With the Increase in Online Activity During the Pandemic, Cybercriminals Are Finding New and Innovative Ways to Target Customers

A GULF NEWS SPONSORED SUPPLEMENT Tuesday, October 20, 2020

With the increase in online activity during the pandemic, cybercriminals are ﬁnding new and innovative ways to target customers

PAGE 2 2 Tuesday, October 20, 2020

dle East and North Africa– many of which were likely used for ﬁnancial gain.” Scamsters have capitalised on the pandemic with creative attack campaigns that play to the present mood. With people’s health, jobs and ﬁnances all under threat, cyber monitors report an increase in e-mails enticing users to click on unsafe links, purportedly offering information on rising local case numbers, advice on safety measures, tips for claiming stimulus cheques, as well as alerts on coronavirus-linked investment opportunities or relief donations. Focused attacks CK

TO “Ransomware, privileged access

RS abuse, data loss and poorly configured TE services that create vulnerabilities are UT significant risks,” says Ammar Enaya, Re- SH gional Director – Middle East at Vectra, an artificial intelligence-based threat detection platform that counts UAE banks THE COVID EFFECT among its clients. “Cybercriminals particularly target banking customers and supply chain partners so those connections tion, there is often a general escalation and credentials must be controlled and BY KEITH J FERNANDEZ in cybercriminals’ activity,” says Anoop monitored too. Banks are also a target SPECIAL TO GN FOCUS Das, cybersecurity expert at the cloud for politically motivated attacks seeking services provider Mimecast Middle East. to disrupt and destabilise a region’s infra- n August, Hozefa Arsiwala was having “There has been a spike in cybercrime structure. For customers using banking a late lunch with his wife and daughter across the board and crime for financial digital services, their credentials will be during a staycation when an SMS came gain has been among the most signifi- a prized target for attackers. Banks need Iin. It confirmed that he had just spent cant. Criminals know that many people ANOOP DAS, to ensure robust access and identity Dh50 to buy a T-shirt online. Except that are struggling financially and are looking Cybersecurity technical controls and also focus on cus- the Sharjah resident hadn’t. He immedi- for ways to prey on their desperation.” expert, Mimecast tomer security awareness education.” ately rang his bank, one of the largest in He offers a chilling example from a re- Middle East Organisations — including banks — have the UAE, and learnt the purchase had cent Mimecast investigation. The log- also been unprepared to have their entire gone through. A quick Google in page of a major UAE bank workforce operating remotely. The sud- search told him the store had been cloned, with the den shift to working from home opened was located in the US. fake website live since up security gaps for hackers. This week, The same card was July. Customers had backup software solutions company Ac- also being charged Cybercriminals potentially been ronis revealed the results of a global an additional Am- particularly target affected for sev- survey of 3,400 companies: 39 per cent azon Prime pay- eral months. “If of companies experienced a videoconfer- ment for the banking customers and a banking cus- AMMAR ENAYA encing attack in the past three months. preceding three supply chain partners tomer were to Regional Director Malware attacks such as ransomware months, some- so those connections click on a phish- Middle East, Vectra also have increased during the pandemic, thing Arsiwala ing link, they with 31 per cent of companies reporting was pursuing and credentials must be would be sent daily cyberattacks and 50 per cent being with the technol- controlled and to the malicious targeted at least once a week. ogy services pro- fraudulent web- “The attack surface is being expanded vider. “The bank monitored.” site,” he says. by remote work and unsecured personal offered to open a AMMAR ENAYA, “This log-in page devices used by employees, increasing complaint to pursue REGIONAL DIRECTOR is then used to har- the risk to the business,” says Adam Palm- the matter and uncov- MIDDLE EAST AT vest the credentials er, Chief Cybersecurity Strategist at Tena- er more details about VECTRA of the customer, as they ble, a global IT company that tracks cyber both incidents, but given the are prompted to fill in their ADAM PALMER, exposure. He tells GN Focus that tradition- time and potential costs involved, information, including their Chief Cybersecurity al risk management is failing, and organ- it wasn’t worth the trouble,” he says. password. Criminals can then use this Strategist, Tenable isations should integrate their security Arsiwala doesn’t know if he’d been information to access the user’s bank ac- into one central identity and access man- phished, that is, tricked into revealing count.” agement solution, while using privileged sensitive personal data, or if his data access management to restrict access to had been stolen in a cyberleak, but he Rise in attacks critical systems and data, to limit the abil- was certainly a victim of credit-card The company’s Threat Intelligence ity for attackers to reach critical systems. fraud, one of many different kinds of Centre picked up 115,000 Covid-19-relat- “It’s important to make sure remote work- online bank hoaxes being reported in ed registered spoof domains in the first ers’ devices are fully configured with end- the UAE. three months of the pandemic. These point protection and detection. Far too Earlier this year, the Central Bank of offered fake or non-existent goods such many people, including the most tech-sav- the UAE warned of a spike in cybercrime as protective masks or Covid-19 cures, or vy, ignore system updates and patches.” and bank fraud, as fraudsters capital- targeted individuals seeking compensa- ise on the coronavirus pandemic to find tion for holidays booked. “The general new ways to target consumers. The bank fear and uncertainty of this year has of- rolled out its first national fraud aware- fered criminals the perfect opportunity To access the first official ness campaign in April, which aims to to exploit vulnerable people,” Das says. page in the UAE for bank arm consumers with the skills to protect “Our researchers saw a massive 751 per customers to report bank fraud, themselves against scams. cent increase in unsafe clicks during the please visit: “During times of heightened disrup- first three months of the year in the Mid- www.uaebf.ae/en/fight-fraud

