The UAE authorities are fighting a high-tech war against phone conmen who target the country's low-income workers.
An Emirates Business investigation has revealed the existence of a huge network of fraudsters who steal from vulnerable expatriates after falsely claiming they have won prizes.
Prospective victims receive a call saying: "You have won Dh200,000 in an etisalat [or du] random draw – please call this number for further information."
The calls are made mainly to an illiterate section of the phone operators' customer base. The subscribers are tricked into transferring mobile phone credits to the conmen and, in some cases, providing their bank accounts and other details.
This newspaper has found at least a dozen cases where subscribers have lost phone credits ranging from Dh10 upwards.
An Iranian worker, who earns Dh1,500 a month, says he was tricked into transferring etisalat Wasel pre-paid phone credits worth Dh15,000, a process he described as "a huge and mind-blowing labour". Another expatriate living in Dhaid, Sharjah, says he lost Dh10,000.
The mobile phone fraudsters use a number of methods to steal – ranging from asking victims to transfer a certain number of phone credits to stealing credits through phone hacking and accessing bank accounts.
The authorities say it is difficult to crack down on the threat as it is a high-tech organised crime conducted by gangs using SIM cards obtained from people who are no longer in the UAE. Others use copies of passports and valid UAE residence visas to obtain SIM cards.
"An intensive operation is under way in collaboration with the two service providers and Abu Dhabi Police to fight these crimes," said an official at the UAE's Telecommunications Regulatory Authority (TRA). "We are working closely with the police and other partners to help bring this crime to an end."
She said large numbers of fraudsters were using advanced technology to trap their victims. A huge campaign to warn people not to fall prey to phone scams had been launched with the help of the law enforcement agencies.
Some of the calls come from as far away as the UK, the US and Asia, though most originate in one particular neighbouring country.
On January 4, the Ministry of Justice ordered the establishment of federal and local departments to tackle cyber crime, and measures to be taken will include bringing more mobile phone spam cases before the courts.
In Abu Dhabi, the investigation is being carried out by a specialised team from the local police supported by the TRA, etisalat and du. Abu Dhabi Police declined to respond to queries about the operation.
But an etisalat spokesman said the investigation had already resulted in the arrest of 15 suspects and hopes were high that the crime could be stamped out.
Senior Media Relations Officer Saeed Al Badi said: "It is a serious crime and we have been working with the local police authorities to bring an end to it. As a national telecommunications company our efforts to fight this crime are not limited to a particular emirate. We are working with all the police authorities across the country to help protect the interests of our customers and subscribers.
"These effort have already resulted in the arrest of 15 people last year and the investigation is continuing with victims verifying the phone numbers they have received SMSs and calls from."
The TRA official said the authority had launched a massive campaign along with its partners since the spam threat first emerged two years ago.
"We have been issuing awareness tips through the media and other electronic sources such as SMS and e-mails."
The authority issued a statement early last year warning the public about the growing menace and advised subscribers to block all such spam messages and never respond to them.
TRA Director-General Mohamed Al Ghanim said in the announcement: "We received some inquiries on how to face such a quantity of spam SMSs that reach the subscribers' mobile phones, hence, we would like to clarify that spam SMSs that broadcast files to be downloaded by the mobile holder are considered a hacking tool.
"Therefore we advise subscribers not to accept the file, bearing in mind that the text SMS in itself is not dangerous, the danger lies in the file when the subscriber agrees to download it. Furthermore, we advise subscribers not to give their phone numbers to entities and parties that are unknown to them."
The situation has worsened since that advice was given with etisalat and du subscribers receiving calls offering them attractive packages and valuable prizes, including Dh200,000 in cash.
The authority has organised a number of seminars and conferences on cyber crime to educate the public about the threat.
An official said: "We are carrying out a massive campaign with the help of our partners, including the law enforcement agencies, to educate people to keep away from such spam. All the police authorities are carrying out investigations to apprehend those involved in such crimes and some progress has been made with the arrest of some culprits."
Al Badi said the fraud was one of the most serious crimes to crack as those responsible use the most sophisticated technology.
He said: "It is an organised crime conducted by many players and not a single group that can be busted and that is the end of it. As a service provider, our job is to give all the necessary data to the investigating authorities – that is the police forces throughout the country.
"And we have been doing this. We also advise our subscribers how to reach the police when they are conned. We try to educate our customers so they do not fall prey to spam fraud."
He said the conmen used mobile phone SIM cards that were not registered in their names. In one case a SIM was traced back to an Asian who was no longer in the country when the card was issued.
"His personal data, including copies of his passport and personal identity card, were presented to buy the SIM card while he was in his home country."
Both the TRA and etisalat give one simple piece of advice: Never respond to calls, SMSs and e-mails that offer attractive but unlikely prizes.
After all, why would anyone offer you millions of dirhams or dollars for something that you have no clue about and have not subscribed to?
The modus operandi
Most of mobile phone conmen steal phone credits using three basic tricks.
The first is enticing the victim to transfer phone credits to cover the cost of transferring their bogus winnings to them.
The second trick is fast and simple – the conman calls his victim and reads out the PUK security number on the victim's SIM card that he had already accessed. The victim is then instructed to call a particular number along with the PUK code followed by the hash key. Once the number and code are dialled all the credits on the victim's phone are lost.
The third trick is the most efficient. The conman gives his victim a missed call. The victim calls back, and as he or she talks all the credits on the phone disappear within a minute.
The stolen credits are then sold via the internet and transferred to the buyers' phones.
The Emirates Business investigation discovered that at least one in 10 attempts to steal credits succeeds.
