Fake QR codes, imposter police officers: How UAE residents are scammed by fraudsters

A few years ago, most victims of fraud said they lost money after losing their credit cards. Now, scammers are adopting more daring and sophisticated methods such as WhatsApp, Google Pay and Apple Pay platforms to fleece unsuspecting victims.

The fraudsters are preying on people’s desperation. Take the alarming case, for example, of Lina, a Filipina expat residing in Dubai, who is undergoing chemo treatment. She took out a loan amounting to Dh100,000 for her treatment through a bank agent. Obviously, when she applied for the loan, she gave all her contact details and other relevant information to the bank agent.

What was surprising, she told Khaleej Times, was that days after she received her loan confirmation, she got a call from someone pretending to be a Dubai Police officer. “The caller knew detailed information about my loan, including the amount, bank lender, and repayment terms,” she said.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

“I was made to believe the call was legitimate. The scammer claimed he needed to verify some information due to a supposed investigation into fraudulent activities on my loan. Convinced by all the detailed knowledge the caller had, I disclosed my OTP (one-time password). In a snap, I lost all the money intended for my chemo therapy,” said Lina.

“This incident has raised serious concerns about the potential data leak of personal information held by financial institutions,” noted Atty. Barney Almazar, director of corporate-commercial department at Gulf Law, who is handling Lina’s case.

Almazar told Khaleej Times: “When I started assisting victims of credit card fraud in Dubai more than a decade ago, most of the victims lost their physical cards which were then illegally used by scammers. Now, credit card fraud has evolved dramatically and is often committed online. Fraudsters are using sophisticated methods such as WhatsApp, Google Pay and Apple Pay platforms.”

Fake QR codes

Almazar said fraudsters create fake QR (quick-response) codes and send them to WhatsApp group chats to convince victims to scan them, believing they will receive money when they verify their identity. Other members of the chat group who are in cahoots with the scammer will vouch for the QR code by claiming they previously received money.

This is what happened to G.T., a Dubai resident who received a private message stating that she will be receiving payment via her Google Pay. The fraudster send a QR code, claiming it was for transferring funds. When G.T. scanned the code, it authorised a withdrawal from her account instead of receiving a cash deposit.

Fake customer service calls

Another victim named A.S. received a call from someone claiming to be from a bank's anti-fraud department. The caller convinced A.S. that her account was compromised and needed immediate verification. A.S. provided the OTP, allowing the scammer to complete a fraudulent online transaction. A.S. lost Dh45,000 by unwittingly giving the scammer access to her account.

Almazar said: “Banks sometimes focus more on meeting regulatory requirements than proactively addressing security threats. Compliance is crucial, but it should be the baseline rather than the ultimate goal. Proactive measures and constant vigilance are necessary to stay ahead of fraudsters.”

Apple Pay scams

Fraudsters frequently use cutting-edge technology, including AI and machine learning to craft sophisticated scams. These tools enable them to automate phishing attempts, create realistic fake websites, and target victims more effectively.

“Apple Pay, despite its robust security features, is not immune to fraud,” noted Almazar, adding: “Scammers have found ways to exploit the system by targeting the user rather than the technology.”

A victim lost Dh89,000 in a series of Apple Pay transactions in just two hours. An email that appeared to be from Apple, warned the victim of suspicious activity on his Apple Pay account. He was instructed to click a link which directed him to a bogus website. Not realising that the website only mimics Apple's official site, he typed in his Apple ID and password and lost his money.

SIM card cloning scams

Another alarming trend is the use of SIM (subscriber identity module) card cloning to intercept OTPs. Fraudsters clone the victim's SIM card, ensuring OTPs are sent to the clone without the victim's knowledge.

This happened to P.S., a 58-year-old Indian who is planning retirement in two years but lost his savings after a scammer transferred his phone number to a new SIM card controlled by the scammer.

This allowed the scammer to receive OTPs sent to the victim's phone number. When he realised that he had lost his phone service, he went to the mobile service provider and the customer service representative confirmed that his SIM was cloned.

Why fraudsters are often a step ahead

Cyber security expert Irene Corpuz, founding partner and board member, Women in Cybersecurity Middle East, said: “Scammers use ChatGPT or AI (artificial intelligence) to make sophisticated techniques, and that makes it more difficult for the individuals to identify what's real from fake. Scam emails now are well written with the help of Grammarly or ChatGPT.”

• UAE issues security tips amid rising cyber threats

• UAE
• Newsletters
• UAE