4 Tuesday, October 20, 2020 SIM swap NATIONAL CAMPAIGN fraud drops BOLSTERS UAE’S Jamal Saleh, Director READINESS TO FIGHT General of UBF, highlights the success the nation-wide initiative CYBERCRIME #TogetherAgainstFraud will run until the end of the year and IM swap fraud targeting banking customers in the UAE has dra- cover different types of fraud, including Covid-19 related scams matically declined after launch- Sing a major nationwide awareness campaign, a senior banking industry offi- ith hundreds of millions of peo- cial told Emirates News Agency (WAM). ple mandated to stay at home “SIM swap fraud, the worst among on- globally to limit the spread of line banking frauds, used to be reported Wthe coronavirus, Covid-19 related in hundreds in the past. But only one case fraud is expected to climb as fraudsters ex- was reported in recent months since we ploit people’s fear and anxiety during these started the campaign in April with the difficult times. Common scams include tar- Central Bank of the UAE, Abu Dhabi Po- geting victims via email, SMS, phone and lice and Dubai Police,” said Jamal Saleh, social media, with fraudsters posing as gen- Director General of UAE Banks Federa- uine organisations, including government tion (UBF). entities, banks, and healthcare providers, “And this is despite the number of on- to trick victims into disclosing personal or line banking fraud attempts having dou- financial information. bled since the start of coronavirus out- To counter this, UAE Banks Federation break, as people started spending more (UBF), the Central Bank of the UAE, Abu time at home and transacting online,” Dhabi Police, and Dubai Police launched the he added. UAE’s first national fraud awareness campaign in April, which will run until the end Identity theft of the year. Under the theme #Together- SIM swap fraud is a type of identity AgainstFraud, the joint initiative aims to ed- theft, where a fraudster manages to get ucate and protect consumers from financial a replacement SIM card of a victim’s reg- cybercrime and fraud, particularly in light istered mobile number, using fake iden- of the increased use of digital banking ser- tity documents to access online banking vices during the Covid-19 pandemic. services of the victim to steal money. “The banking sector’s digital transfor- “The awareness campaign and the mation and widespread implementation strict preventive measures taken by the of online solutions has increased both the Telecommunications Regulatory Author- complexity and magnitude of financial ity, Etisalat, and du have almost stopped fraud and cybercrime across the globe,” this type of fraud. For example, unlike in says AbdulAziz Al Ghurair, Chairman of UAE the past, the customer has now to go in Banks Federation. person with his/her original Emirates ID “This is a serious threat to society that and fingerprint to request a replacement must be addressed, particularly under ABDULAZIZ AL GHURAIR, CHAIRMAN OF SIM card,” Saleh explained. these challenging circumstances where UAE BANKS FEDERATION fraudsters have become increasingly so- the country, this initiative underpins our Campaign success phisticated taking advantage of the fear will and readiness to tackle fraud and cy- The #TogetherAgainstFraud aware- and uncertainty created by the outbreak of bercrime, and strengthen our collaborative ness campaign was well received by the pandemic. efforts alongside our partners to combat people across the UAE, and awareness “With the launch of this joint cam- this threat to society, adopting posts on social media platforms secured paign we not only aim to equip best practices to safeguard more than half a million likes and shares, the public with the knowledge customers against fraud, Saleh said. and resources they need to and focusing on different After SIM swap, magic pen fraud is protect themselves from topics every month,” says the other scam that witnessed a decline fraud, but also disrupt the Al Ghurair. as very few cases were reported after criminal networks that are “The fight against “The fight against launching UBF’s cam- targeting UAE residents. fraud can only be won fraud can only be won paign, he revealed. This can only be achieved if we work together, Social engineering at- if we work together, and if we work together.” and since the beginning tempts, through phone on behalf of UBF, I would of the #TogetherAgain- calls, text and emails, like to thank the Central ABDULAZIZ AL GHURAIR stFraud campaign, we still constitute the high- Bank of the UAE, Abu Dhabi CHAIRMAN OF UAE BANKS have significantly reduced est number of fraud at- Police, Dubai Police and our FEDERATION the number of some types tempts, but success rate member banks for their contin- of fraud cases across the and impact are low com- ued support and collaboration. By country with the support of the pared to other scams better preparing banks and custom- Central Bank of the UAE and our such as SIM swap ers for the future, we are securing a better partners. By better preparing banks and and magic ink. future for the entire nation. customers for the future, we are securing — WAM “Since one of UAE Banks Federation’s a better future for the entire nation,” adds strategic goals is to reduce fraud across Al Ghurair.

