Philip Currie received a text message on May 7 about an outstanding bill from his telecom provider, du.
Mr Currie, 49, from Britain, decided to pay the bill through du Quick Pay, as he did every month.
On his phone, he typed du Quick Pay into the Google browser and search results came up. He clicked on what looked like a sponsored ad for the page.
“It looked exactly like the du website, had the same sort of web address. Even when you clicked on it, it looked like the mobile version of du. I clicked on the link and it went to a payment page which looked identical to du Quick Pay,” Mr Currie recalls.
“I proceeded and entered my details, just as I have done many times. I've been in Dubai for almost six years and I've paid my monthly bill this way all the time.”
Despite entering his HSBC credit card details the first time, he did not receive a one-time password. He tried resending it. A pop-up window opened on his phone and he copy pasted the OTP in the website.
As soon as he entered the OTP, he started receiving messages about different payments worth thousands of dirhams each.
“I felt sick to my stomach. In hindsight, I wish I'd gone through my SMS messages and seen what charges were coming through and what the OTP was for, but I didn't because I thought I was on the du website,” he says.
He was charged $4,080, €3,500 ($3,810), €1,000 and $1,530 in four transactions in the space of a few minutes. “I thought they were going to clean me out,” Mr Currie says.
The UAE’s financial sector has recorded a surge in financial fraud in recent years. Advances in technology and an increase in online banking make it easier for fraudsters to exploit weaknesses, cybersecurity experts say.
There has been an increase in the number of fake emails, bogus calls and text messages aimed at tricking people into sharing their personal details and stealing their money.
Despite more than half of respondents (61 per cent) in the UAE claiming to be savvy enough to sidestep online and phone fraud, the reality is that nine in 10 are likely to disregard the warning signs that suggest online criminal activity, according to Visa’s annual Stay Secure survey released in December.
About 54 per cent of people in the UAE have been a victim of fraud at least once, compared with the global average of 52 per cent, the study found.
Mr Currie called his bank and immediately blocked his credit card. HSBC said it managed to block all transactions, except the one for $4,080.
The criminals had made a fake website for du Quick Pay and taken out a sponsored Google ad. “I've never been scammed before. It didn't have a random weird domain. It looked all legit to the eye,” he says.
He raised a dispute with HSBC and reported the link to Google as a fraudulent website. Although Google took down the website, a few days later, another set of fraudulent websites appeared, but with dodgy domain names, he says.
On inspecting the payment that went through, Mr Currie realised the merchant was Raseed Invest, a trading platform for the US stock market.
He went to the merchant’s website and chatted with an agent. He asked them to trace the perpetrator of the crime using the last four digits of his credit card and the exact amount deducted.
They refused to give this information but said if either his bank or the police contacted them, they would co-operate.
“I called up Dubai Police’s cybercrime unit. They promised to investigate if I get an official letter from the bank. You have to physically go to a bank branch and get a stamped letter. It's a little bit of red tape because time is of the essence,” Mr Currie says.
How criminals use technology to scam victims – in pictures
“I called my bank a few times to get updates. I told them I had not knowingly authorised this payment. I've never traded with this merchant before or made a purchase of this value. If you check my bank records in the past six years, the biggest purchase was probably only 50 per cent of this amount.
“Why didn’t the bank immediately block my card on that basis? Surely the bank has algorithms to detect potential fraud.”
He says he rarely uses his HSBC Visa card to make any foreign transaction, relying instead on a UK-issued credit card.
Mr Currie says his Lloyds credit card, when he was in the UK, would get blocked on many occasions when he tried to make a foreign transaction. The fraud team would call him to confirm the payment and then unblock the card.
“The OTP system that was set up a few years ago as a security measure is now a vulnerability. It's so easy for criminals to get the OTP and intercept it. I'm scared to make any purchases or use my mobile now,” he says.
Mr Currie, who has had an account with HSBC for 40 years, says the bank's dispute team sent him a "very impersonal email saying they have conducted an investigation and because I had given the OTP, they are closing the case".
When contacted, HSBC said the OTP secure payment system is designed to protect customers by confirming their consent before processing a transaction.
The bank reminded its customers of the importance of reading all text message notifications and OTP messages carefully before authorising any transaction.
HSBC launched a free Fraud and Cyber Awareness app two years ago to help users protect themselves against cyber attacks. The app can be downloaded from the Google Play and Apple App stores in the UAE.
OTPs are one-time use, numeric codes which are used to confirm your identity or approve genuine transactions you have made.
If you unexpectedly receive a one-time pass code, it may mean a fraudster is trying to use your card or access your accounts, the app warns.
Anyone who calls and asks for this pass code, even if they claim to be from the bank, is trying to scam you.
Du also advises customers to make payments via its app and website directly rather than through search engines.
“Du is proactively addressing cyber security by implementing various comprehensive measures to protect customers from bogus websites and cyber threats. The telco conducts regular public awareness campaigns to educate users about online dangers and safe internet usage, helping them recognise phishing attacks and fraudulent websites,” it says.
