Dubai: An American academic got a rude shock when he woke up from sleep to see four SMS's stating that recharge transactions worth Dh2,000 had been done from his MashreqOnline account.

Peter Troiano, a Californian who teaches at a college in Fujairah, was horrified to see the messages on December 17, showing recharge transactions worth Dh500 each went to four different mobile phone numbers in the UAE. "I saw four messages from Mashreqbank stating that I paid Dh500 to etisalat in four separate transactions. The first message was at 23:36:06; the second message at 23:36:42 (on December 16); the third at 01:24; the fourth message at 01:59 (on December 17). My phone was shut off during these hours."

Troiano said he lodged a complaint with the bank as soon as he switched on his phone at about 1:30pm on December 17.

But it was too little, too late.

On January 5, Troiano received a notice from the bank dated December 21, 2010 stating that Troiano's valid user name and password were used. "These transactions were carried out using the customer's valid ID and password and therefore they are considered as authorised by the system," the bank said in a statement.

Mashreqbank said their online banking is safe. "We constantly advise customers never to share personal details or respond to e-mails, including those purporting to be from financial institutions. Furthermore, we advise that access to MashreqOnline banking should only be made through"

At least five cases of similar "phishing" raids - scams in which victims are waylaid to a false website where they are asked for their user name and password - had been reported in the UAE over the past few months.

Last week, XPRESS reported how Dh10,000 was deducted from the account of an Indian businessman in 20 etisalat re-charge transactions on December 6 and 7. Another victim reported losing more than Dh100,000 in one hit.