforcement and government agencies on this issue as always,” an Emirates NBD spokesperson said.

Dhanjal said she constantly checks for updates with Dubai Police. She was recently told that her case is going to be referred to the Public Prosecution. Her main concern, however, is to recover her money.

Common forms of attacks

Phishing: A way to obtain personal information using deceptive emails and websites.

Vishing: This is the telephone equivalent of phishing where a person uses the phone to acquire information from a victim.

SMiShing: Another form of phishing where someone tricks a victim to reveal confidential information via text or SMS.