The company also invests in security to monitor and block suspicious activities, it adds.
Customers should regularly monitor accounts for suspicious activity and be cautious of phishing attempts, which are on the rise in the region and worldwide
Emad Fahmy,
systems engineering manager, Netscout
People should use secure channels for financial transactions and enable multifactor authentication whenever possible, says Emad Fahmy, systems engineering manager at cybersecurity provider Netscout.
“They should also regularly monitor accounts for suspicious activity and be cautious of phishing attempts, which are on the rise in the region and worldwide,” he says.
People should also keep devices updated with security patches, "use strong, unique passwords" and consider a password manager. "By following these steps, individuals can significantly reduce their risk of financial fraud."
Banks should use advanced threat detection solutions and lean on artificial intelligence and machine learning to identify and mitigate sophisticated cyber threats in real time and safeguard customers, Mr Fahmy recommends.
Implementing stringent access controls, encrypting data both in transit and at rest, and regularly updating security policies are also vital.
“Banks should also provide ongoing security awareness training to employees and customers and adopt continuous monitoring solutions for prompt incident response,” he adds.
How to avoid financial fraud
- Read all SMS notifications and OTP messages carefully before authorising any transaction
- Never share your OTP with anyone
- If someone calls and asks for an OTP, hang up immediately
- Make telecom payments directly through the app or website
- Avoid search engines and use secure channels for secure financial transactions
- Enable multifactor authentication for transactions
- Keep devices updated with security patches
- Use strong, unique passwords and consider a password manager
Mercer, the investment consulting arm of US services company Marsh & McLennan, expects its wealth division to at least double its assets under management (AUM) in the Middle East as wealth in the region continues to grow despite economic headwinds, a company official said.
Mercer Wealth, which globally has $160 billion in AUM, plans to boost its AUM in the region to $2-$3bn in the next 2-3 years from the present $1bn, said Yasir AbuShaban, a Dubai-based principal with Mercer Wealth.
“Within the next two to three years, we are looking at reaching $2 to $3 billion as a conservative estimate and we do see an opportunity to do so,” said Mr AbuShaban.
Mercer does not directly make investments, but allocates clients’ money they have discretion to, to professional asset managers. They also provide advice to clients.
“We have buying power. We can negotiate on their (client’s) behalf with asset managers to provide them lower fees than they otherwise would have to get on their own,” he added.
Mercer Wealth’s clients include sovereign wealth funds, family offices, and insurance companies among others.
From its office in Dubai, Mercer also looks after Africa, India and Turkey, where they also see opportunity for growth.
Wealth creation in Middle East and Africa (MEA) grew 8.5 per cent to $8.1 trillion last year from $7.5tn in 2015, higher than last year’s global average of 6 per cent and the second-highest growth in a region after Asia-Pacific which grew 9.9 per cent, according to consultancy Boston Consulting Group (BCG). In the region, where wealth grew just 1.9 per cent in 2015 compared with 2014, a pickup in oil prices has helped in wealth generation.
BCG is forecasting MEA wealth will rise to $12tn by 2021, growing at an annual average of 8 per cent.
Drivers of wealth generation in the region will be split evenly between new wealth creation and growth of performance of existing assets, according to BCG.
Another general trend in the region is clients’ looking for a comprehensive approach to investing, according to Mr AbuShaban.
“Institutional investors or some of the families are seeing a slowdown in the available capital they have to invest and in that sense they are looking at optimizing the way they manage their portfolios and making sure they are not investing haphazardly and different parts of their investment are working together,” said Mr AbuShaban.
Some clients also have a higher appetite for risk, given the low interest-rate environment that does not provide enough yield for some institutional investors. These clients are keen to invest in illiquid assets, such as private equity and infrastructure.
“What we have seen is a desire for higher returns in what has been a low-return environment specifically in various fixed income or bonds,” he said.
“In this environment, we have seen a de facto increase in the risk that clients are taking in things like illiquid investments, private equity investments, infrastructure and private debt, those kind of investments were higher illiquidity results in incrementally higher returns.”
The Abu Dhabi Investment Authority, one of the largest sovereign wealth funds, said in its 2016 report that has gradually increased its exposure in direct private equity and private credit transactions, mainly in Asian markets and especially in China and India. The authority’s private equity department focused on structured equities owing to “their defensive characteristics.”
