ABU DHABI // Foreign fraudsters are targeting mobile-phone users in the country with SMS text messages promising prizes to entice them to reveal personal information and bank details. For years, fraudsters have used spam emails with promises of prizes and cash rewards, in a type of con known as "phishing", to tempt people to reveal sensitive information.
The new version of this that has now spread to the Middle East is known as "smishing", a term combining SMS and phishing coined by the computer security firm McAfee Avert Labs, which first identified the scam in 2006. A number of people in the UAE have reported receiving texts from "JapanAfric Motors", telling them they have won a Toyota Land Cruiser. When The National called the contact number in one such message, a man who identified himself as Peter and said he was based in Kenya said: "We have an annual promotion and my list says you have won this car - we can ship it to any international airport in the world."
To claim the prize, all the "winner" had to do was disclose his or her name, passport number, address, email and place of work - and US$1,000 (Dh3,670) to cover shipping costs. "It is a very small cost for such a good prize," said Peter. He claimed the phone number had been found on the internet, but would not name the site. He seemed unaware which country the call was from and there were indications the con trick operated worldwide.
"Recently we have had winners in Lebanon, Zambia and Qatar," he claimed. "These people are very happy with their cars." A spokesman for Etisalat said many people were unaware of how much personal information was available about them on the internet and urged customers to be wary of fraudsters. "Practically every online or print form asks you for mobile and email addresses in order for you to obtain services," he said.
"This is almost certainly how your number got in their hands, although there was a study which showed these guys sending to random numbers could be a matter of chance." Protection of the UAE's phone and computer networks against attack rests with the Telecommunications Regulation Authority (TRA), which last year set up the Computer Emergency Response Team to monitor hacking attempts from abroad. The TRA declined to comment for this story.
In general, legitimate banks or other institutions will not require your passwords, credit card numbers or other account data online. Any email or text asking you to "verify your account", update your credit card information or provide your social insurance number is suspicious. If you have already disclosed personal information to what you think may be a phishing or smishing trap, alert your bank or whatever institution has been affected, change your passwords and review your credit card and bank statements quickly and often.
@Email:gmcclenaghan@thenational.ae