Fake QR codes, imposter police officers: How UAE residents are scammed by fraudsters

Fraudsters frequently use cutting-edge technology, including AI and machine learning to craft sophisticated scams

Read more...
by

Angel Tesorero

Published: Wed 17 Jul 2024, 6:42 PM

Last updated: Mon 22 Jul 2024, 9:00 PM

A few years ago, most victims of fraud said they lost money after losing their credit cards. Now, scammers are adopting more daring and sophisticated methods such as WhatsApp, Google Pay and Apple Pay platforms to fleece unsuspecting victims.

The fraudsters are preying on people’s desperation. Take the alarming case, for example, of Lina, a Filipina expat residing in Dubai, who is undergoing chemo treatment. She took out a loan amounting to Dh100,000 for her treatment through a bank agent. Obviously, when she applied for the loan, she gave all her contact details and other relevant information to the bank agent.

Advertising
Advertising

What was surprising, she told Khaleej Times, was that days after she received her loan confirmation, she got a call from someone pretending to be a Dubai Police officer. “The caller knew detailed information about my loan, including the amount, bank lender, and repayment terms,” she said.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

“I was made to believe the call was legitimate. The scammer claimed he needed to verify some information due to a supposed investigation into fraudulent activities on my loan. Convinced by all the detailed knowledge the caller had, I disclosed my OTP (one-time password). In a snap, I lost all the money intended for my chemo therapy,” said Lina.

“This incident has raised serious concerns about the potential data leak of personal information held by financial institutions,” noted Atty. Barney Almazar, director of corporate-commercial department at Gulf Law, who is handling Lina’s case.

Almazar told Khaleej Times: “When I started assisting victims of credit card fraud in Dubai more than a decade ago, most of the victims lost their physical cards which were then illegally used by scammers. Now, credit card fraud has evolved dramatically and is often committed online. Fraudsters are using sophisticated methods such as WhatsApp, Google Pay and Apple Pay platforms.”

Fake QR codes

Almazar said fraudsters create fake QR (quick-response) codes and send them to WhatsApp group chats to convince victims to scan them, believing they will receive money when they verify their identity. Other members of the chat group who are in cahoots with the scammer will vouch for the QR code by claiming they previously received money.

This is what happened to G.T., a Dubai resident who received a private message stating that she will be receiving payment via her Google Pay. The fraudster send a QR code, claiming it was for transferring funds. When G.T. scanned the code, it authorised a withdrawal from her account instead of receiving a cash deposit.

Fake customer service calls

Another victim named A.S. received a call from someone claiming to be from a bank's anti-fraud department. The caller convinced A.S. that her account was compromised and needed immediate verification. A.S. provided the OTP, allowing the scammer to complete a fraudulent online transaction. A.S. lost Dh45,000 by unwittingly giving the scammer access to her account.

Almazar said: “Banks sometimes focus more on meeting regulatory requirements than proactively addressing security threats. Compliance is crucial, but it should be the baseline rather than the ultimate goal. Proactive measures and constant vigilance are necessary to stay ahead of fraudsters.”

Atty. Barney Almazar

Apple Pay scams

Fraudsters frequently use cutting-edge technology, including AI and machine learning to craft sophisticated scams. These tools enable them to automate phishing attempts, create realistic fake websites, and target victims more effectively.

“Apple Pay, despite its robust security features, is not immune to fraud,” noted Almazar, adding: “Scammers have found ways to exploit the system by targeting the user rather than the technology.”

A victim lost Dh89,000 in a series of Apple Pay transactions in just two hours. An email that appeared to be from Apple, warned the victim of suspicious activity on his Apple Pay account. He was instructed to click a link which directed him to a bogus website. Not realising that the website only mimics Apple's official site, he typed in his Apple ID and password and lost his money.

SIM card cloning scams

Another alarming trend is the use of SIM (subscriber identity module) card cloning to intercept OTPs. Fraudsters clone the victim's SIM card, ensuring OTPs are sent to the clone without the victim's knowledge.

This happened to P.S., a 58-year-old Indian who is planning retirement in two years but lost his savings after a scammer transferred his phone number to a new SIM card controlled by the scammer.

This allowed the scammer to receive OTPs sent to the victim's phone number. When he realised that he had lost his phone service, he went to the mobile service provider and the customer service representative confirmed that his SIM was cloned.

Why fraudsters are often a step ahead

Cyber security expert Irene Corpuz, founding partner and board member, Women in Cybersecurity Middle East, said: “Scammers use ChatGPT or AI (artificial intelligence) to make sophisticated techniques, and that makes it more difficult for the individuals to identify what's real from fake. Scam emails now are well written with the help of Grammarly or ChatGPT.”

Irene Corpuz

Almazar added: “Fraudsters frequently use cutting-edge technology, including AI and machine learning, to craft sophisticated scams. These tools enable them to automate phishing attempts, create realistic fake websites, and target victims more effectively.”

“Based on my experience in dealing with financial frauds, banks sometimes focus more on meeting regulatory requirements than proactively addressing security threats. Compliance is crucial, but it should be the baseline rather than the ultimate goal. Proactive measures and constant vigilance are necessary to stay ahead of fraudsters,” he underscored.

Beyond financial losses

For the victims of such crimes, they experience emotional distress, including feelings of betrayal, guilt, and anxiety. Beyond financial losses, the stress of dealing with the aftermath of fraud can have long-lasting effects on their well-being,

“When banks fail to protect personal information, they risk losing customers' trust, which can lead to a decline in customer retention and loyalty. Ensuring robust data protection practice is essential for maintaining customer confidence,” said Almazar.

He also noted when data breaches occur, some banks often fail to act swiftly and transparently. “Delayed notifications to affected customers and inadequate measures to secure leaked data allow fraudsters to use information for an extended period before any preventive action is taken. Despite the increasing threat landscape, some financial institutions underinvest in cybersecurity such as insufficient funding for security infrastructure, lack of employee training, and failure to implement comprehensive security policies.”

Stay informed and proactive

Almazar and Corpuz shared the following advice to avoid falling to fraudsters' scams.

  • Always verify the identity of callers claiming to be from your bank or credit card company. If it means you have to end the current call and call the official number of your bank, do so.
  • Avoid engaging in long phone calls if you do not know the caller and they sound suspicious. They could be recording your voice to be used for future deep fake attacks against you.
  • Do not share OTPs or other sensitive information over the phone or via email.
  • Verify the authenticity of QR codes before scanning.
  • Be cautious of phishing emails and always check the sender's email address and URL for legitimacy.
  • Enable multi-factor authentication for all accounts and regularly monitor account statements for suspicious activity.
  • Stay informed about common scams and fraud tactics.
  • Attend cybersecurity awareness training sessions.
  • Follow reputable cybersecurity blogs and news sites.
  • Be cautious with unsolicited emails with attachments and links. Verify the sender before opening any links or attachments.
  • Use strong, unique passwords for different accounts, enable two-factor authentication (2FA) or MFA (multi-factor authentication) wherever possible.

ALSO READ:

Angel Tesorero

Published: Wed 17 Jul 2024, 6:42 PM

Last updated: Mon 22 Jul 2024, 9:00 PM

Recommended for you