Customer Fraud Awareness and Education Series
General Handy Tips
- Be careful when accessing your internet banking account using shared computers or public computers (at libraries or internet cafes.
- Always remember to click “Log-Off” option to log-off Online Banking and close your browser when you have finished or lock your computer before you leave the computer idle.
- Change your Internet banking passwords both log-in password and transaction password after your first log-in from a secured computer. It is also recommend changing your online banking passwords and ATM PIN periodically.
- Keep your personal details secret. Never write down or disclose your account details, credit card details and passwords with anyone. Keep your credit card and ATM cards safe.
- Do not hand-over your card to anyone even if they claim to be representatives from your Bank and always cut the plastic in four pieces across the magnetic stripe before disposal.
- Ensure your personal documents are always secure. Do not hand-over the copies or original documents containing your personal data like your DOB, PIN number, financials, address proofs, etc to an unknown person. Always ask for identification.
- Check your bank account and credit card statements regularly. If you notice any transactions you don't remember making on your account, report the discrepancy to the customer service department immediately.
- Be alert for any scam emails like Phishing, Advance Fee scams, Lottery, Rewards etc:- and fake SMS alerts. Beware while opening emails or while replying to people and companies that you have not interacted with earlier. Please note: United Arab Bank would never ask for your passwords or PIN numbers for validation or verification of your accounts.
- Use common sense and trust your instincts – if something looks too good to be true then it probably is too good to be true.
- Do not respond to offers or deals unless you seek clarification from your bank customer service and you are absolutely convinced that it is in your best interest.
What is Phishing?
Phishing is an act undertaken by fraudsters to gain your private and sensitive information through emails that appear to be sent by your Bank. Such fake emails encourage you to click on a link in the email which leads you to a fake website with a similar look and feel as that of the Bank's authentic website. It is designed so, to capture your personal confidential account information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc.
Customers’ email addresses are obtained / purchased by the fraudster through non-trusted sites where the customer would have revealed his email ID by means of casual browsing or shared it on chat rooms, blogs or mailing lists, etc.
How do the fraudsters operate?
- Fraudsters send spoofed emails, appearing to be sent by UNITED ARAB BANK, to large number of recipients with an urgent tone that calls for quick action to verify, update or reveal your confidential account information by clicking onto a link in the email .
- Once the recipient clicks on the link in the email, he is diverted to a fake website with a similar look and feel of the Bank's original website. The customer is presented a web form to divulge his confidential account information i.e. customer ID, IPIN, Credit / Debit Card numbers, Card expiry date and CVV number, etc.
- Once the unaware customer reveals his confidential account information on the fake website he may be directed to the authentic website of the Bank to suppress any suspicion arising in the customer's mind. This is how the customer’s identity is compromised .
- This customer confidential account information or identity credentials are then used by the fraudster to gain access to the customer's account to commit fraudulent transactions
Here are some precautions for safe and secure mobile banking
- Always download apps from trusted sources.
- Keep your phone's Operating System (OS) and apps updated.
- Restrict access to your phone with a password or PIN.
- Set your phone to lock after a short period of inactivity.
- Register for SMS alerts to keep track of your banking transactions.
- Delete junk message and chain messages regularly.
- Do not follow any URL in message that you are not sure about.
- If you have to share your mobile with anyone else or send it for repair/maintenance, Clear the browsing history.
- Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information.
- Do not save confidential information such as your debit/credit card numbers, CVV numbers or PIN's on your mobile phone.
- Do not part with confidential information received from your bank on your mobile.
- If you lose your phone, report it to your mobile phone provider immediately.
- Make a note of your phone's IMEI number (dial *#06# to get it). This makes it easier to disable a stolen phone.
What are Money Mules?
By phishing or other means of customer identity theft, the fraudster harvests customer NetBanking credentials i.e. customer ID and IPIN with a motive to transfer money from customer account to another account holder of the same or different bank. The beneficiary account holder is referred as a "Money Mule". The beneficiary becomes accomplice unknowingly by social engineering techniques employed by the fraudster.
How does the Fraudster operate?
- These fraudsters generally operate from across a country other than where the fraud is to be committed to keep themselves away from local law enforcement agencies. They either maintain anonymity or use fictitious identity to commit these frauds.
- Fraudsters launch their attack using social engineering techniques by contacting the prospective money mules either by sending emails, in chat rooms, job search websites or through internet blogs.
- Fraudsters lure the prospective money mules to share their bank account details by telling them a fake story and convincing them to receive money in their accounts. Fraudsters also offer a part of their money or commission and persuade them to unknowingly act as money mules.
- Fraudsters then transfer money from the bank customer account whose Internet Banking customer ID and IPIN / password has been harvested either by means of phishing or through other means of identity theft.
- Money Mule is then directed by the fraudster to retain commission and transfer balance money either through wire transfer or to an account of another money mule by means of online transfer or cash deposit thereby forming a chain of fraud.
- Such money transfers would ultimately lead to funds transfer into fraudster's account thereby maintaining anonymity.
- When such frauds are reported the money mules become the target of law enforcement agencies as their bank accounts are used and their identity is established.
Cheque Book Safety Measures
Tips To Keep Your Cheque Book Safe
- Record all details of cheques issued.
- Do not leave your cheque book unattended. Always keep it in a safe place, under lock and key.
- Whenever you receive your cheque book, please count the number of cheque leaves in it. If there is a discrepancy, bring it to the notice of the Bank immediately.
