Scammers caught transmitting fake mobile network in Dubai

Three men are each sentenced to six months in jail for mimicking a cellular network to send messages with links to download malware

Rear view of teenage girl using smart phone app while watching TV in living room at home. Getty Images
Powered by automated translation

Authorities in Dubai have warned the public to be vigilant when clicking links, after they arrested a gang that set up a fake telecoms network to defraud people.

The three-member Chinese gang, who were arrested in December, used a sophisticated device to jam a nearby Etisalat by e& cellular tower signal and switch users to their own bogus network.

This allowed them to send phishing links via text messages to users and access phone data through downloadable software.

Several victims in Dubai Marina initially raised the issue after receiving messages that appeared to be from banks and government bodies, which the institutions denied sending.

Users then contacted Etisalat by e& who asked police to investigate the matter.

The National contacted Etisalat by e& for comment.

Running illegal network from parked car

Cyber safety expert Ivan Pisarev said such scammers are called “threat actors” and use "fake base stations" to mimic a mobile operator's tower signals and intentionally cause harm to digital devices or systems.

“These fake stations deceive nearby mobile devices to connect to them," he said.

"Mobile phones are designed to connect to the strongest signal available, and they latch on to the fake station.

"Once connected, the fake station can intercept various types of data, including call metadata, text messages and sometimes even the content of the calls."

Teams from the Telecommunications Regulatory Authority (TRA) were called in and traced the criminals to a specific area.

Two members of the gang were caught running the illegal network from a parked car, using electrical transformers, a network-blocking device and a signal receiver.

How to avoid getting scammed
  • Never click on links provided via app or SMS, even if they seem to come from authorised senders at first glance
  • Always double-check the authenticity of websites
  • Enable Two-Factor Authentication (2FA) for all your working and personal services
  • Only use official links published by the respective entity
  • Double-check the web addresses to reduce exposure to fake sites created with domain names containing spelling errors

A technical report presented to the court said the device targeted mobile users within the vicinity of the car.

A third man was arrested at Dubai International Airport while attempting to flee.

Recruited via Telegram app

The men told the court they were hired by an anonymous Chinese recruiter on the Telegram app.

One was hired as a driver for a daily wage of Dh2,500 ($680) and another to install the devices.

They were instructed to rent a car, install the devices and "drive to crowded areas".

The third man was paid to smuggle the devices to the UAE.

The men were each sentenced in May to six months in jail. They will be deported after they complete their sentences.

According to the data released by UAE's Cybersecurity Council, more than 71 million attempted cyber attacks were blocked in the first nine months of 2023.

Research by UK technology website Comparitech found in 2021 that UAE residents lost up to $746 million to cyber crime.

Common types of cybercrimes in the UAE include hacking, phishing, smishing, investment scams, and phone calls impersonating the police or banks.

Impersonating banking apps

Mr Pisarev, technical head of Threat Intelligence, Digital Risk Protection and Attack Surface Management at Group-IB, confirmed such attacks are not new, with some reported in the Asia-Pacific region last year.

Scammers there used the same model to trick the public into believing they were dealing with a bank.

They used a mobile fake base station to send messages to users nearby, with links redirecting them to a chatbot mimicking a bank's support team.

"After communicating with the victim, the fraudsters would send another link to a website for downloading a malicious banker app.

"Once they gained control of the device, the fraudsters would delete the original bank app and install its malicious version."

Dubai Police urge people to use the e-crime platform to report online fraud, whether or not the criminals had been successful.

Updated: June 07, 2024, 9:54 AM
How to avoid getting scammed
  • Never click on links provided via app or SMS, even if they seem to come from authorised senders at first glance
  • Always double-check the authenticity of websites
  • Enable Two-Factor Authentication (2FA) for all your working and personal services
  • Only use official links published by the respective entity
  • Double-check the web addresses to reduce exposure to fake sites created with domain names containing spelling errors