Bank fraud: UAE resident loses Dh171,000 to criminals in 15 minutes

People must be vigilant and never share one-time passwords or bank account numbers with anybody, experts warn

Banking fraud calls asking customers to update their know-your-customer details are increasingly common. Getty Images
Powered by automated translation

Consumers in the UAE are being urged to remain vigilant after a recent spate of telephone bank fraud schemes, as criminals increasingly find sophisticated methods to trick people to give their personal details and steal their money.

UAE resident GS, who has requested to remain anonymous, had Dh171,000 ($46,562) stolen after receiving a call at 1pm on January 20 from a new number that showed the name of his bank.

“The person said he was calling from my bank’s Know Your Customer department and wanted to update my Emirates ID in the system to comply with financial regulations,” the 39-year-old from France told The National.

“They asked me to confirm my date of birth as a security feature and for the last few digits of my account number. I wasn’t too worried because I thought it wasn’t possible to do anything with just my account number.”

A KYC check is the process of identifying and verifying a customer's identity when opening an account or updating it when their documents have been renewed, such as their passport, work visa or Emirates ID.

It is a mandatory process under the UAE's anti-money laundering regulations.

During the phone conversation, the fraudster dropped hints to convince GS of his credentials.

The criminal shared a picture of a bank employee’s ID card, said the conversation was being recorded and also sent a fake SMS from Dubai Police, which later turned out to be a one-time password, to convince GS that he was genuine.

The victim was sent a one-time password (OTP) from his bank’s KYC portal. He also received another automated call allegedly from his bank asking him to rate his interaction with the account manager.

The fraudster managed to retrieve GS’s phone banking username and reset his password.

There has been an increase in the amount of fake emails, bogus calls and text messages aimed at tricking people into sharing their personal details and stealing their money.

Despite more than half of respondents (61 per cent) in the UAE claiming to be savvy enough to sidestep online and phone fraud, the reality is that nine in 10 are likely to disregard the warning signs that suggest online criminal activity, according to Visa’s annual Stay Secure survey released in December.

About 54 per cent of people in the UAE have been a victim of fraud at least once, compared with the global average of 52 per cent, the study found.

How criminals use technology to scam victims – in pictures

Even more alarming is that 17 per cent of victims in the Emirates have been conned by fraudsters several times, against a global average of 15 per cent, according to Visa.

In the UAE, cyber crime costs $746 million a year and involves more than 166,000 victims, according to research by UK consumer watchdog Comparitech.

Experts from cybersecurity company Kaspersky warned against banking fraud schemes aimed at people in the UAE in a note last year.

Cyber criminals have been increasingly posing as prominent banks, exploiting the element of fear in people and compelling them to divulge financial and personal information through various tactics, the company said.

Phishing emails have been a common mode of attack used by cyber criminals to fool people. Other similar requests that often appear to be urgent and are exploited by criminals include suspension of transactions and compliance with the UAE Central Bank, it added.

“They transferred Dh53,000 from my current account to my savings account, got approval for a cash advance worth Dh75,000 on my credit card and also took a loan on my credit card for Dh33,000,” GS said.

“All this money was moved to my current account and transferred to two external accounts, which they added as beneficiaries. They emptied the current account of Dh171,000. Everything took place in less than 15 minutes.”

The fraudsters made sure GS was busy writing down reference numbers during the call so he wouldn’t check his phone to see transaction details.

He was asked to approve transactions by sliding a bar on his phone and using his finger to authenticate them. However, he did not receive any OTPs or text messages.

“The guy was very calm, composed and friendly. He was acting like a real relationship manager, taking his time and there was no rush. I should have been less naive,” GS said.

He has now filed a police complaint and raised the issue with the Central Bank to retrieve his money.

Emirates NBD, Dubai's biggest lender by assets, launched a UAE-wide safe banking campaign in November after reports of customers being the targets of fraudsters.

Themed #IWillSurvive, the campaign aims to raise public awareness of cyber security and encourage customers to take action and actively report fraudulent activity or attempts, so that more people are aware and remain vigilant.

Emirates NBD, Abu Dhabi Commercial Bank and HSBC had yet to comment before publication.

Banking fraud calls asking customers to update their KYC details are increasingly common, warned Ambareen Musa, founder and chief executive of financial literacy start-up Yabi by Souqalmal.

“No one, including your bank or police, will ever ask you to verify through OTP, so if you receive a call from your bank asking you to go into your banking app to give them your OTP or code, this is a scam. Hang up the call,” she said.

“To make you believe them, they ask you to confirm your account number, but only the last three digits.

“The beginning of your IBAN number is generic as it represents the bank and the location, so anyone can know it. The last few digits of your IBAN is your account number, so if anybody asks you to confirm the last few digits of your account number, that means you are giving away your bank account number.”

Fraudsters have become sophisticated and are using other means to acquire half of a person's information to get them to verify the remainder, she warned, as she called on people to be extremely careful.

“We have had three Yabi team members getting calls from their bank supposedly asking them to update their KYC in the last three days. They were all fake calls, but they do not sound fake at all,” she added.

“Banks should come together to spread awareness to prevent such financial crimes.”

Updated: January 28, 2024, 4:23 AM