Mashreq latest targets of phishing scam

Can you tell which is the real deal of the two online log in pages for Mashreq Bank? (SUPPLIED)

Banks are a constant target of mail phishing.

Last week, Mashreq Bank was victimised once again, when an email from ‘MashreqOnline - Retail Banking UAE’, with the address
infor@mashreqbank.com<mailto:infor@mashreqbank.com>, requested users to reactive the online access because it had been temporarily disabled by the bank.

The email, which was also received by this journalist, read: “Mashreq Bank is ensuring that your information is secured, for this reason your MashreqOnline access has been temporarily disabled.

“This could be either because the secret answer you entered does not match with the answer you provided earlier, or because someone tried to illegally access your account.

“To re-activate your MashreqOnline access, we have attached a re-activation page on this message; download the page and sign-on to re-activate. We regret any inconvenience caused.”

Attached in the email was a form that requested users to log on with their passwords and re-activate their accounts.

Take a look at the online form and it bears a remarkable resemblance to Mashreq’s online log in page, with a few subtle differences. Users who aren’t active on online banking could easily be duped into believing this is the real deal.

Our interest was piqued especially when this writer doesn’t even bank with Mashreq and the fact that no bank ever requests users to download files and reveal their private passwords.

A quick call to the bank resulted in the information that it was indeed spam.

A spokesperson said: “This is clearly a scam email and please do not answer to the email. One way to determine if any email pretending to be from Mashreq is a scam is the URL. Please note that Mashreq will never send you an email with a link asking you to log on.

“Log on should be done through Mashreqbank.com only.”

Representatives from the bank have also been sending out the message over the radio airwaves since last week to ensure users are not duped into revealing their personal details.

In the last one year, banks such as HSBC and ADCB have also been victims of similar phishing.

Print Email