Several banks in the UAE are now being tasked to warn their customers against a newly developing fraudulent scheme that exposes valuable banking information. These fraudsters can gain access to anyone’s text (SMS) notifications and OTPs (One Time Passwords) from their mobile devices. All they need to pull off this malicious SIM activity is a victim’s name and mobile number.
Once a victim is identified, the fraudster will then pretend to be the individual who just lost his SIM card – and asks the service provider for a replacement. The only tricky part is obtaining valid personal documents like an identity card or a passport. But seeing as there are already an unidentified number of victims, it came as no trouble for the fraudsters.
Upon approval of the request for replacement, the mobile service provider will disable the unsuspecting legit users’ SIM and issue the fraudster a new one. This automatically provides the fraudster all-out access to all personal SMS notifications mentioned earlier, including banking OTPs.
A simple analysis of the scam’s anatomy:
- Obtain victim’s name and mobile number.
- Fraudster pretends and claims loss of the SIM card to the service provider.
- Provider deactivates existing SIM and issues a new one.
- Fraudster gets full access to all text notifications and personal banking info.
A call for stricter customer validation by UAE service providers is now being urged in order to prevent any further fraudulent activities and possible breach of personal information. UAE mobile customers and residents are advised to report any such instances in order for proper authorities to take immediate action. Bank customers are particularly being warned and advised to be more vigilant when they get calls from people claiming to be from banks or other financial institutions.
People are also told to be extra cautious, especially when posting or sharing personal information on social media platforms like Facebook, Twitter, etc. Bank customers and mobile subscribers should contact the bank and their service providers immediately when they receive a message saying they are not registered to the network. This will most likely be an indication that their SIM has been compromised. Bank logins, email and device passwords should also be changed considerably to for added safety precautions. In the UK, the National Fraud and Cyber Crime Reporting Centre has already warned the UAE residents of the country about the scam and what they can do if ever they encounter one.