Dubai: A Pakistani crane operator in Dubai said he has lost his life-savings after Dh127,500 was fraudulently transferred out of his bank account.
Abdul Qayyum Abdul Haq, 69, said the fraud happened even though he has never done any online banking transaction, nor used a credit card in his life or shared his ATM card and bank account details with anyone.
“I’ve had the same bank account, and only one bank account, for 25 years. It took me 25 years to save up this amount from my heard-earned salary. In less than 15 minutes, it was all gone,” he added.
Abdul Haq, who first came to the UAE in 1972, was operating his crane in Dubai’s Jebel Ali Free Zone when he received text messages on his mobile phone on April 30.
“As I was handling the crane, I didn’t check the text messages right away. When I check them around an hour later, I was shocked to see there were three messages saying my money was transferred out to three accounts.”
Abdul Haq has lodged a complaint with his bank, Dubai-based Emirates NBD, and Dubai Police.
“How could this have happened? I never had an online account. The same day of the fraudulent transfer, someone criminally created an online bank account in my name and took my money out,” he said.
Abdul Haq added that the text messages showed that the first two attempts using OTP (one-time password) had failed, but the third attempt went through.
“I didn’t get any call, notification or confirmation from my bank to ask me if it was indeed me who was trying to create the online account or transferring the money.”
In a statement to Gulf News, an Emirates NBD spokesperson said: “There appears to have been a cyberattack on the customer by a fraudster whereby confidential information, such as the customer’s debit card number and multiple authentication codes sent via SMS to his registered mobile number were used to set up the customer’s online banking account and carry out fraudulent transactions.”
Abdul Haq, who has four sons and a daughter, said he was “not satisfied” by the bank’s response. Abdul Haq, who lives in Sharjah, added: “At the end of the day, I entrusted my life’s savings with the bank for peace of mind, both of which I’ve lost. I’ve never shared my ATM card or bank account details with anyone, nor have I used my card to make any payments, anywhere. “I’m not a cyber-crimes expert, I’m a simple man who is a daily wager. I earn my money on an hourly basis and I lose money and time on every occasion I have to leave work to follow-up with my bank regarding my complaint. The bank’s SmartPass or other added security features should have been there before.”
Emirates NBD’s response:
1. After a thorough investigation of the circumstances associated with this particular incident, there appears to have been a cyber-attack on the customer by a fraudster whereby confidential information, such as the customer’s Debit Card number and multiple authentication codes sent via SMS to his registered mobile number were used to set up the customer’s Online Banking account and carry out fraudulent transactions. The information could have possibly been obtained by the fraudster through a vishing/phishing attack. Emirates NBD’s systems have at no point in time been compromised.
2. We can understand the distress this has caused Mr Abdul Qayyum Abdul Haq and as he has reported the crime to Dubai Police, we urge him to follow up on the status of the investigation with Dubai Police. We are extending our full cooperation to Dubai Police and other law enforcement and government agencies on this issue as always.
3. We have recently partnered with Dubai Police on the #secureyouraccount campaign aimed at raising public awareness and education on cybersecurity, as part of Emirates NBD’s long-term commitment to making banking safer and easier for the UAE community.
4. The bank also conducts regular SMS and email campaigns to sensitise customers to potential phishing and vishing attempts by fraudsters and remind them to never share their details with anyone.
5. Tips on safe-guarding personal information and encouraging safe banking practices are prominently displayed on the bank’s website [https://www.emiratesnbd.com/en/security/].
6. Additionally, as part of Emirates NBD’s efforts to make everyday banking transactions more secure, the bank’s new authentication programme known as SmartPass enables customers to authorise transfer and payments on Emirates NBD Online or Mobile Banking by using a token generated through their mobile without the need to use an SMS OTP (one-time password). This protects against potential mobile SIM card swap fraud, making it easier and safer to conduct digital transactions, home or abroad.
7. Emirates NBD will never ask its customers to share confidential details such as Online or Mobile Banking password, 3-digit security code, authentication codes or the SmartPass PIN. We urge customers to remain vigilant and to immediately report any fraud attempts to our 24/7 hotline 600 540000.