UAE banks face phishing threats

Phishing attacks are the latest security threats to be hitting banks in the UAE, with a number of the country’s banks being hit in the past month or so. Customers are being warned to be wary about such threats, with some experts claiming the problems are “endemic” in the UAE.

  • E-Mail
By  Diana Milne Published  October 16, 2005

Phishing attacks are the latest security threats to be hitting banks in the UAE, with a number of the country’s banks being hit in the past month or so. Customers are being warned to be wary about such threats, with some experts claiming the problems are “endemic” in the UAE. The round of phishing follows on from a wave of attempted hacking incidents earlier in the year, which targeted a number of banks in the UAE (see IT Weekly 2- 8 July 2005). Both the National Bank of Abu Dhabi (NBAD) and Mashreqbank told IT Weekly that they had been targeted by attempted phishing attacks recently. NBAD said it had been hit last month, with phishers sending e-mails to its customers claiming to be from the bank with links to a fake web site. The bogus web site, www.nbaad.com, was a copy of the genuine NBAD web site. Users were asked to give their account details and passwords in order to claim prizes they were told they had won in a lottery. NBAD, which has posted a warning on its web site alerting customers to the scam, claims none of its online bankers were duped into entering their details on the site. “The problem was first reported to the internet banking unit by some of our customers and by our IT department. When we received the information about this we immediately alerted all our NBAD online customers and advised them to exercise the utmost caution,” said Manoj Bhatia, manager of internet banking at NBAD. The bank also alerted Etisalat, who blocked the URL. “None of the customers were affected and we have been alerting them constantly about our security guidelines and what to do in these circumstances,” Bhatia said. E-mails were also sent to non-NBAD customers and, according to Bhatia, other banks in the region have suffered similar phishing attacks this year. “Many of our customers did receive these e-mails as did many others who were not banking customers of ours as this was a phishing attack — a mass e-mail that was sent out,” he said. “We know that other banks have been affected by similar phishing attacks and that they have sent similar alerts to their customers.” “These include prominent local and international banks,” he added. An information security manager at Mashreqbank said it had also faced the attentions of phishers, with a fake web site being hosted from New York in the US. “We were able to get that site shut down,” the manager said, claiming no customers had lost money. “These sort of things happen all the time, these people are very creative, they are always coming up with new things to keep us busy,” he said, adding that he regarded the problem as “endemic” to banks in the region. “It is a very dynamic market, which attracts a lot of attention,” he said. Mashreqbank was also hit by a low-tech variant on phishing, with customers being encouraged to send their details by fax to an unauthorised number. Again, the number was blocked and no customers lost money, the security manager claimed. However, the bank was only alerted when customers called into branches, asking for their cash reward for sending the fax. A number of other banks contacted by IT Weekly denied they had been targeted by phishing attacks, however, security experts pointed out that phishing is a global problem. “Phishing attacks are something that we will see more and more of but will over time become less successful,” warned Justin Doo, managing director at Trend Micro Middle East. “The hackers who attacked NBAD were taking advantage of the fact that it is a known brand and sending out say 1000 mails is bound to get them some results,” Doo said. “The best advice to give people is just don’t click on a link that you are sent in an e-mail,” he suggested.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code