ATM Safety Measures
Precautions while using an ATM
- Memorise your PIN. Do not write it down anywhere, and certainly never on the card itself.
- Your card is for your own personal use. Do not share your PIN or card with anyone, not even your friends or family.
- "Shoulder surfers" can peep at your PIN as you enter it. So, stand close to the ATM machine and use your body and hand to shield the keypad as you enter the PIN.
- Do not take help from strangers for using the ATM card or handling your cash.
- Press the 'Cancel' key before moving away from the ATM. Remember to take your card and transaction slip with you.
- If you choose to take transaction slip, shred it immediately after use.
- If your ATM card is lost or stolen, report it to your card issuing-bank immediately.
- When you deposit a cheque or card into your ATM, check the credit entry in your account after a couple of days. If there is any discrepancy, report it to your bank.
- If your card gets stuck in the ATM, or if cash is not dispensed after you having keyed in a transaction, call your bank immediately.
Advance Fee Scams (Lottery / Inheritance / Lotto / Lucky Draw / Job related)
Advance Fee scams pertain to unsolicited E-mail messages or letters sent out by scammers to tempt people with promises of large cash pay-outs in exchange for a small advance payment as fee.
The email or the letter may appear to be from a foreign government, agency, or sweepstakes company that offers to transfer millions of dirham’s into the person’s bank account and sometimes the email will appear to come from a senior bank executive.
This email or letter you receive about your winnings/opportunity will ask you to respond quickly or risk missing this rare opportunity. You’re usually asked to pay some fees towards insurance costs, government taxes, bank fees, legal fees or courier charges to process your winnings. The fraudsters may also provide copies of documents, or cheques as ‘proof’ of authenticity, although these were produced fraudulently. Sometimes you would also be asked to provide personal details to ‘prove’ that you are the correct winner and to give your bank account details so the ‘prize’ can be sent to you.
This is known as an ‘advance fee fraud’.
From time to time, fraudsters use the Modus operandi in different forms like Lottery, Inheritance, lotto, lucky draw and also offering jobs under the names of reputed organisations/Banks and well-known financial institutions to try to con people out of money.
These scammers make money by collecting ‘fees’ under different heads from you and stalling the payment of your ‘winnings’. They may also use the personal details to steal your identity to make money from your bank account.
Such scams have been around for many years but, unfortunately, criminals still continue their efforts to defraud people. Use of the Internet is yet just another means that the criminals use, especially since it has made it easier for them to reach large numbers of potential victims around the world. However the best way to defend ourselves is to be more alert by understanding and following simple measures.
- Unsolicited Email or letters received from any company /organisation with whom you have never interacted.
- The scammers create urgency by putting strict deadlines & clauses like failure to respond could lead to forfeiture or loss of the winnings, thereby trying to stop you from thinking through the situation rationally.
- You are asked to send a ‘fee’ or bank account details to collect your prize.
- You are asked to provide your personal details along with bank details.
- A post office (PO) box number, email address (free email service provider) or mobile phone number is provided as a contact point.
- Do not assume that the sender’s email address is genuine. The fraudsters will often use an account at a free email provider, which you can tell by reviewing the 'properties' of the address.
- Never pay any money or fee to claim prize money.
- Never open suspicious or unsolicited emails (spam), always delete them.
- Do not click on any links in a spam email, or open any files attached to them.
- Do not reply to a spam email, even to unsubscribe.
- Never call a telephone number provided in the email or letter. – If a telephone number, account number or address is provided within the e-mail forward the details to the law enforcement authorities.
- If the mail has purportedly come from the Bank, please check with the Bank’s customer service before acting on the mail.
- If you have paid money, report the matter to your local police station.
- Use common sense and trust your instincts – if something looks too good to be true, then it probably is too good to be true.
Fraud through Social Networks
With more and more people joining social networks, there has been increased danger of social engineering, a form of identity theft where thieves gather personal information from available sections of social networking sites.
By taking the following precautions, you can guard yourself against social networking fraud.
- Use a separate email for social networking sites - Many social networking sites use your email address to identify you.
- Do not use the same username and password to log into social networking sites that you use to access your United Arab Bank accounts.
- Never share personal information such as: User IDs, PINs and account numbers on social media sites.
- Create a screen name that doesn't reveal too much about you.
- Be careful while clicking links. Even if the message appears to come from a friend, contact the sender directly to make sure it's authentic.
- Post only information you are comfortable with others seeing, and regard information posted on social media sites as public and permanent.
- Use privacy settings to limit access to your information.
- Never include any information that can help thieves steal your identity, such as your address, phone number or even employment information.
- Use a unique password for each of your social networking profiles. Ensure it doesn’t match passwords used for banking and other related activities
How can you protect yourself against Malware
- Always check that the latest updates of your operating system have been installed on your computer. Your computer’s operating system can also be set to check for the latest updates automatically and install them immediately.
- Check that you are using the latest version of your internet browser (Internet Explorer, Firefox, etc.); Be careful with beta and test versions, though: these are, by definition, not fully tested.
- Ensure that the security level of your browser is set high enough. You can check this in your browser’s options, under “Security”.
- If you are working wirelessly (via a Wi-Fi connection), ensure that the connection is secure (for example, by using a password).
- If you are working on a local area network (multiple computers on the same internet connection), ensure that this is sufficiently secure.
- Install all the necessary security software, such as antivirus programs, firewalls, spam filters and anti-malware programs.
- Scan your computer regularly with your security software.