Banks warn of ‘magic pen’, 'phishing' frauds

In less than a month’s time, two more top UAE banks are warning its customers of “magic pen” fraud.

In an email alert sent to its customers, FGB said: “Instances of cheque forgery are being increasingly reported. A variation of a cheque fraud is where the cheque issuer is persuaded to fill up details related to amount and/or beneficiary by a pen provided by the third part. The writing of such "magic ink pens" disappears after a while and the fraudster fills up desired amount and beneficiary name to fraudulently cash such cheques.”

The following tips are provided to protect one from such frauds:

• · Consider having different set of signatories depending upon amount thresholds.
• · Keep your cheque book secure and use it sparingly, where possible use electronic banking.
• · Regularly check your account statements, SMS and emails from your bank.
• · Don't use cheques to unknown people, sometimes fraudsters offer deals which are "too good to be true" to get a cheque sample from victims.
• · All cheques have security features, some of which are printed on the front/back of the cheque. Please ensure that any cheque being presented by you contains those security features.
• · If someone offer you a pen to write on cheques, be careful and check whether this could be a "magic ink pen." Remember that usage of such pens in prohibited in UAE and any person found to be using such pens may be reported to relevant authorities.

Earlier this month, RAK Bank said warned customers of “magic pen” fraud.

“These fraudsters ask customers to complete the loan / credit card applications and provide a blank signed security cheque wherein the imposter fills up the details on the cheque in their presence using his magic pen.

“Subsequently, the details of beneficiary and amount in the cheque are altered since it was filled up with the magic pen, which allows the details entered to be erased without a trace.  The cheque is then cashed from various banks using third parties,” the notice said.

Citi Warning

Meanwhile, Citibank in the UAE too has warned it's clients of the "magic pen" fraud.

In an email to clients, it said: "Dear Customer, at Citibank we always strive to make your banking experience easier and more importantly, safe and secure. As part of this endeavor, we would like to inform you about the “Magic pen” method used by fraudsters and how you can protect yourself.

“Magic pen” is used by fraudsters impersonating sales representatives of banks, who approach customers, in an attempt to offer credit cards, personal loans and various other banking products. They ask customers to fill in applications and provide security checks, which they fill with the erasable magic pen and later on alter the check details like beneficiary and amount and manage to encash these checks.

How to Protect Yourself:
•     Please fill in all details on the check including the name of the beneficiary using your own pen and never the pens provided by another party.
•     Before providing your personal data and security check, you should always cross check the identity of the bank representative with a photo ID
•     Never issue a blank check

Citibank also warned customers to protect themselves from becoming a victim of “Phishing” and “Online Fraud”.

It said it is important to access your account at Citibank Online by always typing www.citibank.ae directly in the address bar of your browser.

What is "phishing"?

"Phishing" is an internet scam whereby fraudsters send emails with the intention to collect critical personal and financial information. These "phishing" emails look genuine and appear to be coming from a legitimate bank. They always contain a link to a "spoofed" website asking you to provide an update or confirm sensitive personal information and / or download and install “security software” by clicking on a link. Typically these emails will:

•     Carry a message stating urgent action is required due to a system or security upgrade
•     Contain a warning stating that your account / card has been suspended or will be suspended and that you need to visit a “secure” link to activate or restore your account / card
•     Contain a link to update your contact details like mobile number or email address. Clicking on the link would open a webpage which may appear to be very similar to Citibank Online but would actually be a spoofed site

Steps to protect yourself

•     To access your account at Citibank Online always type www.citibank.ae directly in the address bar of your browser.
•     Do not click on any link contained in emails even if it claims to take you to your account at Citibank Online as the underlying hyperlink could lead to a malicious site.
•     If you receive an email claiming to be from Citibank asking for your financial or confidential information or stating that your account has been suspended, do not respond. Forward the email to uae.emailfraud@citi.com and then delete it from your inbox.
•     In case you have inadvertently clicked on a link or responded to an email providing confidential information, please call our 24-hour Citiphone Banking Service at +971 4 3114000 immediately. Ensure to forthwith re-set your Citibank Online User Name, Password and ATM PIN/TPIN.
•     Ensure to keep your PC / Smartphone updated with latest operating system patches and security software from a trusted vendor (Antivirus, Anti malware and Anti spyware).
•     Never download and install untrusted software as these may place key-loggers/malware on your PC/Smartphone which can capture all information that you type and send it to a hacker.
•     Be careful when you use a PC at a public place or one not having the latest security software.
•     Always log off by clicking on the “Log Out” / “Sign Out” icon on the Citibank Online website.
•     Never store your password or account/card information on paper or electronically on word, excel or text documents. Always keep your PC/Smartphone protected with a password/PIN.

Read: UAE bank warns of 'Magic Pen' fraud; how to avoid it
 

Follow Emirates 24|7 on Google News.