It is essential practice to be informed about your internet banking hygiene. Customer awareness is one of our core focusses at UAB. Here are some handy tips that can help you stay aware against fraud and phishing attacks.
Change both your log-in and transactional passwords after the first log-in. It is also recommended to change your ATM pin periodically.
Keep your personal details secret. Never write down or disclose your account details, credit card details and passwords with anyone. Keep your credit card and ATM cards safe.
Do not hand-over your card to anyone even if they claim to be representatives from your bank. Always cut the plastic in four pieces across the magnetic stripe before disposal.
Ensure your personal documents are always secure. Do not hand-over copies or original documents containing your personal data like your DOB, PIN number, financials, address proofs, etc to an unknown person. Always ask for identification.
Check your bank account and credit card statements regularly. If you notice any transactions you don't remember making on your account, report the discrepancy to the customer service department immediately.
Be alert for any scam emails like Phishing, Advance Fee scams, Lottery, Rewards etc:- and fake SMS alerts. Beware opening emails or replying to people and companies that you have not interacted with earlier. Please note: United Arab Bank would never ask for your passwords or PIN numbers for validation or verification of your accounts.
Use common sense and trust your instincts – if something looks too good to be true then it probably is too good to be true.
Do not respond to offers or deals unless you receive clarification from your bank and are absolutely convinced that it is in your best interest.
Phishing Fraud
What is Phishing?
Phishing is an act undertaken by fraudsters to gain your private information through emails that appear to be sent by your bank. Such fake emails encourage you to click on a link in the email which leads you to a copycat website with a similar look and feel as that of the bank's original one . It is designed to capture your confidential account information such as Customer ID, IPIN, Credit/Debit Card number, Card expiry date, CVV number, etc.
Customers’ email addresses are obtained/purchased by the fraudster through non-trusted sites where the customer would have revealed his email ID by means of casual browsing or shared it on chat rooms, blogs or mailing lists, etc.
How do the fraudsters operate?
Fraudsters send spoofed emails, appearing to be sent by UNITED ARAB BANK, to a large number of recipients with an urgent tone that calls for quick action to verify, update or reveal your confidential account information by clicking on a link in the email.
Once the recipient clicks on the link , he is diverted to a copycat website with a similar look and feel of the bank's original one . The customer is presented with a web form to divulge one’s confidential account information i.e. customer ID, IPIN, Credit/Debit Card numbers, Card expiry date and CVV number, etc.
Once the unaware customer reveals his confidential account information, he may be directed to the original website of the bank to quell any suspicion arising in the customer's mind. This is how the customer’s identity is compromised.
This customer’s confidential account information or identity credentials are then used by the fraudster to gain access to the customer's account to commit fraudulent transactions.
Mobile Banking
Here are some precautions for safely using mobile banking:
Always download apps from trusted sources.
Keep your phone's Operating System (OS) and apps updated.
Restrict access to your phone with a password or PIN.
Set your phone to lock after a short period of inactivity.
Register for SMS alerts to keep track of your banking transactions.
Delete junk messages and chain messages regularly.
Do not follow any URL in message that you are not sure about.
If you have to share your mobile with anyone else or send it for repair/maintenance, clear the browsing history.
Clear cache and temporary files stored in the memory as they may contain your account numbers and other sensitive information.
Do not save confidential information such as your debit/credit card numbers, CVV numbers or PIN's on your mobile phone.
Do not part with confidential information received from your bank on your mobile.
If you lose your phone, report it to your mobile phone provider immediately.
Make a note of your phone's IMEI number (dial *#06# to get it). This makes it easier to disable a stolen phone
What are Money Mules?
By phishing or other means of customer identity theft, a fraudster harvests the customer’s NetBanking credentials i.e. customer ID and IPIN with a motive to transfer money from customer account to another account holder of the same or different bank. The beneficiary account holder is referred to as a "Money Mule". The beneficiary becomes an accomplice unknowingly by social engineering techniques employed by the fraudster.
How does the Fraudster operate?
These fraudsters generally operate from a country other than where the fraud is being committed to keep themselves away from local law enforcement agencies. They either maintain anonymity or use fictitious identities to commit these frauds
Fraudsters launch their attack by contacting the prospective money mules either by sending emails, talking in chat rooms, or reaching out on job search websites.
Fraudsters lure the prospective money mules to share their bank account details by telling them a fake story and convincing them to receive money in their accounts. Fraudsters also offer a part of their commission to persuade them to unknowingly act as money mules.
Fraudsters then transfer money from the customer account whose Internet Banking customer ID and IPIN/password has been harvested either by means of phishing or through other means of identity theft.
Money Mule is then directed by the fraudster to retain commission and transfer balance money either through wire transfer or to an account of another money mule by means of online transfer, thereby forming a chain of fraud.
Such money transfers would ultimately lead to funds transfer into the fraudster's account thereby maintaining anonymity.
When such frauds are reported, the money mules become the target of law enforcement agencies as their bank accounts are used and their identity is established.
Cheque Book Safety Measures
Tips To Keep Your Cheque Book Safe:
Record all details of cheques issued.
Do not leave your cheque book unattended. Always keep it in a safe place, under lock and key.
Whenever you receive your cheque book, please count the number of cheques in it. If there is a discrepancy, bring it to the notice of the bank immediately.
ATM Safety Measures
Precautions while using an ATM:
Memorise your PIN. Do not write it down anywhere, and certainly never on the card itself.
Your card is for your own personal use. Do not share your PIN or card with anyone, not even your friends or family.
