Emirates NBD issues warning over VAT phishing email targeting clients

Scammers are trying to extract sensitive information by pretending to offer a VAT refund from the bank

The Dubai bank has posted a warning note on its website urging customers to wary of an email titled: ‘VAT Refund Notification’. The National 
Powered by automated translation

A fraudulent email claiming to be from Emirates NBD alerting customers of a VAT refund is a phishing attack, said the bank.

Dubai’s biggest lender has posted a warning note on its website urging customers to be wary of the email with the subject line "VAT Refund Notification".

“Please be aware this is a phishing e-mail,” the bank wrote. “We urge you to be highly vigilant and always check the source before clicking on any links or attachments in e-mails.”

The bank said it would never ask a customer for personal details such as an account number, online and mobile banking credentials or debit or credit card details such as a username, password, PIN or the three-digit CVV number.

Phishing attacks, where criminals try to lure sensitive information from customers, such as banking passwords via an email claiming to be a reputable company, are commonplace across the globe.  According to cloud-based email management company Mimecast's second-annual State of Email Security report, more than 90 per cent of global organisations said the volume of phishing attacks have increased or stayed the same in the past 12 months.


Read more:


In this recent case, the fraudulent email, signed Revenue and VAT Administrator, Emirates NBD, promised a VAT refund and came from the email address verification@refund-emiratesnbd.com. Different amounts were promised to different customers.

An email received by one customer stated: “After the last calculations of your fiscal activity, we have determined that you are eligible to receive a VAT refund of AED 209.45.”

It then stated that to access the refund, the customer must download the VAT refund form attached to the email, open it and then follow the instructions on the screen.

They are then directed to another website, again claiming to be Emirates NBD, that demands personal details such as their online username and password.

For those that followed the instructions and gave away personal details, the fraudsters bought themselves some time by adding at the end of the email: “A refund can be delayed for a variety of reasons. For example submitting invalid records or applying after the deadline.”

Jeff Ogden, general manager for the Middle East at Mimecast, said VAT refund scams are simple in nature but are a good indication of the frequency, variety and the regional specificity of email impersonation attacks.

“Although these initial attacks don’t appear to carry malware, stolen credentials or personal information can be used for follow-up attacks on all types of organisations,” he said.

Consumer and employee awareness is important to help stop these cyber attacks, he added, praising the bank for its “educational count-offensive” and warnings via its website and social media.

Emirates NBD urges customers unsure of any messages from them to contact the bank to verify the communication.