Cyber fraudsters using social media to 'stalk' potential victims

Cybercriminals are becoming more sophisticated and ruthless than ever, targeting people's private lives and impersonating friends or work colleagues to steal money or secure valuable data.

Criminals gather personal information on potential targets from social media, which enable them to garner all kinds of information on people's daily lives, according to Hector Rodriguez, senior vice president and regional risk officer for Visa in Central Europe, Middle East and Africa.

He warned scammers are using every possible avenue at their disposal to try to trick unsuspecting targets into divulging private details, including psychological manipulation and deep-fake technologies.

“Spear phishing or vishing is an attack that targets a specific victim with personalised communication and voice phishing scams,” he said.

“Impersonations can be made to appear like family, friends, executives, or government officials to convince consumers to provide personal information such as their passwords or account payment details.”

Phishing, which is a form of social engineering, involves the collection of personal data that is then used against an individual or company.

Last week, Dubai resident Timna Sophia told The National she lost Dh45,000 that she inherited from her late father in a phishing attack that involved a man claiming to be from a local bank.

The sharp increase in people working from home during the past 12 months and a rise in e-commerce during the pandemic have led to more cyberattacks in the region, as criminals look to take advantage of people's new-found vulnerabilities.

“There is a reason why it is called ‘engineering’ and cybercriminals are getting more advanced in their approach,” Mr Rodriguez said.

“These scams are so convincing and even well-informed people with their guard up are being tricked into sharing personal information.”

He said social engineering often sees fraudsters taking a patient approach to win the trust of people they have targeted.

“For example, on the first call, they get your name, on the second, the name of your bank. Then they call posing as your bank to get account information,” he said.

“They remain persistent as it can take multiple calls to get what they need.”

He warned that criminals were building profiles of people based on their online activities.

“They are capitalising on people's vulnerability by attempting to compromise consumers’ personal information and steal money,” he said.

“They are also building up a wealth of personal information on people’s day-to-day lifestyle, such as the stores they frequent, the bank they belong to, and the subscription services they have signed up for.”

He said a significant amount of personal data can be gleaned from social media platforms and accounts could be compromised by weak passwords.

This data would then be sold on the dark web, he added.

Identities stolen from UAE consumers are among the most expensive for sale by criminals on the dark web, fetching an average of $25 each, according to research from UK-based technology comparison website Comparitech.

Mr Rodriguez also warned that criminals were often posing as trusted institutions in the hope people would be tricked into giving up sensitive information.

“You receive a call from someone claiming to be from your financial services provider or a financial government entity who may then pose a series of security questions to trick you into revealing personal information,” he said.

“A fraudster may tell you that your bank account or Emirates ID has been blocked to get you to reveal sensitive account information such as your card details and one-time passwords.”

He said there have even been instances where criminals have contacted people to tell them a loved one is in hospital, requiring urgent treatment.

“They request funds or your payment details to ensure they receive the ‘surgery’ they require,” he said.

“This is especially disturbing considering they are really manipulating people and placing them in a stressful situation, playing on their biggest fears.”

Dubai Future Foundation said phishing emails alone surged by over 600 per cent in the first six months of the pandemic.

Criminals take advantage of working from home

Emad Haffar, head of technical experts with Kaspersky, said criminals are taking advantage of the increase in online transactions, mainly due to the pandemic.

“Many more people than before are using their credit cards online compared to pre-pandemic and many of them are doing it for the first time,” Mr Haffar said

"It’s much easier for them to fall victim. People need to adopt a mentality of more scrutiny and zero trust in the services we interact with.”

Mr Rodriguez said it’s more critical than ever to protect personal details and data due to the pandemic causing an acceleration in changes and trends.

“There is now a shift towards digital payments, particularly e-commerce and contactless," he said.

“The increased rate of adoption has accelerated the changes by about five years and that has also led to an increased amount of cybercrime.”

How to protect against online fraudsters

1. Do not share one-time passwords (OTPs) with anyone else – banks will never contact you to ask for an OTP that has been sent to your device.
2. Never reuse passwords – using a password manager will help you come up with unique passwords that will be hard for criminals to guess. Never save a list of your passwords in a folder on your computer desktop.
3. Use a single credit card for all online transactions – this will make it easier to manage online transactions.
4. Make sure your phone and computers have the latest updates – updating your software will help keep your data protected against cybercriminals.
5. Sign up for transaction alerts – this will help you manage your online activity and see when your account has been used for a transaction.

Dubai Police's supercar collection – in pictures