"Shoulder surfers" can peep at your PIN as you enter it. So, stand close to the ATM machine and use your body as well as your hand to shield the keypad as you enter the PIN.
Do not take help from strangers for using the ATM card or handling your cash.
Press the 'Cancel' key before moving away from the ATM. Remember to take your card and transaction slip with you.
If you choose to take transaction slip, shred it immediately after use.
If your ATM card is lost or stolen, report it to your card issuing-bank immediately.
When you deposit a cheque or cash into your ATM, check the credit entry in your account after a couple of days. If there is any discrepancy, report it to your bank.
If your card gets stuck in the ATM, or if cash is not dispensed after you have keyed in a transaction, call your bank immediately.
Advance Fee Scams (Lottery/Inheritance/Lotto/Lucky Draw/Job related)
Advance Fee scams pertain to unsolicited E-mail messages or letters sent out by scammers to tempt people with promises of large cash pay-outs in exchange for a small advance payment as fee.
The email or the letter may appear to be from a foreign government, agency, or sweepstakes company that offers to transfer millions of Dirhams into the person’s bank account. Oftentimes, the email will appear to come from a senior executive.
This email or letter you receive about your winnings/opportunity will ask you to respond quickly or risk missing this rare opportunity. You’re usually asked to pay some fees towards insurance costs, government taxes, bank fees, legal fees or courier charges to process your winnings. The fraudsters may also provide copies of documents, or cheques as ‘proof’ of authenticity, although these are all counterfeit. . Sometimes you will also be asked to provide personal details to ‘prove’ that you are the correct winner and to give your bank account details so the ‘prize’ can be sent to you.
This is known as an ‘advance fee fraud’.
From time to time, fraudsters use this modus operandi in different forms like lottery, inheritance, and lucky draw. They also occasionally offer jobs under the names of reputed organisations/Banks and well-known financial institutions to try and con people out of money
These scammers make money by collecting ‘fees’ under different heads from you and stalling the payment of your ‘winnings’. They may also use your personal details to steal your identity to take money out of your bank account
Such scams have been around for many years but, unfortunately, criminals still continue their efforts to defraud people. Use of the Internet is yet just another means for criminals , especially since it has made it easier for them to reach large numbers of potential victims around the world. However the best way to defend ourselves is to be more alert by understanding and following simple measures.
Warning signs:
Unsolicited e mails or letters received from any company/organization with whom you have never interacted
The scammers create urgency by putting strict deadlines & clauses like ‘failure to respond could lead to forfeiture or loss of the winnings’, thereby trying to stop you from thinking through the situation rationally.
You are asked to send a ‘fee’ or bank account details to collect your prize.
You are asked to provide your personal details along with bank details.
A post office (PO) box number, email address (free email service provider) or mobile phone number is provided as a contact point.
Protective and Preventive Measures:
Do not assume that the sender’s email address is genuine. The fraudsters will often use an account at a free email provider, which you can tell by reviewing the 'properties' of the address.
Never pay any money or fee to claim prize money.
Never open suspicious or unsolicited emails (spam), always delete them.
Do not click on any links in a spam email, or open any files attached to them.
Do not reply to a spam email, even to unsubscribe.
Never call a telephone number provided in the email or letter. – If a telephone number, account number or address is provided within the email, forward the details to law enforcement authorities.
If the mail has purportedly come from the bank, please check with the bank’s customer service before acting on the mail.
If you have paid money, report the matter to your local police station.
Use common sense and trust your instincts – if something looks too good to be true, then it probably is too good to be true.
Fraud through Social Networks
With more and more people joining social networks, there has been increased danger of social engineering, a form of identity theft where thieves gather personal information from available sections of social networking sites.
By taking the following precautions, you can guard yourself against social networking frauds:
Use a separate email for social networking sites - Many social networking sites use your email address to identify you.
Do not use the same username and password to log into social networking sites that you use to access your United Arab Bank accounts.
Never share personal information such as: User IDs, PINs and account numbers on social media sites.
Create a screen name that doesn't reveal too much about you.
Be careful while clicking on links. Even if the message appears to come from a friend, contact the sender directly to make sure it's authentic.
Post information only you are comfortable with others seeing, and regard information posted on social media sites as public and permanent.
Use privacy settings to limit access to your information.
Never include any information that can help thieves steal your identity, such as your address, phone number or even employment information.
Use a unique password for each of your social networking profiles. Ensure it doesn’t match passwords used for banking and other related activities.
Malware
How you protect yourself against Malware:
Always check that the latest versions of the operating system have been installed on your computer. Your computer’s operating system can also be set to check for the latest updates automatically and install them immediately.
Check that you are using the latest version of your internet browser (Internet Explorer, Firefox, etc.); Be careful with beta and test versions, though: these are, by definition, not fully tested.
Ensure that the security level of your browser is set high enough. You can check this in your browser’s options, under “Security”.
If you are working wirelessly (via a Wi-Fi connection), ensure that the connection is secure (for example, by using a password).
If you are working on a local area network (multiple computers on the same internet connection), ensure that this is sufficiently secure.
Install all the necessary security software, such as antivirus programs, firewalls, spam filters and anti-malware programs.
Scan your computer regularly with your security software.
Reporting a Fraud
It’s important that you frequently monitor your account activity to help protect yourself against fraud.
In event of any unauthorized or suspected fraud please email 09fraud@uab.ae or call 800474.
The incident should be reported to Bank within 30 days of occurring.
Bank will be investigate the incident, completion of investigation might take up to 30 days from date incident is reported.
Investigation findings will be shared with you, in case negligence from your side has been established, liability to pay the outstanding balance would remain with you.
