Sun, Dec 22, 2024 | Jumada al-Aakhirah 21, 1446 | DXB ktweather icon0°C

VPN scam in UAE: Residents lose money from mobile balance, app purchases

In the Emirates, residents are permitted to use VPN but its misuse could result in imprisonment and a fine of up to Dh2 million

Published: Tue 23 Jul 2024, 6:00 AM

Updated: Thu 25 Jul 2024, 10:37 PM

Top Stories

UAE resident Noor Ahmed has been losing over Dh3 daily from his post-paid mobile account for many weeks. He was unaware of it until he got a message from his telecom service provider that he had reached the credit limit.

“I was surprised to see the message from a local telecom service provider because I had not utilised much of my available balance. I use a pre-paid mobile balance only to pay for parking through SMS. When I checked with the telecom service provider’s customer services executives at one of the hypermarkets, I found out that I was being charged by the VPN that I had installed. Therefore, I immediately uninstalled it,” he said.

Once the Virtual Private Network (VPN) app was uninstalled, Ahmed, who lost over Dh200 in one month alone, stopped losing his balance. Ahmed was among many who had a similar experience.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

Another long-time resident, Masoom Fatima, who had also installed a VPN app for audio-video communications with her friends and family, lost all her mobile balance within a couple of days after she recharged.

“Whenever I recharged my mobile account, the funds just vanished within a day or two. It happened to me multiple times. When a friend of mine told me to remove the VPN app, I stopped losing the credit,” said Fatima.

In the UAE, residents are permitted to use VPN but its misuse could land in trouble legally, resulting in imprisonment and a fine of up to Dh2 million.

What do experts say?

“Yes, if someone has installed a malicious VPN app on their mobile, the scammer can potentially access their phone and make unauthorised purchases, leading to deductions from the person's post-paid or pre-paid mobile balance. A malicious VPN app can gain control over the device, allowing scammers to make purchases from app stores like the Apple App Store or Google Play Store without the user's consent,” said Ezzeldin Hussein, regional senior director for solution engineering in META at SentinelOne.

He said VPN can intercept communications between the device and the internet, capturing sensitive information such as account credentials for app stores, which scammers can use to make unauthorised purchases.

“If the VPN app requests and is granted extensive permissions, it can access the user's mobile balance information and initiate transactions using the mobile network's payment system. Additionally, some VPN apps may covertly initiate in-app purchases, which can go unnoticed for a while but add up over time,” added Hussein.

Ezzeldin Hussein

Ezzeldin Hussein

Karthik Anandarao, chief technical evangelist, ManageEngine, said mobile phones are prone to cyberattacks much more than any other personal devices.

“Users usually are not aware whether the VPN is connected or disconnected. As the hackers gain entry into a user's mobile phone, they can access any app. The telecom provider’s app is no exception to this. Scammers can deduct money from the users’ pre-paid or post-paid mobile balance with ease. All the scammer needs is a point of entry into the user's mobile phone. It does not matter whether a VPN is active or disconnected,” said Anandarao.

Users exposed to hackers even after using a VPN

Karthik Anandarao said using a VPN doesn't mean that people are invisible from hackers.

“You can still be tracked down using the VPN address. When connected through the VPN, it is only certain attributes like the location and IP address that keep frequently changing. The rest of the information is still vulnerable and is accessible by hackers. Information such as the bank credit card, CVV, expiry date, account information etc. are either stored in cookies or vaults. These cookies and/or vaults are prone to attacks or data theft whether you are inside or outside the VPN,” added Anandarao.

Karthik Anandarao

Karthik Anandarao

Mobile balance theft

Ezzeldin Hussein said telecom operators can detect unusual activity and identify if scammers are stealing mobile balances from pre-paid customers or making postpaid customers pay for unauthorised purchases.

“They monitor transactions and can flag unusual or suspicious activities, such as sudden large purchases or multiple small transactions within a short period of time. By analysing typical usage patterns of customers, telecom operators can detect anomalies that may indicate fraudulent activity. Many operators use advanced fraud detection systems and algorithms to identify patterns associated with scams and unauthorised transactions,” he said.

Additionally, Hussein said reports from customers about unexpected charges or sudden drops in mobile balance can alert telecom operators to investigate potential fraudulent activities. “Operators can analyse billing records to identify discrepancies, such as charges for services or purchases that customers did not authorise, and they can work with app stores to track and verify purchases made through their networks.”

While telecom operators have these capabilities, he advised customers to also monitor their accounts regularly and report any suspicious activities promptly. This will help operators respond quickly and take necessary actions to prevent further losses.

ALSO READ:



Next Story