OLD PRACTICE, NEW WAYS
The 419 scam named after a Nigerian criminal code section that includes a variety of different tricks – plain text to SMS – is now almost 35 years old. Most of these scams originated in Nigeria, forcing the government to introduce a stiff law to help combat the crime.
The cases of attracting people to deprive them of money go back to late 70s and early 80s when copies of certain texts were distributed at public places, particularly near mosques, asking readers to distribute them further among six to a dozen other people to earn a fortune or get relieved from their problems.
This was a superstitious-based spam playing with peoples' sentiments and carried out by stationary shops and typing centres to get their Xerox or photo-copying business running better.
Most of the texts contained Quranic verses and advised readers to read them carefully, further photocopy and then distribute them among a number of people. The texts also warned if failed doing so the targeted readers would end up in trouble – and many did believe in that.
The same continues today with such messages texted on mobile phones and by e-mailed. Such e-mailed texts are aimed at increasing newly set website hits to earn advertisements.
Also those days, people used to get mails via post asking recipients to contact the senders for transferring a certain amount of money into their bank accounts from a certain country, and earn a handsome percentage of the amount that sometimes runs into millions of US dollars. The sender would get personal data, including bank accounts, of recipients and use them for illegal transactions.
Later in 90s, this continued in the form of faxes sent to people. This, according to the office of Interpol in South Africa, lead to a number of different gangs involved in different crimes – from kidnapping for ransom to murder.
According to the Interpol, they had come across a number of kidnapping cases. The people kidnapped were attracted to visit South Africa through such spam mails and faxes and kidnapped for money. At least one victim, a Canadian, was murdered after he failed to arrange the ransom money.
From 2000, the conmen also known as 419ers switched to e-mail and SMS to trap their would-be victims. Now it is live phone calls.
In 2002, an Abu Dhabi-based expatriate businessman was attracted via an email to share millions of defaced US dollars stored in a place in South Africa. He went to South Africa and ended up in losing more than $10,000 (Dh36,700), and after sensing his life was in danger he ran away from his "hosts" and immediately flew back to Abu Dhabi.
From photocopy to mobile phone, the spam continues appearing in different forms and gets more sophisticated – now let's see what form is in waiting for this decade starting in 2010.
Victims narrate their tales
- Name: Saleh Ali Zadeh
Zadeh, a long-time Abu Dhabi resident from Iran who earns Dh1,500 a month, lost more than Dh16,000 in a phone scam. He has two wives and 10 children to support. Here, he tells how he lost the money:
"I was on annual leave in my home town of Bandar Abbas when I got a call on my Wasel phone informing that I had won Dh200,000 in a draw conducted by etisalat for its subscribers.
"The caller spoke in broken Arabic with a Pakistani accent. I was convinced it must be true because he called me by my name and knew all about me, including my place of work.
"He also advised me to rush back to Abu Dhabi to collect the prize, so I had to cut short my annual leave and return.
"Once I reached Abu Dhabi, I phoned the caller to inquire about the win. He gave me two numbers, one that was supposedly the number of a cheque from Abu Dhabi Islamic Bank, the other my winning coupon number – cheque number 32711066 and coupon number 15870039777.
"He gave me a mobile number – 00923477883212 – to transfer credits worth Dh15,000 to and said this was necessary to meet the cost of carrying out the transaction. I spent more than Dh1,000 buying etisalat prepaid cards and transferring to them to this number. It took almost three days to transfer the credits worth Dh15,000.
"After doing this I was told I could go to Abu Dhabi Islamic Bank in the capital to collect my cheque after three days. When I called him about the cheque, he asked me for another Dh8,000 as goodwill money for eight people involved in helping me get the prize. This was the time when I realised something was fishy.
"I went to etisalat to inquire about my prize, and to my surprise I was told that I had been cheated and advised to seek police help. I have filed a case with Shabia Police Station in Abu Dhabi."
- Name: Char Shanbe Ali
Ali lost more than Dh10,000 lost after receiving a call saying he had won Dh200,000 in an etisalat draw. He is married with five children and has a butcher's shop. He was asked to transfer phone credits worth Dh10,000 to cover the costs involved in carrying out is prize transfer.
"It was the first week of Ramadan when I received the call saying I had won the prize. The caller advised me to transfer the credit amount to a particular mobile phone number, which I did. After that I never heard from the man. And he never responded to my calls so I went to Dhaid Police to file a case, and now I'm waiting for a result in my favour."
- Name: Ustad Murad Khosa
Khosa, a mechanic, lost Dh280 worth of phone credits after responding to a missed call from a UK number. He has worked in Abu Dhabi for more than 30 years. He is married with seven children and also supports his widowed sister and her three children on a monthly salary of Dh2,700.
"About a month ago I received a missed call from a number starting with the UK code, 0044. I have a distant relative in Britain so, thinking it might be call from them, I called back. The man on the phone spoke in Urdu and told me I had won a grand prize in a draw. After I finished the call I tried to call my son back home to tell him about the prize but could not get through. I had about Dh280 worth of credits that all vanished with this single call."
- Name: Mohammed Ameen
Ameen lost phone credits worth Dh80 in a sophisticated phone trick.
"One day I received a call saying I had won Dh200,000 from etisalat and du – Dh100,000 each. The man called gave me the PUK security number that is printed on my SIM card. He asked me to dial the dial the code along with a du mobile phone number to qualify for the win.
"I followed the instructions and when I tried to make a call there was no credit on my mobile. I lost all the credits in a minute."
Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.