By Nawara Fattahova
KUWAIT: "Hello! This is Ihsan from XYZ Bank. I'm calling you to update your account information, as your debit card may be frozen if you don't update it now. I need your password." With these words, hundreds or even thousands of victims have been scammed.
The information update ruse is the most recent way of scamming people, after older tricks became known to everyone. The most popular way of scamming in the past few years was when scammers told people they had won a huge amount and they only needed the bank account number to transfer the sum. Other ploys for email scams or hacks are those of canceled shipments or orders.
Cases of cybertheft and fraud are rising all over the world, including Kuwait, despite financial institutions warning clients not to provide any personal information to any caller or reply to messages received with such content. Also, scammers always call through online calling apps like Viber, WhatsApp, etc, using the logo of popular local banks. But people should know that banks are supposed to call via the bank's landline and not even a mobile number.
Details of at least one scam are published in newspapers in Kuwait every week, but the real number is higher, as not every victim reports this crime. The latest victim was a 50-year-old man who reported KD 6,000 was missing from his bank account after getting a call from a scammer claiming he was from the bank. The caller already had his full information including the password, and only asked for the OTP (one-time password). This shows how advanced scammers have become lately.
Two-factor authentication
Cyber security researcher Ali Al-Anezi insists "nobody is fully secure". "We can avoid getting hacked by having a password to access the mobile and computer. It should be a complex password that includes letters, numbers and symbols. Also, users should install two-factor authentication on their phones and emails, which is a program that requires an OTP, which the hacker cannot get unless they have the victim's phone. Furthermore, users should always update the software on their mobiles and computers," he told Kuwait Times.
Scammers are constantly improving to appear more genuine. "Recently, I received an email that appeared to be from a well-known Saudi electronics company, which tried to hack my email through a link. This is just one of thousands of cases. As technology is improving, hackers are also upping their game," added Anezi.
According to him, hackers are focusing more on individuals rather than institutions. "Email phishing scams are more intensive in April, offering special promotions at the start of the fiscal year, mostly targeting individuals," he explained.
"One of the latest cases was of a Nigerian hacker who was arrested in Dubai after hacking various bank accounts and obtaining the passwords by using special technology. This is similar to the case of a Kuwaiti hacker who hacked various bank accounts and obtained the account number, card number and password, but without the name. He then called the bank and entered this information, and waited for the operator who mentioned the name. If it was the name of a man, he continued the call and demanded any transaction," stressed Anezi.
Many scams operate through WhatsApp. "There have been many cases in Kuwait and abroad, where the scammer hacks a WhatsApp account and starts sending messages to the contacts of this account requesting a money transfer, saying they are in trouble. Many victims believe the message and transfer the money, as the message is from their friend. But people should be careful, as it's strange to ask for money via message and not a call. So if people receive such a message, they should always call back, not on WhatsApp, but on the actual phone number of their friend," Anezi told Kuwait Times.
"Never provide your password to anyone, not only of your bank account, but even your email. You can also use Windows Hello on your computer for better protection. Try to update your computer every year, and don't forget to password-protect your mobile phone," concluded Anezi.