ABU DHABI 18 October 2020: SIM Swap fraud targeting banking customers, which often loots victims’ entire life savings, has dramatically declined in the United Arab Emirates after launching a major nationwide awareness campaign, a senior banking industry official said.
“SIM swap fraud, the worst among online banking frauds, used to be reported in hundreds in the past. But only one case was reported in recent months since we started the campaign in April 2020 with Central Bank of the UAE, Abu Dhabi Police and Dubai Police,” Jamal Saleh, Director General of UAE Banks Federation, UBF, told Wam.
“And this is despite the number of online banking fraud attempts having doubled since the start of coronavirus outbreak, as people started spending more time at home and transacting online,” he added.
Swim Swap fraud is a type of identity theft, where a fraudster manages to get a replacement SIM card of a victim’s registered mobile number, using fake identity documents, and accesses the online banking service of the victim to steal money.
“Swim Swap is the worst among various electronic frauds. Once the fraudster manages to get the victim’s replacement SIM card and reroutes messages to a different mobile number, the entire life savings of the victim may be looted,” Saleh pointed out.
“However, the awareness campaign and the strict preventive measures taken by the Telecommunications Regulatory Authority, TRA, Etisalat, and du have almost stopped this type of fraudsters. For example, unlike in the past, the customer has now to go in person with his/her original Emirates ID and fingerprint to request a replacement SIM card,” the executive explained.
The countrywide Fraud Awareness Campaign, launched by UBF, along with its partners, will continue until at least December 2020. This joint initiative aims to educate and protect consumers from various types of financial cybercrime and electronic frauds, particularly in light of the increased use of digital banking services during COVID-19 pandemic.
The awareness campaign was well received by people across the UAE as some of its awareness posts on social media platforms secured more than half a million likes and shares, the director-general said.
“Online banking fraud is a pandemic, like coronavirus, which affects everyone in every country with people losing billions of dollars every year across the globe,” said Saleh, who has 29 years of experience in banking in the US and the UAE.
After SIM Swap, magic pen fraud is the other scam that witnessed a decline as very few cases were reported after launching the UBF’s campaign, he revealed.
In magic pen fraud scams, victims are asked by fraudsters to sign cheques where amounts and a beneficiary’s name are written by the fraudster, using a pen with erasable ink called magic pen.
The ink would later disappear and the fraudster would amend the amount and a beneficiary’s name and fill in new details with a normal pen, and accordingly withdraw large amounts [ than what was originally written on the cheque with the magic pen] from the victim’s bank account.
“Therefore, using one’s own pen to fill and sign cheques and important documents is the only way to avoid such type of a scam. Authorities have banned the sale of invisible/magic ink pen in the market, but fraudsters seem to be still obtaining it illegally”, the UBF executive noted.
Social engineering attempts, through phone calls, text and emails, still constitute the highest number of fraud attempts, but their success rate and impact are low compared to other scams such as SIM swap and magic ink.
“Fraudsters will continue to make attempts, sometimes in bulk, abusing the existing Covid-19 situation. Nowadays, they lure people to register online for ‘health awareness campaigns against coronavirus’ or to ‘unblock a frozen account’ to steal sensitive personal information,” Saleh said.
One such email and website claimed to be of a municipality in the UAE ending with “.com,” instead of “.ae” [ that of government organisations ].
It is not always the carelessness of victims but the relentless perseverance and improvised tactics of fraudsters that cause the scam, he observed.
“Sometimes you get an email that looks perfectly genuine and directs you to a website that also looks normal and almost 100% like that of your bank. But the website could be having no more than one letter difference in the spelling of its name compared to the genuine one,” the director-general pointed out.
So, always check to see if the website has a “.ae” extension, if it claims to be from a UAE authority, or if it something different such as “.com.”
Social engineering attempts
In some cases, the perfect coincidence of a situation favours the fraudster. “For example, you may be waiting for a courier shipment and you then coincidentally receive a message asking you to click a link to track your shipment, which could incidentally be fraudulent,” he said.
Social engineering tools do not target any particular segment of the society, but fraudsters generate messages in millions and approach a large number of people across the globe almost all at once, hoping that they can secure hits. Their computers wait for a reply from any vulnerable person to then act further.
“Most are random attempts. When you receive a call from an unknown person, pretending to be for example from your bank, check to see if they are calling from a correct bank landline number and whether he or she knows your full name or location, most of the time they will stop there,” Saleh said.