PHOTO
Looking to recharge your Nol card? Exercise caution. Deceptive websites mimicking RTA’s platform are here to steal your money. In fact, the first four sites that pop up on your screen when you Google 'Nol recharge' are all fraudulent.
Dubai resident Mohammad Salman found out the hard way recently when he lost Dh1,051 to one such website while trying to recharge his Nol card with Dh30. “The site looked strikingly similar to RTA’s official platform, and I didn’t suspect anything was amiss,” Salman recalled.
Clicking on the site led him to a spoofed landing page that required entering his Nol tag ID, email address, and the recharge amount. Those who follow this process are then led to the next step to confirm the payment. Salman explained, “I didn’t see the amount as I was in a hurry and copied the OTP from the payment window.”
Even when he discovered that Dh1,051 instead of Dh30 had been deducted from his debit card, Salman initially thought he had mistakenly added extra credit to his smart card. "I thought I wouldn't have to worry about topping my card for some time."
It was only when the Indian expat checked his Nol balance that he realised he had fallen victim to a scam. Subsequently, he filed a complaint with Dubai Police and his bank.
Salman shared evidence showing that his payment went to a company called Mono Direct FJ 1 in Kyiv, Ukraine. Social media platforms are flooded with accounts of victims losing money to this company in similar circumstances.
A KT investigation reveals that not only RTA but also Global Village and the Museum of the Future websites have been spoofed to sell fake tickets. A tourist reported losing Dh6,000 while purchasing a Museum of the Future ticket on a site called cargovanexpeditinginny.com. This site is now marked 'Dangerous' by Google, indicating it has been compromised to host malicious content, including phishing sites.
In another incident, a man lost over a thousand dirhams while attempting to book a Dh22 ticket for Global Village on a dodgy platform.
"Recounting the experience, he shared, "I received an OTP, but upon entering it, I received a text message claiming it was incorrect. I received three OTPs and I entered each one of them, thinking it's the correct one. Imagine my horror when I received a message stating that Dh1,040 had been deducted from my credit card."
Obaidullah Kazmi, founder and CTO of cybersecurity firm CREDO, highlighted the growing threat of fake sites emphasising the need for users to exercise caution and remain vigilant.
To enhance security, he recommended authenticating websites, especially before providing personal or financial details. Recognising phishing sites involves checking for discrepancies in URLs (noting that UAE government websites typically use a '.ae' domain), identifying poor grammar, and ensuring secure connections (with sites using HTTPS). Kazmi also emphasised the crucial responsibility of organisations in safeguarding their brand and customer base.
He said: "Proactive measures, such as employing takedown services to swiftly remove counterfeit sites misusing their brand, play a vital role in preventing fraud and maintaining customer trust."
The UAE is grappling with a surge in cyber attacks, defending against 71 million incidents in the first three quarters of 2023 alone, according to Dr Mohammed Al Kuwaiti, head of the country's Cybersecurity Council.
Recently, a hacking group known as the Smishing Triad attempted to steal personal and financial information from UAE residents and visitors through a new text-based phishing campaign. The cybercriminals deployed malicious text messages, masquerading as UAE authorities, enticing victims to provide sensitive data such as home addresses, phone numbers, and credit card information. The deceptive messages, tailored for both Apple iOS and Google Android mobile devices, included a link to a fraudulent website designed to closely resemble that of the General Directorate of Residency and Foreign Affairs.
Authorities have consistently cautioned residents against responding to calls demanding fine payments or sharing One-Time Passwords (OTP). In a recent social media post, Dubai Police reiterated this warning, stating, 'If you are being asked to make payments via links and share your personal information, stop."
Copyright © 2022 Khaleej Times. All Rights Reserved. Provided by SyndiGate Media Inc. (Syndigate.info).