More from Rashmee Roshan Lall
The%20specs
%3Cp%3E%3Cstrong%3EPowertrain%3A%20%3C%2Fstrong%3ESingle%20electric%20motor%0D%3Cbr%3E%3Cstrong%3EPower%3A%20%3C%2Fstrong%3E201hp%0D%3Cbr%3E%3Cstrong%3ETorque%3A%20%3C%2Fstrong%3E310Nm%0D%3Cbr%3E%3Cstrong%3ETransmission%3A%20%3C%2Fstrong%3ESingle-speed%20auto%0D%3Cbr%3E%3Cstrong%3EBattery%3A%20%3C%2Fstrong%3E53kWh%20lithium-ion%20battery%20pack%20(GS%20base%20model)%3B%2070kWh%20battery%20pack%20(GF)%0D%3Cbr%3E%3Cstrong%3ETouring%20range%3A%20%3C%2Fstrong%3E350km%20(GS)%3B%20480km%20(GF)%0D%3Cbr%3E%3Cstrong%3EPrice%3A%20%3C%2Fstrong%3EFrom%20Dh129%2C900%20(GS)%3B%20Dh149%2C000%20(GF)%0D%3Cbr%3E%3Cstrong%3EOn%20sale%3A%3C%2Fstrong%3E%20Now%3C%2Fp%3E%0A
Desert Warrior
Starring: Anthony Mackie, Aiysha Hart, Ben Kingsley
Director: Rupert Wyatt
Rating: 3/5
Tickets
Tickets start at Dh100 for adults, while children can enter free on the opening day. For more information, visit www.mubadalawtc.com.
UK’s AI plan
- AI ambassadors such as MIT economist Simon Johnson, Monzo cofounder Tom Blomfield and Google DeepMind’s Raia Hadsell
- £10bn AI growth zone in South Wales to create 5,000 jobs
- £100m of government support for startups building AI hardware products
- £250m to train new AI models
New UK refugee system
- A new “core protection” for refugees moving from permanent to a more basic, temporary protection
- Shortened leave to remain - refugees will receive 30 months instead of five years
- A longer path to settlement with no indefinite settled status until a refugee has spent 20 years in Britain
- To encourage refugees to integrate the government will encourage them to out of the core protection route wherever possible.
- Under core protection there will be no automatic right to family reunion
- Refugees will have a reduced right to public funds
THE LOWDOWN
Photograph
Rating: 4/5
Produced by: Poetic License Motion Pictures; RSVP Movies
Director: Ritesh Batra
Cast: Nawazuddin Siddiqui, Sanya Malhotra, Farrukh Jaffar, Deepak Chauhan, Vijay Raaz
AndhaDhun
Director: Sriram Raghavan
Producer: Matchbox Pictures, Viacom18
Cast: Ayushmann Khurrana, Tabu, Radhika Apte, Anil Dhawan
Rating: 3.5/5
Mohammed bin Zayed Majlis
The biog
Favourite books: 'Ruth Bader Ginsburg: A Life' by Jane D. Mathews and ‘The Moment of Lift’ by Melinda Gates
Favourite travel destination: Greece, a blend of ancient history and captivating nature. It always has given me a sense of joy, endless possibilities, positive energy and wonderful people that make you feel at home.
Favourite pastime: travelling and experiencing different cultures across the globe.
Favourite quote: “In the future, there will be no female leaders. There will just be leaders” - Sheryl Sandberg, COO of Facebook.
Favourite Movie: Mona Lisa Smile
Favourite Author: Kahlil Gibran
Favourite Artist: Meryl Streep
THE BIO
Family: I have three siblings, one older brother (age 25) and two younger sisters, 20 and 13
Favourite book: Asking for my favourite book has to be one of the hardest questions. However a current favourite would be Sidewalk by Mitchell Duneier
Favourite place to travel to: Any walkable city. I also love nature and wildlife
What do you love eating or cooking: I’m constantly in the kitchen. Ever since I changed the way I eat I enjoy choosing and creating what goes into my body. However, nothing can top home cooked food from my parents.
Favorite place to go in the UAE: A quiet beach.
Veil (Object Lessons)
Rafia Zakaria
Bloomsbury Academic
Black Panther
Dir: Ryan Coogler
Starring: Chadwick Boseman, Michael B Jordan, Lupita Nyong'o
Five stars
Fixtures
50-over match
UAE v Lancashire, starts at 10am
Champion County match
MCC v Surrey, four-day match, starting on Sunday, March 24, play starts at 10am
Both matches are at ICC Academy, Dubai Sports City. Admission is free.
White hydrogen: Naturally occurring hydrogen
Chromite: Hard, metallic mineral containing iron oxide and chromium oxide
Ultramafic rocks: Dark-coloured rocks rich in magnesium or iron with very low silica content
Ophiolite: A section of the earth’s crust, which is oceanic in nature that has since been uplifted and exposed on land
Olivine: A commonly occurring magnesium iron silicate mineral that derives its name for its olive-green yellow-green colour
UAE currency: the story behind the money in your pockets
THE BIO: Martin Van Almsick
Hometown: Cologne, Germany
Family: Wife Hanan Ahmed and their three children, Marrah (23), Tibijan (19), Amon (13)
Favourite dessert: Umm Ali with dark camel milk chocolate flakes
Favourite hobby: Football
Breakfast routine: a tall glass of camel milk
