Shah Sheikh spoke to The National about the Recent Surge in Bank Scams in UAE

Surge in bank scams leads to calls for caution from security experts

Our Co-founder & CISO, Shah Sheikh spoke to The National about the recent surge in bank scams in UAE.

More than a dozen bank customers have spoken of unauthorized payments being made from their accounts in the UAE — sometimes while they were asleep.

At least 18 account holders described receiving a stream of text messages, often late at night or early in the morning, notifying them of purchases they had not made.

Shah Sheikh, co-founder and cyber security adviser at DTS solution, said it is possible that victims’ card details were harvested during phishing exercises.

Surge in bank scams leads to calls for caution from security experts

Our Co-founder & CISO, Shah Sheikh spoke to The National about the recent surge in bank scams in UAE.

More than a dozen bank customers have spoken of unauthorized payments being made from their accounts in the UAE — sometimes while they were asleep.

At least 18 account holders described receiving a stream of text messages, often late at night or early in the morning, notifying them of purchases they had not made.

Shah Sheikh, co-founder and cyber security adviser at DTS solution, said it is possible that victims’ card details were harvested during phishing exercises.

Tactics used by cyber criminals to steal bank card details

Typically, this involves criminals emailing a huge number of people with requests for bill payments from organizations that appear genuine. For example, they may be fake electricity or phone bills.

When the person clicks the link, they are taken to a web page that looks deceptively like the organization’s real site.

The victims insert their bank card details, including the CVC number. They then receive a successful payment notification.

“But what’s happening in the background is that the hackers are collecting this information,” said Mr. Sheikh. “Now, what can happen is that the hackers can then go to other sites — commercial platforms — and use that information.”

Tactics used by cyber criminals to steal bank card details

Typically, this involves criminals emailing a huge number of people with requests for bill payments from organizations that appear genuine. For example, they may be fake electricity or phone bills.

When the person clicks the link, they are taken to a web page that looks deceptively like the organization’s real site.

The victims insert their bank card details, including the CVC number. They then receive a successful payment notification.

“But what’s happening in the background is that the hackers are collecting this information,” said Mr. Sheikh. “Now, what can happen is that the hackers can then go to other sites — commercial platforms — and use that information.”

Card details being sold on dark web

He added that hackers can also sell people’s card details on the dark web.

“The dark web is anonymous, so I can post on it and say: ‘Do you want this file? I have a file of 500 credit cards and its one day old, or six hours old or two days old, or whatever’,” said Mr. Sheikh.

The hackers will buy and sell in Bitcoin, he added.

Using cryptocurrency, the dark web and proxy channels makes it harder for criminals to be caught, said Mr. Sheikh.

Dark Web
Dark Web

Card details being sold on dark web

He added that hackers can also sell people’s card details on the dark web.

“The dark web is anonymous, so I can post on it and say: ‘Do you want this file? I have a file of 500 credit cards and its one day old, or six hours old or two days old, or whatever’,” said Mr. Sheikh.

The hackers will buy and sell in Bitcoin, he added.

Using cryptocurrency, the dark web and proxy channels makes it harder for criminals to be caught, said Mr. Sheikh.

Educate customers about the risk of phishing and smishing

Mr. Sheikh said banks should educate their customers about the risks of “phishing emails and SMSs”, as this tactic is responsible for “99 per cent” of bank card or financial theft.

Finally, banks and credit card companies should have advanced fraud detection capabilities to thwart hackers, he said.

To read the full interview published on thenationalnews.com, please click here.

Educate customers about the risk of phishing and smishing

Mr. Sheikh said banks should educate their customers about the risks of “phishing emails and SMSs, as this tactic is responsible for “99 per cent” of bank card or financial theft.

Finally, banks and credit card companies should have advanced fraud detection capabilities to thwart hackers, he said.

 

To read the full interview published on thenationalnews.com, please click here.