12.50 AM Thursday, 28 September 2023
  • City Fajr Shuruq Duhr Asr Magrib Isha
  • Dubai 04:52 06:06 12:13 15:36 18:14 19:27
28 September 2023 $dmi_content.escapeHtml4($rs.get('weather.code.w${report.significantWeather.code}')) Max: 37 °

Fraudulent e-mails targeting bank customers on the rise

Keeping our heads in the sand would do us more harm than help us. If we talked about it openly, it will help us. (EB FILE)

By Karen Remo-Listana

There has been a rise in the number of fraudulent e-mails, also called phishing, in the past few weeks.

Last Monday, Citibank sent an alert message that an increasing number of fraudulent e-mails are being sent to its customers claiming to be sent by Citibank.

"Over the last few weeks, we have noticed a rise in the number of fraudulent e-mails," it said. "Citibank will never send you an e-mail asking for your confidential or sensitive information such as username, password, PIN, mother's maiden name or date of birth."

"With the trend of phishing attack across the banking sector becoming noticeably more aggressive, we try to follow a more assertive and pre-emptive alert approach," Citibank said in a statement to Emirates Business.

A week earlier, Emirates NBD has also advised its customers not to click or respond to e-mails asking for account, card or internet banking details.

Mashreq in the latter part of last month said the number and sophistication of phishing scams sent out to consumers is increasing "dramatically".

It said the bank will never ask a customer his transfer challenge code at the time of sign on nor ask for full transfer challenge code.

The code, it said, is a transaction-specific, and is only required when making a third party transfer, and is not required for signing on to MashreqOnline.

Phishing is an attempt by fraudsters to 'fish' out a customer's banking details by using a website address that usually looks very similar to the bank's website address.

Customers are then asked to provide sensitive financial information, including online banking passwords or PIN number, that can then be used to tap into their accounts. This scam, which is one of the fastest-growing types of cyber attacks, last year included phishing e-mails, according to TRA.

Phishing is a "serious" issue because perpetrators of such scams are using a form of social engineering, Justin Doo, Security Practice Director, Emerging Region, Symantec Corporation told this paper.

"Customers need to be aware of the threats around identity compromise and the fact that the banks are reaching out and advising them is to be applauded. As a community, the awareness needs to be driven higher," he said.

Banks, however, need to be more open and transparent on the details and the size of impact, Salem Khamis Al Shair, Director-General of the UAE General Information Authority, said.

Banks contacted by this paper declined to give further details about the extent of damage caused by these e-mails.

"Keeping our heads in the sand would do us more harm than help us," he said. "Everybody will be sceptical, which most of the time is not right. If we talked about it openly, it will help us."

More disclosures, Doo said, would be good but it must be part of a co-ordinated messaging campaign. "Otherwise customers can react adversely to a message that can be alarming if not understood," he said. "As part of the outreach to customers, it would be beneficial to firstly outline what the purpose behind the scam or identity compromise might be, so that customers are more aware of the consequences of sharing such information, not just the threat itself."

Under Article 11 of Federal Law No 2 of 2006, anyone who uses the internet or an information technology device to unlawfully access the number or details of a credit card or other electronic card shall be liable to imprisonment of at least six months or a fine of at least Dh30,000. The penalties for violators will also be subject to severer punishments stipulated by the Penal Code or any other law.

Catching and indicting perpetrators is, however, a complicated issue because most of these types of attempts are launched from outside the country. "The successful prosecution of perpetrators often involves multiple agencies across geographies," Doo said. "The people behind these activities are adept at concealing their identities and locations, increasing the complication of tracing and apprehending them."


Keep up with the latest business news from the region with the Emirates Business 24|7 daily newsletter. To subscribe to the newsletter, please click here.