In the past two weeks, dozens of clients of local banks have been subjected to fraudulent operations through hackers while making fabricated payments, reports Al-Rai daily quoting banking sources. They explained that the banks informed the Cybercrime Investigation Unit about their customers’ complaints and their exposure to fraud. There has been a recent spread of emails with links that, when clicked, allow remote access to the smart devices with the aim of stealing banking data.
After receiving the information from the banks, the unit immediately launched extensive investigations in this regard. All financial fraud operations registered with banks during this period happened through emails with email addresses that mislead customers into thinking the emails come from the postal sector of the Ministry of Communications or from courier companies such as DHL and Aramex. The email begins with a fake postal message stating that your shipment has arrived, and to receive this shipment, they must click on the notification link and pay a fee of KD 1.5.
The sources indicated that the customers who are coincidentally awaiting the arrival of a shipment by express mail are more likely to fall victim to this fraud. They stated that the banks launched a technical move to recover the withdrawn amounts. The sources revealed that the complaints of individuals who fell into the trap of fraud in the past two weeks and whose numbers witnessed a rapid growth highlighted that the amounts withdrawn through these operations by hackers vary between KD 300 and KD 1,500 for each operation. They said the banks of these clients who were defrauded are betting on recovering about 80 percent of the amounts that were stolen, after coordinating with the companies “Visa” and “MasterCard” to stop the completion of payment operations as international rather than local payments.
Victim
The sources explained that as soon as the victim clicks on the bank account data, especially the information that comes by mail to accept payment, the customer would have fallen into the trap of fraud, and the real withdrawal process would begin, which may exceed the value of the specified fee by one thousand times. If the fraud took place without the customer providing all his account data, the bank can recover the fraudulent amounts in coordination with “Visa” and “MasterCard” within a period ranging from 10 to 45 days.
However, if the verification code known as “OTP” (One-Time Password) is provided, it becomes difficult for the bank to recover the stolen amounts, and to classify them with the international payment institutions as a valid payment process that was carried out at the full will of the customer. The sources affirmed that banks do not ask customers for personal information via e-mail, text messages or phone calls, stressing that fraud attempts aim to obtain the customer’s banking information in order to steal money or data.
Customers
They called on customers to deal with caution with unknown applications and electronic links, indicating that simply downloading the application or clicking on the link exposes the customer’s confidential banking data to the risk of theft and loss of money. The sources stressed that banks, within the framework of their efforts to confront the rapid development of piracy operations, make great efforts and spend millions annually in order to fortify their systems through strong cyber security programs and systems to protect customers and electronic payment operations, and the customers are in turn required to preserve their banking data and smart devices from infiltration.
They explained that hackers use cunning tricks to obtain customer data either by selling illusion to them by promoting applications that promise users to win attractive profits and returns, or by imitating applications of famous major companies to persuade customers to enter their banking data and passwords. DHL and Aramex have previously warned of such attempts to defraud online shoppers through the unauthorized use of their names and trademarks in emails and graphics that appear to come from them. They confirmed that they will not ask for any personal information or payment data through traditional mail or electronic mail methods.
Image by: Shutterstock