6 Tuesday, October 20, 2020

and machine learning can turn the tide The combined fraud-ﬁ ghting

benefi ts of these systems CK The combined fraud-fi ghting benefi ts of TO are coming to the fore RS these systems are coming to the fore TE UT SH

ost banks rely on er notice, such as attempts that keep banks from jumping teams of human KEY NUMBERS to log in to the same account aboard the AI bandwagon. AI analysts to exam- with different usernames and systems often do not operate Mine transactions passwords over the course of in real time, with 45.6 per cent Banks are deploying AI- for potential fi nancial crime, several months or uncharac- of fraud specialists citing this based systems in record but these teams encounter teristically large transactions. as a concern — a significant numbers, with more than numerous issues. Forty-fi ve Banks are deploying AI- obstacle for pay-ments that per cent of banks say their in- $217 billion based systems in record num- need to be processed instant- vestigations take too long to bers, with more than $217 bil- ly. A lack of transparency is a spent on AI applications complete, and 40 per cent say lion spent on AI applications problem as well, according to the investigations result in a ************ for middle-office use cases 42.8 per cent of specialists. A high number of false positives, like fraud prevention and risk human analyst could defi nitely About which occur when legitimate assessment. provide justification for rejec- transactions that have been These investments are pay- tion of any given transaction, mistakenly fl agged as fraud- 80% ing off, according to fraud as opposed to many AI sys- ulent. Banks can even have prevention specialists, as 80 tems, whose reasonings may false positive rates of more of experts say AI reduces per cent of experts say AI much more nebulous. than 90 per cent, resulting in payments fraud and reduces payments fraud and unpleasant experiences for 63.6 per cent of fi nancial 63.6 per cent of fi nancial in- Machine learning customers as they are forced institutions cite AI as a stitutions cite AI as a valuable Some of these concerns can to resubmit their transactions. valuable tool for stopping tool for halting fraud before be addressed by ML, a more fraud before it succeeds it succeeds. advanced form of AI. ML sys- The pros of AI These systems are com- tems take past transactions Financial institutions are ex- monplace at large banks that into account and apply these ploring many avenues to over- can analyse transactions ho- have more than $100 billion in rules to future analyses to de- come these stumbling blocks, listically, comparing each data assets — 72.7 per cent of which tect fi nancial crime, making but few are as promising as ar- point within a transaction to leverage AI — but only 5.5 per them gradually more adept at tifi cial intelligence (AI) and ma- every other data point in frac- cent of all fi nancial institutions fi ghting fraud over time. chine learning (ML). Here are tions of a second. reportedly have an AI-based Financial crime attempts the fraud-fi ghting benefi ts of These systems can also com- system in place. against banks will likely nev- these systems, as well as the pare each transaction against er cease completely, but the challenges that many banks every other transaction banks The cons addition of AI and ML to the’ face in implementing them. have ever processed to deter- The most obvious expla- fraud-fi ghting arsenal of fi nan- Detection systems driven mine its likelihood of being nation for this gap is AI sys- cial institutions could go a long by AI offer a number of fraud fraudulent based on variables tems' expense, but there are way toward making these at- prevention benefi ts, as they a human analyst might nev- a number of other concerns tempts less likely to succeed.

This article ﬁ rst appeared in the Preventing Financial Crimes Playbook in August by PYMNTS.com, the business-to-business platform for the payments industry

