UAE bank fraud: Another resident loses Dh200,000 to criminals

Customers are increasingly coming forward to share their stories, as experts warn people not to respond to requests for personal account details

Customers should not share personal or financial information over the phone, experts warn. Getty Images
Powered by automated translation

UAE residents are increasingly coming forward to share their experiences of losing tens of thousands of dirhams to telephone banking fraudsters, to prevent unsuspecting victims from being tricked out of their hard-earned money.

Bank customers have contacted The National to describe how their accounts were emptied of significant amounts of money in a few minutes by fraudsters.

OP, from Latvia, who requested to remain anonymous, lost Dh200,000 ($54,458) from her UAE bank account at 5.30pm on January 24.

She received a call from a man who claimed to be from her bank’s Know Your Customer team.

A KYC check is the process of identifying and verifying a customer's identity when opening an account or updating it when their documents have been renewed, such as their passport, work visa or Emirates ID.

Watch: UAE's national fraud awareness campaign to curb email scams

UAE's national fraud awareness campaign to curb email scams

UAE's national fraud awareness campaign to curb email scams

“I assume this was an insider job because the person knew that my actual KYC details needed to be updated in the bank’s database, because I had recently moved from an employment visa to a golden visa,” OP told The National.

“He asked me to log into my online banking app and update my Emirates ID. This didn’t ring alarm bells since I was scanning my ID card myself on my registered mobile device.”

OP was then asked to share the last few digits of her IBAN for the bank to process her application and update the records.

The resident complied with the request because she thought the IBAN was publicly available information, and the fraudster wasn’t asking for confidential details such as her PIN or date of birth.

She was then asked to reinstall her banking app because, the fraudster claimed, the bank was updating its security protocols.

“I reinstalled the app and he gave me my log in details. He said the password had been reset,” OP said.

She received an email from her bank that a new device had taken control of her banking app and that a new login had been authorised.

“Within a matter of minutes, my savings account was depleted and money from my current account was transferred to a beneficiary, who I had not added,” she said.

“He also took a cash advance and withdrew the money. I received another email that my credit card had been added to Samsung Pay. The device registered with my bank account is an iPhone. He maxed out my credit card. I lost about Dh200,000 in total.”

Another UAE resident who spoke to The National on Friday reported a similar experience, losing Dh171,000 to KYC banking fraudsters in less than 15 minutes.

The growing adoption of financial technology and digital transactions in recent years has led to higher cases of financial fraud.

Cyber criminals have been exploiting technology to their advantage, making them more sophisticated and difficult to counter, opening up several avenues to launch their attacks on unsuspecting users.

More than 71 million attempted cyberattacks in the UAE were blocked in the first three quarters of last year, Dr Mohammed Al Kuwaiti, the head of the Cybersecurity Council, said in November.

The country was fending off more than 50,000 cyberattacks a day, he said.

Despite 61 per cent of people in the UAE claiming to be fraud-savvy, the reality is that nine in 10 are likely to miss warning signs of online criminal activity, according to Visa’s annual Stay Secure survey, released in December, which polled 5,800 adults in Central and Eastern Europe, the Middle East and Africa.

Fifty-four per cent of people in the UAE reported being a victim of a fraud at least once, with 17 per cent saying they had been conned multiple times, the study found.

In the case of OP, the fraudster reassured her that all her accounts would be restored to normal within 30 minutes. He then ended the call.

Although she called her bank immediately, she was told the investigation would take between 60 and 90 days.

“A few days later, I got a response from my bank’s fraud team, which said that all transactions had been conducted in a ‘safe environment’ for Samsung Pay and that I’m responsible for all these transactions,” she said.

How criminals use technology to scam victims – in pictures

She has also lodged a complaint with Dubai Police and the UAE Central Bank.

Meanwhile, KK, an Indian national in the UAE told The National that he received a similar call from a fraudster last week.

A woman, who claimed to be working in the customer service department of his bank, said she was calling to verify his account to prevent it from being cancelled.

She asked for his bank account number to verify that it was his, but he refused, and asked her to tell him the number instead.

“She said: ‘That’s not how it works.’ I said I am not comfortable sharing banking details with strangers. I said I would go to the bank and give it instead,” he said.

The fraudster threatened to close his account and cut the call.

“Despite this, I thought she was only asking for my account number and surely can’t do anything with it. It’s scary that mere bank account numbers are now enough for fraudsters to cheat us,” he said.

On its website, Emirates NBD, Dubai’s biggest lender by assets, warns customers to stay alert to suspicious calls claiming to be from the bank, the UAE Central Bank, the police, or others.

