'Wangiri scam' hits UAE: Foreign gangs target residents with phone calls and phishing texts
Answering an anonymous call from South Africa or the tiny Pacific island of Nauru could end in a huge phone bill – and a criminal getting into your phone
Criminal gangs are targeting UAE customers with a cold calling phone scam that lands victims with huge bills.
Security experts said users are being targeted by the Wangiri scam, a telephone con that has hit other nations in recent years.
Wangiri translates to ‘one ring and cut’ in Japan from where the hoax first originated.
People who ring back after a missed call are routed to premium rate numbers and are locked into listening to an automated message until it plays out.
“The call was disconnected repeatedly from the same international number and I made the mistake of calling back. I was lucky I couldn’t get through," said Rosa Bianchi, a marketing executive from Dubai.
"A friend called back because her parents were travelling and she assumed they called her. She heard loud recorded music, couldn’t disconnect the call and ended up paying hundreds of dirhams in overseas charges.”
Ms Bianchi then received messages to call other numbers and texts with invitation links to contests promising thousands of dollars in prize money.
Like dozens of others who have taken to Facebook and Twitter to post instances of international calls that are immediately disconnected, she worries her number is in the hands of hackers.
The numbers originate from Nauru, Liberia, Chad and phone users from Ireland to India, South Africa to New Zealand have received calls from scammers who are part of networks that dial a set of numbers.
“The Wangiri scam has been around for a long time and I guess it was just a matter of time before the UAE got hit,” said David Michaux, director technical security services of Whispering Bell that provides risk management and information security services.
“It involves premium rate numbers being called in countries where the regulation around operating these numbers is not as strict as in other parts of the world. The scam is quite simple, the fraudsters use an automatic dialer that calls a series of numbers in a defined range, for example +971 50 123 xxxx, the dialer calls each number in turn for one ring and then disconnects.
“When the caller tries to return the call they get connected to a recorded message which is billing at a premium rate.
"The scam is put together to try and keep the user on the line as long as possible, so small tricks are also employed to achieve this. For example, as soon as you dial the number you’re automatically connected. Although you will hear a ringing sound, this is actually part of the recording, thus keeping you on the line longer.”
The fraudsters make money because for premium rate numbers they share the revenue of the call with the telecom company of the country the call originates from.
The scam does not target specific countries but is an industry-wide issue.
The message to UAE residents is not to return a call from an overseas number they do not recognise since legitimate callers will call back.
Mr Michaux spoke of phishing scams where fraudsters pretend to be from the victim’s bank and ask for bank details or passwords.
“Sometimes these phishing scams come in the form of international phone calls that appear to originate from your home country. When you see the incoming call with your home country code, you automatically feel more at ease, and the fraudsters use this to make you feel more assured about the person you feel you are talking to,” he said.
Addressing concerns that phones could be remotely hacked, he said the technology was referred to as RATs or remote access tools.
“A RAT can be used for good or for evil, and in 99 per cent of cases refers to a program that is installed on your mobile device to allow someone to monitor that device. The bad side of RATs is when this is done without the user’s knowledge. It can be introduced to the user’s phone in a number of ways, traditionally through ‘fake’ apps in the app store or by a person physically having access to your mobile device and installing it manually,” Mr Michaux said.
Such tools are also used with positive motives when parents add apps on their children’s phones to monitor usage.
But awareness is critical so residents are not swindled.
Abu Muadh, who runs a software company, said low-income workers too have lost money.
“When we think of information security, we think of white collar workers sitting in offices. But there is a risk to men in labour camps who are exposed to this," he said.
"They form 52 per cent of work force and have fallen into traps. They lose Dh100-200 and for some their phone balance gets sucked out.”
The recipient of an award last year for mobile phone applications of literacy and educational material for labourers, Mr Muadh is working on an information security course to warn them about the dangers inherent in clicking on phony links.
“Once you are connected, somebody can remotely push applications on to your phone," he said.
"They want to make sure you sniff on something new so they send links via sms. Even educated people fall for such scams. When a worker is promised a lucky prize, he will jump and click on it. This is exactly what I’m fighting. Blue collar workers need more awareness because they are more vulnerable.
"They get desperate when they lose Dh 200-300. It is a lot of money for workers who spend this amount in a month.”
The Telecommunications Regulatory Authority recommended residents file complaints with service providers directly. The TRA has yet to respond on action taken against scammers.
Etisalat said it have not received specific complaints about the scam.
Du has advised customers never to give personal information or bank details and recommended calling its customer care centre if they suspect the authenticity of a call.
Updated: May 29, 2018 08:49 PM