8 Tuesday, October 20, 2020 STOP IDENTITY THEFT Here’re some steps to safeguard against fraudsters

GN FOCUS REPORT

he pandemic has accelerated the UAE's transition to a cashless society. Almost two-thirds of peo- Tple in the UAE, or 64 per cent, expect the country to become fully cashless by 2030, a poll by Standard Chartered found in September. The survey, which was conduct- ed globally among 12,000 respondents aged 18 and above, also found that 73 per cent of the UAE’s respondents believe Covid-19 has made them more positive about online shopping. Here are a few simple steps that shoppers can take to avoid fi nancial fraud: Have a secure log-in Use a different password for each of your online shopping accounts so that if someone grabs your username and password for one website, they won't be able to go on a shopping spree on other accounts as well. Some banks in the UAE have also introduced multifactor authentication, which requires users to enter a code that is sent to the registered phone number when they try to log on. The added step can make it harder for thieves with stolen user names and passwords to take over people's accounts. Shoppers can ask retailers to remember certain devices, such as their phones and home computers, but require the codes when- ever someone tries to log on from a new device. Transaction alerts All banks in the UAE allow customers to sign up for alerts directly via email, text message or the mobile banking app. The feature allows cardholders to get alerts for transactions in real time and immediately identify potentially fraudulent activity. With visibility and control over their accounts, consumers can take immediate action to protect themselves from security threats and fraud. Payment devices New mobile payment options such as Apple Pay and Android Pay let consumers shop with their smartphones. Instead of swip- you should still check transactions on all of your cards periodi- ing or inserting their credit cards, shoppers tap their phones, cally. Try to use a card that is different from the one you use to which transmit a unique code to the retailer for each purchase. pay your monthly bills. That way you can avoid having to reset This is useless to fraudsters and in the case of Apple Pay, shop- all of your payment settings if your card is stolen. pers have an added protection by requiring that their fi nger prints be used to complete the transaction. Device identification What this does is it evaluates the unique ID of the device Monitor transactions (smartphone, laptop or tablet) used to make a digital transac- Most banks will refund consumers for fraudulent charges tion to help identify suspicious activity. Security experts advo- made with their debit or credit cards as long as they report it cate sticking to trusted devices — ones that belong to you and in a timely matter. Consumers should check their transactions under your control — for any kind of online transactions. every day or every other day to scan for unauthorised purchases, especially when they are using their credit cards frequently. Watch out for scams If you don't have time to monitor transactions daily, then you Fraudsters often send emails that promise consumers a phony can set up alerts to have a message sent to your phone or email promotion if they enter their personal information or click a link. every time your card is used. The messages can include logos that closely resemble those of the legitimate retailers. And the links may download malware

Stick to one card on to your computer, giving thieves access to your personal in- K

Using one card for most of your purchases can limit the num- formation. Shoppers should ensure that they check the web ad- OC

ber of cards you need to track closely. It also cuts down the dress included in the messages and also avoid clicking on links. RST chances that more than one card will be compromised, though Look for https in any URL. TE UT SH

