Dubai: After a series of reported victims of online fraud in the country, UAE-based Emirates NBD warned customers to stay vigilant and double-check the source before clicking on any links and/or attachments.
The bank released a statement to this effect in response to a customer query reported by Gulf News wherein a bank customer lost thousands in an online scam.
Valid email ID, invalid link
Ramakrishnan Subramanyan (45) told Gulf News in a telephone interview that hackers had robbed Dh6,511.92 from his account after he followed a link sent from a valid email address from the bank.
The link – https://emiratesmbd.ru/green.php however was not legitimate – which Subramanyan did not realise at the time.
“I believed it was a genuine address as it came from the bank email [address].”
The bank on its part sent a detailed response to Gulf News to raise awareness to its readers.
“We urge customers to be highly vigilant and always check the source before clicking on any links or attachments in e-mails. Emirates NBD would never ask you for your personal details such as account number, online or mobile banking credentials, and or debit or credit card details such as username, password, PIN or the three-digit CVV number,” the email statement read.
“Basically I was trying to update my CIF number for my credit card. The CIF ID for my savings account had been updated, however not for my credit card. I found this out when I was trying to call the call centre of the bank to check on a transaction on my statement. I was not able to get my PIN verified. Since the pin was not being verified I decided to go to the branch and get it done.”
For the uninitiated, a CIF ID is the middle 8 digits of your account number with the bank.
Subramanyan said he went to three different branches of the bank to update the CIF ID. Unfortunately this was not done.
"On May 18, I went to a branch in Al Souq, Bur Dubai. The manager there advised me to go the Al Souq branch in Deira where the issue would be resolved. Three days later I received a call from a branch staff who informed that a link will be sent to my email address to merge all my CIF IDs”, he said.
On May 20 Subramanyan received a link from the email address - firstname.lastname@example.org.
“Upon clicking the link https://emiratesmbd.ru/green.php, I entered my password and answers to my secret questions," said Subramanyan, who works as a sales professional for a private company in Dubai.
"Following this, I received an authentication code. Apparently the site was fraudulent — it captured all my details and modified my mail ID as can be seen in the attachment.
"After this, they set up a smart pass in my account by using my details and transferred the money. I thought the link was genuine as it came from a genuine email address,” said Subramanyan.
"I immediately complained to the bank after receiving the transfer message by calling the call centre - complaint number - 130561015118,"
“What worries me is that all through the transaction, I was getting authentication code. I also got an SMS that my smart pass was created. After few minutes. I got another SMS that my smart access was deactivated.
Subramanyan has filed a case with Dubai Police (2191000027174. He also took up the matter with Central Bank of the UAE, however the regulatory authority said the 'complaint registered is not acceptable' as it does not fall under its purview.
The online scam victim has registered a case with the bank itself and he said the risk department was looking into his case.