The rise of online banking comes with many benefits, but also raises security concerns due to an increase in fraud cases.
Cyber criminals are succeeding in deceiving people and wiping out their life savings, either by pretending to call from their bank or by using malware.
“Scammers are becoming more skilled in obtaining data on your money or personal information. So, keep an eye out for scams,” says Vijay Valecha, chief investment officer of Dubai-based Century Financial.
There was a 250 per cent increase in cyber attacks and more than 1.1 million financial fraud complaints in the UAE during 2020, according to cyber security company Digital 14.
Cyber criminals are expected to attack a business, consumer or device every two seconds by 2031, New York-based research company Cybersecurity Ventures said.
Another challenge facing the personal finance industry is dishonest advisers selling complex, high-commission financial products to unsuspecting investors, which can lock them in for years.
“Sometimes, all it takes to avoid being duped financially is using common sense,” says Marwan El Nakla, head of compliance at digital wealth manager StashAway Mena.
“If an email looks unusual, the email address is not known to be a company’s typical email domain, an offer seems too good to be true or astronomical returns are guaranteed, then it is likely a scam.”
We asked personal finance experts to offer tips on how to avoid falling prey to financial fraud.
Make sure the company you invest in is regulated
Before investing with any company, make sure that it is regulated by the local authorities, says Joseph El Am, deputy general manager at StashAway Mena.
There are four financial regulators in the Emirates: the UAE Central Bank, the Securities and Commodities Authority (SCA); the Dubai Financial Services Authority (DFSA), which is the regulator of the Dubai International Financial Centre, and the Financial Services Regulatory Authority, which is the regulator of the Abu Dhabi Global Market (ADGM).
“Before transacting with any company, you should do your due diligence,” Mr El Am says.
“Run a quick Google search on them. Read their website and understand all products and policies. You can also check if they have been mentioned in the press.”
Understand risk-to-reward ratio
This is specifically relevant to investment fraud. The golden rule is that if a deal seems too good to be true, it probably is, according to Mr Valecha.
“You might be contacted by a con through different channels, including a phone call, email or internet advertisement,” he says.
“You will be presented with an investment opportunity that, after a specific amount of time, is supposed to provide you with a massive, guaranteed return. Unfortunately, the offer is either wholly fake or a high-risk investment that will earn the con master a high commission.”
Don’t trust cold callers and seek a second opinion
Cold callers by definition want to sell you something. And it is almost always something you don’t want or need, says Carol Glynn, founder of Conscious Finance Coaching.
“They tend to work on commissions and so their priority is to make a sale,” she says. “They may tell you the credit card, loan or buy-now-pay-later arrangement is a financial benefit to you, but it almost never is.”
If the investment adviser or any third party is offering you something you don’t understand, find someone independent who can help you understand it, Ms Glynn recommends.
“Don’t be afraid to ask questions,” she says. “If the person is aggressive, dismissive or overly pushy, it is a huge red flag.”
Ask to see their qualifications and verify them. This is especially important for investments involving large sums of money or long-term agreements.
Never share your personal data
By providing your Emirates ID, account number, PIN and one-time password (OTP) to someone over the phone or by an unencrypted email, you are giving away access to your life savings, Mr El Am says.
Never share such information with anyone, unless they are uploaded on a secure portal during an onboarding, for example, and where the company has a data protection law in place.
Con artists are skilled at making their frauds sound trustworthy. They can alter images, imitate trademarks and fabricate reviews, Mr Valecha warns.
Making bogus websites and “spoofing” caller ID are simple. Before responding, consider all aspects seriously and do your research.
“Never share your banking information or OTP numbers with anyone, no matter how convincing they are,” Ms Glynn says.
“If someone calls from your bank asking for personal information, especially if they are speaking with urgency, hang up and call the bank back using the phone number on their website to verify it is legitimate.”
Check the communication channels
Make sure the companies you use communicate with you through a reliable channel, Mr El Am suggests.
The UAE’s Telecommunications and Digital Government Regulatory Authority recently introduced a new feature, where the company’s name appears on the caller ID.
“This gives you extra assurance that it is the registered number calling you and not a random one,” he says.
Also when communicating via email, make sure the domain is the company’s and not Hotmail, Gmail or Yahoo.
Never reply or click on unsolicited emails asking for payments, bank account details or personal information, Ms Glynn says.
“A great tip is to hover your cursor over the email address. Look for misspellings in the company name, email addresses that do not have the company name or are excessively long with lots of numbers and letters in them. If the email address is questionable, do not trust the email,” she says.
If the website is encrypted, a padlock will appear next to the web address, Mr Valecha says.
Split your banking details
Fraudsters frequently attempt to steal people’s bank information by focusing on unencrypted online communication.
If you need to submit your bank information, avoid sending it all in one mail, Mr Valecha suggests.
Instead, separate the information and use one channel, such as email for one half, and a text or WhatsApp message for the other, even if you are sending it to someone you know and trust.
Use two-factor authentication
The time when your password could keep you safe is long gone. Even if you use a different password for each website you visit, malware on your computer may still be able to gather your password and repeat it, Mr Valecha says.
The phrase “two-factor authentication” refers to the addition of the second element of authentication, in addition to your password, to the standard log-in process.
You will be asked to input a code sent to you through a text message, email or a push notification on your phone after you have entered your username and password.
“The use of two factors safeguards you from malicious links,” Mr Valecha says.