We noticed you're blocking ads.

Keep supporting great journalism by turning off your ad blocker.

Questions about why you are seeing this? Contact us

Font Size

- Aa +

Mon 1 Jan 2007 12:00 AM

Font Size

- Aa +

Gulf banks on alert for online account theft

Phishing attacks are getting closer to home here in the Middle East, with security experts warning that many are now originating within the region.

Phishing attacks are getting closer to home here in the Middle East, with security experts warning that many are now originating within the region.

While previously attacks were from other areas, such as Russia and Eastern European countries, it now appears that crime syndicates have enlisted Arabic-speaking people to help tailor their attacks.

The region continues to be the focus of phishing activity, with Emirates Bank last month sending a warning to its customers that it was being targeted.

In an attack which mirrored an earlier incident in July this year, the e-mails contained a link to a replica of the Emirates Bank website where users were asked to enter their user names and passwords.

The bank has confirmed that a small number of account holders responded.

However, it insisted that no customers lost money in this latest attack, claiming that a new security measure — which ensures new beneficiary details cannot be entered online — had protected them.

Other banks that have been targeted by phishers include HSBC, National Bank of Abu Dhabi and Mashreqbank.

Nader Haghighat, regional head of direct banking services, HSBC Bank Middle East, blames lack of customer awareness and the increase on online banking for the rise in attacks against local banks.

“Phishing attacks against various financial institutions, including ours, have been on the rise due to the increasing number of customers banking on the internet, incomplete awareness about online security, and the fact that some consumers do not properly secure their computers,” he says.

Ivor Rankin, Symantec’s senior security consultant for the Middle East and North Africa (MENA) region, has been working with several major banks across the region, providing instant response, anti-phishing services and forensic investigation.

“If we look back at the past 12 months, there has been a very dramatic increase in both the level of sophistication and the number of phishing attacks launched against financial institutions, but also non-financial institutions within the GCC region,” he claims.

He reveales that his investigation teams have traced a number of phishing attacks back to perpetrators in the region.

Of the phishing attacks Symantec has investigated this year, one was traced back to the UAE, while “four or five” originated in Saudi Arabia.

Symantec has also traced one attack back to Jordan this year, eight have come from Egypt and up to three phishing attacks a week originate from Morocco.

“The unique thing about the region is the Arabic language and although there are a lot of crime syndicates operating in south east Asia and eastern and western Europe, increasingly we’re seeing that they need assistance and co-operation from people in country or region with good Arabic skills to be able to draft the e-mails and do all the grammatical checks,” he says.

Abdullah Qassem, general manager for IT operations at Emirates Bank, notes that the comparatively small number of customers who had responded to the latest attack proved most customers are able to recognise phishing activity.

However he stresses it was vital that customers were constantly reminded of what precautions they must take and the signs to look out for.

“The single most important message that customers need to know is that a bank will never ask a customer to give passwords or user names on an e-mail,” he says.

Justin Doo, regional director of Trend Micro, notes, in order to effectively get the message across the customers, banks should work in collaboration with the government to launch awareness campaigns. “It’s impossible for Emirates Bank to tackle this problem on its own. Like all the other banks, it needs to be truly, broadly aware, it needs both the support of government messaging and multilingual messaging.”

Arabian Business: why we're going behind a paywall

For all the latest banking and finance news from the UAE and Gulf countries, follow us on Twitter and Linkedin, like us on Facebook and subscribe to our YouTube page, which is updated daily.
Real news, real analysis and real insight have real value – especially at a time like this. Unlimited access ArabianBusiness.com can be unlocked for as little as $4.75 per month. Click here for more details.