“Please do not share any personal information or bank details via phone or online, and do not click on any suspicious links sent by email, SMS, WhatsApp or through social media platforms,” ENBD said on its website.

The UAE Central Bank also states on its website that its name and those of its employees are sometimes used to create and promote different forms of fraud perpetrated by third parties.

“Some scams are attempts at identity theft, including fraudulent emails, faxes and copies of our website,” the regulator said.

“Emails or letters may propose various schemes, such as offering loans, investment opportunities or participation in financial transactions, and/or requiring an advance payment in connection with a transaction supposedly to be made through the CBUAE,” it added.

“These fraudulent materials use the CBUAE’s name, logo and address, or the names of our staff and management – all without CBUAE’s permission.”

The regulator warned customers to be alert and to confirm the authenticity of any emails or documents they receive claiming to be from the central bank.

It also urged people to ensure that all communications are legitimate and not to send money to any unauthorised individuals or institutions.

People in the UAE can report cybercrimes through the following channels: the Dubai Police eCrime website, the Abu Dhabi Police Aman service, at the nearest police station or they can call 999.

They can also file a complaint by calling the 800 CBUAE (800 22823) helpline or log on to the Central Bank website.

Nisreen Sabri, head of fraud management at HSBC UAE, said the bank “continually monitors emerging threats and cybersecurity trends, while working closely with regulators and other financial institutions to address such risks, protect our customers and the financial system”.

Customers should not share personal or financial information, she advised.

Legitimate organisations will not call, email or text to ask for your personal account details
Nisreen Sabri, head of fraud management, HSBC UAE

“Legitimate organisations will not call, email or text to ask for your personal account details. These include usernames, passwords, PIN codes, expiry dates or one-time passwords,” Ms Sabri warned.

She also urged customers to stop clicking on links or numbers in unexpected messages.

Only visit websites or dial numbers you know are trustworthy or verified.

When receiving an “urgent” email or message from any financial or service provider, respond on a telephone number you trust and not the one in the email or text message. Always read the entire email address carefully, she said.

“Block unwanted calls, texts and emails. Take steps to block unknown or suspicious numbers and email addresses,” Ms Sabri said.

“Take your time. Legitimate businesses will give you time to make a decision. When a message or caller pressures you to make payment, transfer or to share personal information immediately, it is a serious red flag for fraudulent behaviour or a ‘social engineering’ scam.”

Before taking any action on the basis of a suspicious or unusual request from a cold call or unsolicited email, tell someone about it like a friend or a family member you trust, she recommended.

“Talking about it could help you realise it’s a scam. Scam messages often use warnings or threats to try to make you act without thinking, so take your time to check,” she warned.

Last July, cybersecurity company Kaspersky issued a warning about the rise in banking fraud aimed at people in the UAE.

The fraud involves cyber criminals masking themselves as well-known banks, exploiting people's fears and coercing them into revealing sensitive financial and personal details through deceptive means, according to Maher Yamout, lead security researcher at Kaspersky.

To prevent falling victim to banking fraud, people must not click on a link in an email or reply to it, and take a closer look at the sender’s name and email address, Mr Yamout said.

“Ensure that two-factor authentication is enabled on the account. Hover over the link provided in the email as it will highlight a different website link that is not related to the bank,” he added.

“Also, look out for typos in the body of the email and subject line. When in doubt, always contact your bank to reconfirm the request.

“Moreover, install trusted antivirus software to help monitor your email box and block phishing attempts.”

Using complex and unique passwords for bank accounts and updating them regularly are also essential to protect against fraud, said Sergey Belov, head of banking systems security research at cybersecurity company Positive Technologies.

Many people use the same password for many services, which significantly increases the risk of accounts being compromised in the event of data leakage, he warned.

“Regularly check account statements for suspicious transactions and report them to the bank as soon as possible. Banks often have monitoring systems that help detect fraud, but your attention to your own accounts also plays a key role,” Mr Belov said.

“Scammers are constantly developing new ways to cheat, so it is important to be aware of current threats to better recognise and avoid them.”

How to stay safe from bank fraud

  • Do not share personal or financial information
  • Don’t use links or numbers in unexpected messages
  • Enable two-factor authentication to access your bank account
  • Only visit websites or dial numbers you know are trustworthy
  • Block unwanted calls, texts and emails
  • Take your time to make a decision
  • Stop and talk to someone you trust
Updated: January 31, 2024, 7:03 AM