Home / / Phishing scam hits Mashreq Bank online customers

Phishing scam hits Mashreq Bank online customers

Businessman loses AED10,000 overnight on fraudulent Etisalat phone recharges

Mashreq's online banking service has been hit by a sophisticated phishing scam, according to Gulf News.
Mashreq's online banking service has been hit by a sophisticated phishing scam, according to Gulf News.

A Dubai-based business man was recently hit by a phishing scam through the online service of his Mashreq Bank account, according to Gulf News.

Kannaiyan Shankear woke one morning to find 20 Etisalat recharge transactions on his phone worth AED500 each. The transactions all occurred between 11.30pm and 2am on December 6 and 7, while he was asleep.

"How can they approve such series of transactions? Maybe they would approve it once or twice, but not 20 times, that too within the same hour, without seeing anything unusual," Shankear said. "If your bank balance is reduced while you're sleeping ... it's scary. There should be a better security firewall."

Each of the amounts deducted from his account, which totaled AED10,000, were credited to different phone numbers, which were no longer in service the next morning, according to Shankear. When the businessman lodged a complaint about the transactions with the bank, he was told that he was not the only victim of the scam.

However, Mashreq Bank is not going to be refunding Shankear his stolen money.

"We sympathise with Mr Shankear's case and would like to offer him all assistance to take this further with the authorities. However, as per the published MashreqOnline Banking terms, the customer is responsible for the security of his or her user ID and password," said a Mashreq spokesperson.

The businessman has since opened a case with the Dubai Police, at the request of Mashreq Bank.

"We discovered that a highly sophisticated phishing campaign resulted in Mashreq customers falling victims to an online fraud," said a Mashreq spokesperson. "Mr Shankear has access to MashreqOnline since December 15, 2009. We have retrieved several successful logins to the account, hence it is active and the customer is aware of it."