What happened when the scammers called me
Personal finance editor Alice Haine played along to discover the tricks fraudsters use to extract your banking details
The first call came on a Thursday evening when I was relaxing at home.
The male caller said he was from the Central Bank of Abu Dhabi. He wanted the details of my ATM card to help update my Emirates ID.
“Oh ma'am, your Emirates ID to be not updated in your bank – your bank block your account for five years,” he said in broken English. “Your account is blocked now and all your money is going to go out of your account – all money is lost.”
The more I delayed him, the more aggressive he became insisting that I give him my ATM card number.
The caller was targeting the wrong person. As the personal finance editor of The National, not only was I well aware of the scam but, sadly, warning readers about fraudulent phone calls or emails is part of the job. But I was interested to see what tricks a conman will use to persuade residents to give away their bank details, so I played along.
The more I delayed the caller, the more aggressive he became, insisting I give him my ATM card number.
“Without updating your Emirates ID – how can it be possible to use your account,” he replied. “You tell me the number, you tell me the card number. You don’t tell me the card number I will block your account for five years. I will block your airport ma'am. I will tell your passport to the immigration authority.”
I politely pointed out there was no such organisation as the Central Bank of Abu Dhabi, only a Central Bank of the UAE, and it is unlikely they would ask me for my 16-digit ATM card number to update my Emirates ID records.
The Federal Authority for Identity and Citizenship (ICA) issued a tweet last week urging residents not to share their personal or banking details by phone.
The Authority said it “does not use telephone or e-mail to record or update individuals’ data”. In a May statement the ICA said “any amendment of any data, no matter how simple, requires the presence of the person concerned with his identity card at one of its customer happiness centres".
When I continued to question the caller’s demands, he said: “OK, I will block you,” before the phone line went dead.
I was first alerted to this Emirates ID scam in June this year when a friend, Emma White, a personal trainer and founder of bactive.me was approached in the same manner. The caller, claiming to be from the Emirates ID office, told her it was procedure to link her bank account with her identity card.
To Ms White and many like her, this seemed probable as in November last year, the central bank said UAE residents must submit their Emirates ID to banks or risk their debit and credit cards being suspended. The scammers were taking advantage of this ruling to cash in on people’s fear.
Ms White was cautious, asking her caller for evidence he was actually from the government department he claimed. He told her he would send a text while she was on the phone; the message came with a four-digit, one time password (OTP) from a number she had already saved as EmiratesID.
This convinced Ms White the call might be genuine as she previously received texts on the same number concerning her domestic helper’s ID card.
“He asked for my bank account details and I said I did not have them, so he asked for my credit card number, which I felt was a bit dodgy,” says Ms White, who gave him the 16-digit card number and expiry date.
However, when he asked for the three-digit code on the back of the card, she refused.
“The text message that comes through from Emirates ID makes it seem legit," says Ms White. "I realised it was a scam after he lost his cool when I said no and started calling me sister.”
In reference to text messages that suggest they are issued by ICA, the authority said in a May statement that anyone "can create a fake service request and enter the phone number that he wants the (OTP) message to be sent to", however a fraudster cannot "access any other data”.
When the conman called me again days after the first call, I played along once more. However, this caller - a different voice - was much more aggressive.
He repeatedly told me to "listen" and in raised tones said: “So why are you not updating your Emirates ID? Without updating not using any bank account in the UAE. This is a new operation of 2019. You know Expo 2020 coming to the UAE next year?” he said.
“Yes,” I replied.
"So this security – all Emirates ID, all Visa card, all the bank accounts - this is a new rule of UAE government. Without updating, not using any bank account in the UAE.”
This caller claimed to be from the Emirates ID authority and as in Ms White’s case, sent me an OTP from a fake Emirates ID number. When I told him my job title and that I would be reporting the call to the police, he used foul language to threaten me.
Shortly after the called ended, I contacted Dubai Police to report the calls.
Emirates NBD, Dubai’s biggest bank, has partnered with Dubai Police for its #secureyouraccount campaign. The bank says the most common types of cyber crime globally include phishing (sending out emails that appear to be sent from your bank), smishing (luring customers to call a particular phone number or visit a malicious website) and vishing (where the fraudster claims to be calling from your bank). The scam calls received by Ms White and myself fall into the vishing category.
"These scams aim to manipulate human weaknesses to reveal confidential account-related or personal identity information," Emirates NBD told The National.
My advice is to remember these types of calls are commonplace and no bank or government organisation would call you to update personal details over the phone. If you are ever unsure about a call or email, don't give any details away, contact the organisation the conman claims to be from to double check and alert the police.
However, scammers always have new ways to target us and sometimes it can be very personal and scary.
Towards the end of last year, I received emails from my father’s account asking when I was going to repay a small sum I owed him from a recent holiday. He said there was a problem with his account so could I pay it into a new account.
The email was signed in my father’s signature greeting and he addressed me in familiar language.
I was busy and replied telling him I could do it later. After forgetting, he wrote again the next day asking for payment. Again, I said I would do it that evening but the reply came back saying he needed the money sooner.
I knew something was wrong as my father would not be in such a hurry. I called my parents’ home to check everything was OK. No one picked up, so I emailed again and a reply swiftly came back. This confirmed it was a con: my father only emails from home and rarely on the go. The hackers had somehow accessed his email.
At this point, I admit I lost it, my journalist mind going into overdrive. I called my parents’ neighbours in a leafy village in England and asked them to go to the house. This story has become the joke of the village as the neighbour, aged in his late 70s and armed with a garden spade, tentatively entered my parents’ home, swinging around corners and opening cupboards to check my parents weren’t being held hostage.
Overreaction on my part? Probably. All I needed to do (which I later did, once I'd established my parents were happily sailing for the day, oblivious to the drama) was report the breach to the police, and ensure my father and I changed our email passwords.
But fraudsters are crooks and we have no idea the lengths they will go to get their hands on our money. Stay vigilant.
Updated: September 16, 2019 09:30 AM