10 Tuesday, October 20, 2020 Tuesday, October 20, 2020 11

Technology and social took out ads in national newspapers warn- account details, they know exactly how engineering tactics have ing residents about the scam. much they’ll be able to withdraw from an Tip Mark the message as spam and de- account. seen fraudsters implement lete. Tips Always request a proper look at a a number of techniques fi nancial representative’s offi cial ID. Sign and fi ll out forms using your own pen. to separate you from your 3. ATMS Contact the bank prior to your appoint- money. Here’s how they work What is it? Thieves employ a number ment to verify the person. of devious tricks at ATMs. They may strategically place a tiny camera facing the 6. FUND TRANSFER BY RIAZ NAQVI machine’s keypad in a bid to record your SPECIAL TO GN FOCUS hand typing in your PIN. Another technique What is it? In a bustling trading hub sees the thief place a false keypad, which such as the UAE, businesses tend to records your PIN, on top of the real thing. deal with suppliers and clients from all over arlier this year, the UAE Banks Fed- Once you’ve concluded your business at the world, primarily via email. It’s import- eration (UBF), Central Bank of the the machine, the false keypad is removed. ant to heed caution before clicking links in UAE (CBUAE), and Abu Dhabi and Finally, fraudsters may attach a device on suspicious mails, as malware may be sur- EDubai Police joined forces to launch top of an ATM’s card slot. When you put reptitiously downloaded to your PC or the country’s fi rst large-scale national your card in, it scans both sides of your smartphone. This may give hackers access fraud awareness campaign. The initiative card to memory, giving the scammer the to your screen and keystrokes, which they was rolled out during the UAE National number, expiry date and three-digit securi- can then use to fi nd out supplier informa- Sterlisation Programme, with larger num- ty code. tion and create impostor accounts. The bers of residents turning to digital banking Tip Before putting your card in, take a fake account will get in touch with the vic- as they stayed home to help fl atten the close look at the ATM on your next vis- tim and ask them to send payments to a coronavirus curve. The ongoing awareness it. Is the keypad fi xed into the machine and new bank or number. campaign’s primary aim is to educate con- easy to hide with one hand? Is there a re- Tip Look carefully at the email address sumers about the UAE’s most common cy- movable object around the card slot? Al- when you receive a mail requesting a bercrime and fraud techniques. ways be aware of your surroundings. new payment avenue. Is it slightly differ- “The fraud awareness campaign, under- ent? If not, get in touch with the person to scored by a series of interactive and edu- check whether they have indeed asked you cational materials, is aimed at informing 4. SIM SWAP to change the means of payment — it could consumers about the proliferation of phish- What is it? This technique works us- be that their email has been hacked and ing activities while enabling them to stay ing mobile phone-based authentica- they are unaware of the message. alert,” said Abdulhamid Saeed, Governor of tion, a process your bank uses when you the CBUAE, in the press release announc- want to pay for something online from a ing the news. previously unused website or app. After 7. PHONE FRAUD Here GN Focus profiles eight types of you’ve input your payment details and hit What is it? Also known as voice phish- fraud you need to watch out for in the UAE. order, the bank will SMS a one-time pass- ing, or vishing, this happens when you word (OTP) to your registered mobile num- get a call from a person claiming to be em- 1. EMAIL ber. SIM swappers try to play the system by ployed by your bank. They will ask some What is it? An email, purportedly from contacting the victim’s mobile service pro- personal information under the cover of se- the UAE Central Bank, with an alarm- vider and, using personal information curity questions to try and glean responses ing message: Your debit card and bank ac- gleaned from social media and other sourc- to your account’s security questions. They count are now frozen due to “security rea- es, impersonates the victim by answering may tell you that an Emirates ID or debit/ sons”. It also contains an urgent call to security questions. The fraudster reports credit card has been temporarily blocked. action, pushing the reader to dial a mobile the phone as lost and requests activation Alternatively, you may receive an automat- number within 24 hours to reactivate their of a new SIM card, which is in the fraud- ed robocall requesting that you type in de- account. The person picking up will ask for ster’s possession. Then, using your email tails such as card number, expiry date and details of your account for “verification address, they will request a new password security code. purposes”. Alternatively, there may be a through OTP, which then gives them access Tip Don’t tell them anything. Hang up, link present that takes you to a form, where to the account. and get in touch with your bank via its you are asked to type the information in. Tip If you fi nd your phone suddenly offi cial call centre to check whether any The mail, which may include the Central has no coverage, contact your service cards or accounts have indeed been frozen. Bank’s logo, may have these contents in an provider and check what the problem is. attached PDF. Never share the answers to your security Tip Call your bank using one of the 8 questions with a random caller, and read 8. DATA PRIVACY registered numbers on its official web- your bank statements regularly. What is it? A breach of personal infor- site. They will be able to tell you if your ac- TYPES OF mation such as your Emirates ID num- count or card has been frozen. ber, passport details, mother’s birthday or 5. MAGIC INK maiden name, and sensitive data such as What is it? Unlike the other fraud debit/credit card numbers, ATM PIN or 2. LOTTERY FRAUD TO types on this list, magic ink fraud re- your bank account details. What is it? This usually takes the form quires a personal touch. After inviting their Tips Review the personal details you of an image sent from an unregistered target out for a coffee in the guise of a have shared on social media platforms number via WhatsApp. There will be a large WATCH OUT banker, the fraudster will present them — including ones you barely use — and re- logo at the top, typically of a hypermarket with pre-fi lled forms and paperwork for a move phone numbers and dates of birth; or major UAE retailer, followed by a mes- new credit card or personal loan, as well as periodically change your passwords, ensur- sage informing you that you have won a a cheque that requires the victim’s signa- ing they are strong and complex; avoid us- large cash prize. The message will then di- FOR IN THE ture. However, the writing that’s already on ing public Wi-Fi for accessing digital bank- rect you to contact a mobile number and the cheque is no ordinary ink — it vanishes ing or other sensitive data; use an antivirus share personal fi nance details such as your once the paper is heated to a particular software on your PC; avoid downloading

account number. Two years ago, fraudulent temperature. The scammer now has a blank apps from unknown or unveriﬁed sources; K messages bearing the logo of LuLu hyper- UAE cheque with the victim’s original signature and ensure your phone has the latest secu- OC market were so prevalent that the retailer to do with as they please — and with their rity updates. RST TE UT SH 12 Tuesday, October 20, 2020 12TIPS TO KEEP YOUR TRANSACTIONS SECURE

asking for remote access — hang that would be difficult for others up even if they mention a well- to guess and update them regu- known company. Scammers will larly. A strong password should often ask you to turn on your com- include a mix of upper- and lower- puter to fi x a problem or install a case letters, numbers and sym- free upgrade, which is actually a bols. Don’t use the same pass- virus that will give them your password for every account/profile, words and personal details. and don’t share your passwords with anyone. Lock mailbox CK

