The Federal Tax Authority said refunding taxes is a direct transaction between registered businesses and the government, as it urged legally eligible applicants to beware of fraudsters posing as intermediaries.
The authority said on Tuesday that some bank customers in the UAE have received phishing emails "from unidentified sources impersonating banks and financial institutions, and asking recipients to provide personal data” claiming that the information will ensure they can recover VAT. The personal data requested includes names, credit card numbers and personal identification numbers (PINs).
The FTA added that the process of refunding tax is completed “via advanced electronic systems … which boasts impressive security features for financial transactions".
“It is done through official channels using the International Bank Account Number and via systems under the authority of — and electronically linked to — the Central Bank of the UAE,” the government body added.
Phishing attacks, where criminals try to lure sensitive information from customers — such as banking passwords — via an email claiming to be from a reputable company, are commonplace across the globe.
In November last year Emirates NBD issued an alert after scammers tried to extract sensitive information by pretending to offer a VAT refund to the bank's customers. Dubai's biggest lender posted a warning note on its website urging customers to be wary of the email.
“Please be aware this is a phishing e-mail,” the bank wrote. “We urge you to be highly vigilant and always check the source before clicking on any links or attachments in e-mails.”
The FTA urged all registered businesses to remain vigilant and maintain the confidentiality of their personal data.
The Authority added that all transactions, including registration, submitting tax returns and refunding tax for eligible candidates, can be completed via the e-services portal on the FTA website.
"All of these official systems involve dealing directly with the FTA using Tax Registration Numbers (TRNs). They stand out for their accuracy, confidentiality and data security, in addition to being inaccessible via email or any other medium that may be prone to piracy and hacking," the authority added.