I never thought I'd be one of those people: the ones who fall for such an obvious scam. I thought that was a tale reserved for the elderly and technophobic.
I don't even have a story to tell of a sophisticated hoax I was duped by.
It was the Emirates Post one. Many of you will know it. You'll already have received the text messages – someone, who doesn't even appear to understand grammar, says they tried to deliver a package to your door and you weren't home, so you need to pay a Dh1 redelivery fee to get it back.
It was Christmas Eve. I had been receiving packages all week. Concerned one of my three-year-old daughter's gifts hadn't arrived on time, I clicked on the link they provided, glossing over the fact they said my zip code was incorrect and ignoring the fact the UAE doesn't have zip codes.
It took me to a website where there was a pretty convincing tracking page, telling me where my package was on each day over the past week, then a button at the top asking me to pay Dh1, which takes you to a legit-looking payment portal.
There were numerous points at which I could have realised it was a scam: the odd capitalisations in the message, the mention of a zip code, the weird URL, the text from my bank with the one-time passcode saying they were about to take €4,000 ($4,300) out for TikTok Dublin. Instead I clicked copy and paste on the notification at the top of my phone when it flagged up, not noticing the amount or destination.
Within one second, after typing in my one-time password (OTP), what I thought was Dh1 turned into a little more than Dh17,700 ($4,800). My daughter's presents were all waiting in the other room to be wrapped that night, so who knows which package I thought I was waiting for.
I immediately called the bank and cancelled my card (it was a debit, in case you're wondering). I waited two weeks for the team to investigate, only to tell me they couldn't help because I put in my OTP, something I'd raised from the start since I knew how silly it was.
I spoke to the UAE's cybercrime unit – they said the same thing. They told me to try my nearest police station, but considering it had already been two weeks (I'd naively thought the bank would report it to the police), they doubted much could be done.
Absolutely infuriated – more at myself than anyone else – I decided I had to move on with my life.
While it's undoubtedly painful to lose any money, I have since tried to appease myself by remembering it could have been worse.
I also now realise that this could happen to anyone if you're distracted enough.
Like I said, it was Christmas Eve, my parents were here, it was the kids' bedtime, I was busy planning for the next day and this seemed like a minor inconvenience that needed quickly sorting out. Even though in the back of my mind something was telling me it seemed strange, I was on autopilot, trying to cross things off my teeming to-do list.
And I had this outdated belief – one that probably dates back to the inception of e-commerce – that an “https” at the beginning of a link meant it was a secure transaction and therefore safe. Not so – anyone can secure their site.
It shook my confidence, I'll admit. Every payment I now make, I question everything. Thankfully it has urged me to take some steps in protecting my money, such as lowering my bank transfer limit and splitting it between different accounts.
I've recounted this story several times in the past few weeks, including to a personal finance expert who told me sincerely I'm actually in the majority – but most people who get scammed don't like to talk about it, whether they're too embarrassed to admit they fell for it or it's too painful.
I, on the other hand, seemingly have a tendency to overshare.
I wish I could say I'll never be one of those people again. But as I read and hear more stories about people falling for ever-more sophisticated scams, you can never be too sure.
I guess the lesson in all this is always, always pay attention.