TO 5 Keep your personal de- Review privacy

RS tails secure. Put a lock on 10 Review your privacy and TE your mailbox and shred your bills security settings on social UT and other important documents media. If you use social network- SH before throwing them out. ing sites, such as Facebook, be Be alert careful who you connect with and 1 Be alert to the fact that Keep passwords learn how to use your privacy and Practical, scams exist. When deal- 6 safe security settings to ensure you ing with uninvited contacts from Keep your passwords stay safe. If you recognise sus- simple dos people or businesses, whether and PIN numbers in a safe place. picious behaviour, have clicked it’s over the phone, by mail, email, Be very careful about how much on spam or have been scammed and don’ts for in-person or on a social network- personal information you share online, take steps to secure your a safe banking ing site, always consider the pos- on social media sites. Scammers account and be sure to report it. sibility that the approach may be can use your information and pic- experience a scam. Remember, if it looks too tures to create a fake identity or Beware of good to be true, it probably is. to target you with a scam. 11 requests Beware of any requests BY AYMAN ALQUDSI Do your research Safeguard devices for your details or money. Never SPECIAL TO GN FOCUS 2 Know who you’re dealing 7 Keep your mobile devices send money or give credit-card with. If you’ve only ever and computers secure. details, online account details or met someone online or are unsure Always use password protection, copies of personal documents to of the legitimacy of a business, don’t share access with others anyone you don’t know or trust. take some time to do a bit more (including remotely), keep updat- Don’t agree to transfer money or research. Do a Google image ing security software and backing goods for someone else: money search on photos or search the up content. Install mobile securi- laundering is a criminal offence. internet for others who may have ty software and keep it up to date. Be wary of unusual payment re- had dealings with them. If a mes- Don’t forget to install updates for quests. Scammers will often ask sage or email comes from a friend your device operating system and you to use an unusual payment and it seems unusual or out of banking app too as they become method, including preloaded character for them, contact your available. debit cards, gift cards, iTunes friend directly to check that it was cards or virtual currency such as really them who sent it. WiFi safety bitcoin. 8 Protect your WiFi net- Avoid suspicious work with a password and Online safety 3 texts avoid using public computers or 12 Be careful when shopping Do not open suspicious Wi-Fi hotspots to access online online. Beware of offers texts, pop-up windows or click-on banking or provide personal in- that seem too good to be true, and links or attachments in emails — formation. Don’t carry out sensi- always use an online shopping delete them: If unsure, verify the tive ﬁ nancial transactions using service that you know and trust. identity of the contact through public Wi-Fi or unknown public Think twice before using virtual an independent source such as networks, which makes you vul- currencies (like bitcoin) — they do a phone book or online search. nerable — you never know who not have the same protections as Don’t use the contact details pro- may be poking around and watch- other transaction methods, which vided in the message sent to you. ing what you’re doing online. means you can’t get your money back once you send it. Remote access Update passwords 4 Don’t respond to phone 9 Choose your passwords The writer is the calls about your computer carefully. Use passwords Chief Information Ofﬁ cer at UAB

14 Tuesday, October 20, 2020 THE FUTURE OF PAYMENTS HOME As the Internet of Things (IoT) evolves, payments will fi t into everything Right now: Homes today al- from smart fashion to smart cities ready contain devices such as video consoles, voice-ac- technology, making what ready here. Visa and Honda tivated smart speakers and GN FOFOCCUUSS RREEPPORORT you wear functional and revealed a proof of concept smart thermostats. Present comfortable, while reducing connected car that makes IoT smart home solutions the burden of multiple de- paying for things such as can even automatically re- vices. Payment technologies gas and parking easy. Driv- plenish supplies, with Sam- will incorporate into clothes, ers no longer need to rum- sung and Trustonic's con- enabling you to communi- mage through their wallets nected refrigerators able to cate, plan and pay without to pay; instead they pay via place orders directly. having to reach for your wal- two in-car apps, which Visa What's next: Adoption of let or phone. Built-in batter- has developed alongside its smart household devices, ies will be thin, fl exible and infrastructure partners. especially in more developed effi cient, minimising or per- What's next: When we look markets where connectivi- WEARABLES haps eveeven forgoing the need ahead to the rise of self-driv- ty via central internet hubs Right now: Having initial- to recharge. ing autonomous vehicles, we will facilitate purchases by ly focused on fi tness and can see how the car will piv- various household devices. health, next-generation ot into a roving lounge, free- Voice-activated speakers wearables such as the Fitbit ing consumers from naviga- such as Alexa Echo and Goo- Ionic and Garmin vivoactive tion and operation. With the gle Home will be the most 3 smartwatches are making Visa Token Service, a secure common way for consumers life on the go simpler than platform for mobile trans- to search for anything online ever with easy and more se- actions, in-car payments and even contact custom- cure contactless payments will soon be within a driver's er service. A future smart thanks to digital tokenisa- reach. Drivers will be able to home will remember your tion technology. view and complete purchas- preferences and past pur- What's next: Welcome to TRANSPORT es to smart parking metres chases, whether paying bills, the world of smart fashion. Right now: Autonomous and fuel pumps directly from grocery shopping, travel Clothing will be packed with and connected cars are al- their car consoles. planning or gifting. Tuesday, October 20, 2020 15

