The online classifieds service Dubizzle is upgrading its security to protect users from phishing scams.
New measures to stop Dubizzle users caught in UAE phishing scams
DUBAI // Dubizzle is upgrading its security this week in a bid to guarantee that users are no longer directed to phishing websites.
Phishers try to obtain confidential information such as passwords from internet users. Scammers based abroad have been using such methods to take control of the accounts of legitimate users of the Dubai online classifieds service.
The fraudsters then use the hijacked accounts to place advertisements designed to lure other customers into parting with their money for non-existent goods.
“The scammers outside the UAE are mostly in the mobile phone and car sections,” said Ahmed Sawalhi, Dubizzle’s customer service manager. “They create a scenario so the customer believes them.
“They say, for example, that they’ve been living in the UAE but have moved back to their country, the UK or South Africa, and can’t take the car over there because it’s right-hand drive.
“When the user asks to see the car the scammer tells him, ‘you need to show me you are serious and send me some money. Don’t send me the full amount, send me Dh2,000 or Dh5,000’.
“So the scammer is a winner because he’s taking the money for nothing.”
Mr Sawalhi’s customer service team has systems that detect phishing attempts, and staff are trained to identify fake ads.
When a phishing website is identified the overseas company hosting it is contacted and asked to take it down immediately. Most of the fake sites are hosted in Germany, Romania or the UK.
There are a number of telltale signs that an ad is fake. These include the same photo used in several ads, or use of a picture that has clearly not been taken in the UAE because there is lush greenery in the background.
Ads that offer goods at unrealistically low prices should also be regarded as suspicious.
The presence of an email address can also mean an advert is not genuine, as all ads already contain a section that enables customers to contact the seller by email.
“If he writes, ‘Please contact me at this email ID’, why is he posting a different email ID in the description?” asked Mr Sawalhi. “Obviously he is a scammer.”
The security enhancements will go live early tomorrow morning. Dubizzle is keeping details of the changes confidential to avoid alerting fraudsters.
“This is a very big step forward,” said Mr Sawalhi. “It will be 100 per cent safe. Dubizzle guarantees that the changes mean users will not receive any phishing websites.”
He said the frequency of the attacks varied.
“Sometimes two weeks pass and we don’t have anything,” Mr Sawalhi said. “But last Thursday, Friday and Saturday we had two phishing websites each day, and we shut all of them down.
“An average of six or seven scam ads are placed each week.”
The customer service team will also be expanded and start operating around the clock. At present it monitors ads and activity on the website only between 7am and midnight.
Last year, 100 phishing attacks were officially reported in the UAE, with 72 of them aimed at local banks, the internet security agency aeCERT says.
But the anti-fraud company IT Matrix said it detected 1,145 attacks in the Emirates in 2010, the highest number in any Arab country.
The computer security company Symantec noted a rise in the number of attacks on the UAE in its latest Internet Security Threat Report.
“Cybercriminals greatly expanded their reach, targeting markets in the Middle East like the UAE, which has a continuously growing economy and a high rate of internet users,” said Justin Doo, the security practice director for Symantec in the Middle East and North Africa.