The Debt Panel: ‘Scammers raided our bank account. How can we recover the money?'

We have been in the UAE for nearly 10 years and were looking forward to moving home in August to retire after my husband was made redundant from his job.

However, my husband started receiving phone calls and text messages from supposedly official institutions, such as Emirates ID, UAE Pass and even our bank. During the phone calls, the people were insisting that we update our personal information and asking for the one-time password (OTP), which we refused to give them.

We complained to our bank about the calls and they assured us it was not them. They also advised us to report the calls and text messages to the police, which we did. The police took note of all the scam telephone numbers and opened a file.

But just 30 minutes after filing the report, two large sums of money and one for a lesser amount were withdrawn from our account, as well as the cost for six Etisalat recharges for people we had never heard of. When we realised what was happening, we contacted our bank and immediately froze the account, but unfortunately, Dh105,000 had already been stolen.

The hackers had managed to gain access to our account without an OTP, and had even changed our email address. When we requested the bank to change the email to our original address, they also sent a notification to the scammer confirming that our email had been updated.

We have followed up repeatedly with our bank and the police. The bank is alleging that we gave the scammers the OTP and has informed the police of this. However, we are adamant that we did not give the OTP or our personal details to the criminals.

We also filed a complaint with the Consumer Protection Department of the Central Bank of the UAE. After an investigation, they also said that we must have divulged the OTP and that is how the scammers gained access to our account. The case was closed, but it has been reopened after we spoke to the Central Bank’s Consumer Protection Department.

We have delayed leaving the UAE in the hope of getting our money back and are now staying in a hotel as we’ve given up our apartment, but we have to leave very soon as we are no longer working. How is it possible that scammers can gain access to bank accounts without an OTP and what more can we do to get our money back from the bank? NG, Abu Dhabi

Debt Panellist 1: Philip King, head of retail banking at Abu Dhabi Islamic Bank

Unfortunately, there has been a significant increase in attempted cybercrime during the Covid-19 pandemic. Online criminals have been trying to exploit the vulnerability of individuals during this challenging time by posing as government officials to get them to disclose their bank account details.

However, scammers who go one step further by hacking your smartphone or duping the bank into changing your phone number or email address are unfortunately able to bypass the OTP security measure.

Ambareen Musa, founder and chief executive of Souqalmal.com

Through recent technological advancements, these crimes are becoming easier to perpetrate and hackers have endeavoured to come up with many methods to bypass the need for a PIN or OTP. However, you have done the right thing by contacting the appropriate authorities and trying to secure your bank account as fast as you could.

We urge you to remain in close contact with your bank and the Central Bank’s Consumer Protection Department. This matter should be escalated immediately to the highest relevant representatives at the bank. Reiterate that you were able to detect the fraudulent actions from the beginning and did not disclose any of your personal information. Ensure that you provide them with a record of all the text messages and calls you have received from the criminal. Maintaining a transparent relationship with your bank is crucial at this stage to guarantee that your rights are upheld.

If no amicable resolution is achieved, we recommend that you seek legal advice from a lawyer who is specialised in financial crimes and misconduct to liaise appropriately with the Consumer Protection Department at the Central Bank. They will then review your case again to determine if there has been a breach of the law and deal with any misconduct that has been identified.

Fraud methods have undoubtedly become more sophisticated and I would encourage all readers to remain vigilant and take an active role in protecting themselves against the threat of cybercriminals.

Debt panellist 2: Ambareen Musa, founder and chief executive of Souqalmal.com

You're obviously stuck in an unfortunate situation, with a significant amount of money having been stolen from your bank account and the bank not being willing to help you get it back. And the fact that you don't have a lot of time left in the country to pursue this, is certainly adding to all the stress.

Let's start with the actual crime. Even though it may be difficult to understand how the scammers could access your bank account without having the OTP, here's why this isn't entirely impossible. Over recent years, bank fraud as well as scammers' modus operandi have definitely become a lot more sophisticated.

OTP generation is designed to offer a higher level of protection against scams. Most account holders just assume that for a scammer to have access to an OTP, they would need to dupe the account holder into divulging it. However, scammers who go one step further by hacking your smartphone or duping the bank into changing your phone number or email address are unfortunately able to bypass the OTP security measure.

Now here's where the bank should have offered to investigate further, instead of putting all the blame squarely on you. The bank should have taken cognizance of the fact that you reported the fraudulent call to them immediately and then filed a police complaint as per their guidance, too.

This has left you with no choice but to take your complaint to the Central Bank. Now that there's already been a lot of back and forth with the regulator as well, you should seek the advice of a legal expert who specialises in such cases.

Hiring legal help will not only help you communicate with the bank better, but it will also help you pursue the case from overseas, depending on the legal arrangement your lawyer comes up with. It could be a good idea to seek a pro bono legal consultation first by reaching out to either your country's embassy/consulate, or going through the Abu Dhabi Judicial Department's free legal aid service.

Just make sure you hold on to all communication you've had with the bank to date, such as written correspondence, emails and call logs, in case you have to reproduce these later. I wish you all the best and hope you're able to recover your money soon.

Debt Panellist 3: Stuart Ritchie, chartered financial planner at AES International

Unfortunately, cyber crime is becoming increasingly common in the UAE, and we’re starting to see more sophisticated methods by cyber criminals to access personal details. In December 2019, the Central Bank of the UAE issued a warning about the importance of protecting yourself, with techniques such as criminals using the Central Bank’s name to obtain banking information.

In your case, you may have been subject to SIM card swap fraud. There are a lot of useful sources online that provide more information about what this is and how you can protect yourself.

This matter should be escalated immediately to the highest relevant representatives at the bank.

Philip King, head of retail banking at Abu Dhabi Islamic Bank

In this instance, you should seek legal advice immediately from a reputable firm in the UAE who will be able to assist you with your case and give you more information about the next steps.

They will also be familiar with the Consumer Protection Department processes. We would advise contacting a number of legal firms to clarify the general consensus on the next steps, as well as ensuring both parties are in agreement on how you will continue to pursue your case once you have repatriated and what is required from you.

In the meantime, document the different phone calls you received from the scammers, including the telephone number, time and date, as well as the names of the Etisalat recharges.

Additionally, include any details of the conversations you have had with your bank and the police until this point. Having a thorough timeline of events will help your legal representative to understand the conversations you have already had and where they are able to help.