Cashless to continue after the pandemic Consumer behaviour changes due to the pandemic, such as buying online and increasing use of digital payments, are likely to continue RETAIL FUTURE CITIES Right now: The mobile revo- Right now: Cities worldwide Impact on consumer shopping and payment behaviour lution is enabling more inter- are leveraging internet of Covid-19 actions with consumers. In- things (IoT) to gain insights, creased security and fl exible cut costs, propel new busi- In-store points of sale mean that the ness models and improve divide between online and consumer user experienc- in-person is rapidly disap- es. IoT is also enabling da- 68%71% 54% 46% pearing. IoT payment tech- ta-gathering to inform every used contactless used mobile nologies have made it easier element of city living, from cards to pay wallets than ever to help consumers street lighting to waste man- claim to have reduced use digital payments in-store fi nd — and pay for — prod- agement. Visa's Innovation shopping in-store more over cash ucts, as well as use coupons, Centre in Dubai is dedicated points and other rewards. to working with its partners Online TOP REASONS CONSUMERS PREFER What's next: IoT will rev- to accelerate the develop- DIGITAL PAYMENTS olutionise retail. As more ment of smart cities. 49% 61% devices become connected, What's next: With more than they become platforms for 20 billion devices expected make more use cards or digital commerce able to make a to come online by the end purchase wallets more over payment itself, support a of 2020, the future smart online cash on delivery SecuritySpeed ConvenienceLimited (COD) for online human payment to be accepted, or city is an integrated and re- shopping contact both. Consumers will expect sponsive world that benefi ts personalised and effi cient the environment, people and SOURCE: VISA’S ‘STAY SECURE’ CONSUMER SECURITY STUDY, 2020 shopping experiences. Best- government. Smart payment majority using contactless cards in-class retailers will provide technologies can enable GN FOCUS REPORT (54 per cent) and mobile wallets product information that's more effi cient government (46 per cent) more. For consum- tailored and responsive. services, providing conve- onsumers in the UAE will ers shopping more online, the Imagine having your food or nience for citizens in paying continue using contact- majority (61 per cent) use cards purchases delivered to your taxes or for public transpor- less payments for shop- or digital wallets more to pay door via drones or robot. tation. Cping at physical stores online over cash on delivery. In- and making digital payments on- creased trust in the security of — The article was line even after Covid-19 subsides, the payment technology, speed, co-created with Visa, signalling that changes spurred convenience and limited human the world’s leader in by the outbreak are here to stay. contact were the top reasons cit- digital payments Some 43 per cent of con- ed for their increased preference sumers in the UAE will contin- for digital payments. ue using contactless payments “The pandemic has changed more in stores and 48 per cent how consumers shop and pay will increase their use of online with increased reliance on and payments with cards or digital preference for digital com- wallets for future e-commerce merce,” said Neil Fernandes, purchases, according to a study Visa’s Head of Risk for Middle by Dubai Police, Dubai Economy East and North Africa. "With in- and Visa earlier this year. creased usage both among ex- Ahmad Al Zaabi, Director of perienced and fi rst-time users, Consumer Protection in the Com- cybercriminals too are keen to mercial Compliance & Consumer capitalise on the increased ac- Protection (CCCP) sector, Dubai tivity and vulnerability, especial- Economy, said: “The study shows ly of fi rst-time online shoppers. that consumer behaviour chang- That is why educating consumers es due to the pandemic such as about safe payment behaviour is shifting online and increasing critical not only for the moment use of digital payments are likely but as we move forward and to continue even after the pan- adapt to the new normal." demic — an important takeaway Brigadier Jamal Salem Al Jalaf, for businesses developing strat- Director of Criminal Investigation egies for the post-Covid-19 con- Department in Dubai Police, said: sumer and market overall.” “Fraudsters are seeking to take Sixty-eight per cent of respon- advantage of people spending dents surveyed in the UAE have more time online, preying on their reduced shopping in-store since anxieties, and exploiting new sys-

K the outbreak of the pandemic tems of remote working. Govern-

OC and 49 per cent are shopping on- ment authorities, private sector,

RST line more. When they do shop at and the local community all have TE stores, 71 per cent are using dig- an important part to play to en- UT ital payments over cash with the sure we are all protected.” SH 16 Tuesday, October 20, 2020

THINGS TACKLING THE SURGE TO KEEP 10 IN MIND IN CYBERCRIME Use different passwords across your bank accounts and other websites. he new normal has pro- Novel methods were adopted to Customers need moted an astounding de- deceive customers including fake Keep your computer and velopment of the UAE’s websites, lottery scams or trans- mobile devices updated with to adopt security T digital footprint through action frauds such as SIM-swaps. latest patches. measures and work-from-home solutions and a This included sending misleading technological shift that enabled emails requesting money trans- Fraudsters can use many be aware of the businesses to move their opera- fers, including ransomware and channels such as email, chat, best practices to tions online. crypto-miner attacks on busi- messenger services, SMS& Driven by the need for digital nesses. phone calls to ask for your prevent fraud and cashless payment solutions, Fortunately these ploys can be details. RAKBANK is one of the first avoided through adopting secu- BY GEOFF STECYK banks to have undergone a digital rity measures such as only using Most email and social media CHIEF OPERATING transformation that enhanced its your personal devices (phones, sites allow the use of two OFFICER, RAKBANK banking services. From contact- tablets and PCs), routinely updat- factor authentication, enable less payments to instant remit- ing them and applying patches, this option. tances, innovation is aligned with investing in a paid antivirus sub- our diversification and cost-opti- scription and regularly updating Invest in a good antivirus misation strategy. For us, digital virus definition, being suspicious solution. solutions are among the primary of emails containing links and at- focus areas, offering customers tachments that claim to be from secure banking services. their bank or a government body A password that is easy to However, one of the down- and always navigating to the remember can also be sides of this massive shift to on- website by typing the URL in the guessed easily by attackers. line was the surge in cybercrime browser. rates. The hike in unemployment We recommend backing up Secure your home Wi-Fi and online activities attracted business and personal data reg- network and avoid free Wi-Fi cybercriminals who are always ularly to be able to restore it in services (such as coffee quick to take advantage of such case of ransomware infection shops) for banking online. situations. A rise in cyber frauds and to regularly monitor bank targeting customers through statements and SMS/email alerts Report any suspicious phishing, vishing and SMShing for any suspicious transactions. activity to your bank or law was noted. Furthermore, most websites of- enforcement. Social media chat features and fer a two-factor-authentication Limit the amount of informa- email campaigns impersonat- option that we advise enabling. tion about yourself that you ing well-known entities such as Be wary of public WiFi and pro- post on social media sites. the World Health Organisation tect your home WiFi network with have been used creatively to WiFi Protected Access 2 (WPA2) target customers and get them and lastly limit the amount of in- Back up your important data to click on a link or open an at- formation you post online as it regularly. tachment containing malware. can be used against you. ‘Banks need to be more agile’ Alexander Thomas, Chief Risk Officer at UAB, tells GN Focus why financial institutions need to embrace new approaches to predict and prevent fraud

Is Covid-19 leading to a rise in and healthcare providers to As the banking sector con- home amid Covid-19, the bank’s fraud? trick individuals to reveal their tinues to embrace technology, VPN servers have now become There has been an increase personal and/or ﬁnancial infor- fraudsters are becoming sophis- paramount and their security in phishing and smishing (using mation. ticated and can swiftly adapt should be the key focus of IT text messages) scams and There has also been a rise approaches to conduct criminal functions. Most home networks identity thefts in the in the use of video con- activities, which could result in lack the same level of security current scenario. ferencing facilities, but signiﬁcant losses for banks. that exists at workplace, and Fraudsters are some of these have Technology represents a this brings a great responsibility also exploiting the been shown to have great opportunity, as well as a for the banks’ IT function to mit- downturn in interest sub-optimal security responsibility for banks, to culti- igate the cyber risk. rates and contact- standards, with in- vate the trust of their customers Banks are diligently working ing unsuspecting stances of uninvited and manage the expectations of on cybersecurity awareness, consumers, offering parties eavesdropping the regulators. Therefore, banks but customers play a key role in ‘better products’, often or even hijacking the need to be more agile to respond the prevention and detection of tricking their victims into conversations. to new threats and embrace new fraudulent activity. More efforts transferring money. Moreover, approaches and technologies to are needed to create awareness in some scams fraudsters pose Why is tackling fraud important predict and prevent fraud. for customers about fraud and as government entities, banks for the banking sector? With employees working from scams. Tuesday, October 20, 2020 17 HOW TO BUILD A ROBUST CYBERSECURITY STRATEGY IN A COVID-19 WORLD

he Covid-19 outbreak has wards strengthening our layered to deal with potential cybersecuri- Strengthen expedited the digitisation security controls, beefing up our ty threats. We conduct awareness layered security movement at an unprece- cyber-resilient capabilities and sessions on a regular basis where T dented pace, and we have educating our workforce and cus- we educate our staff and custom- controls, beef up witnessed a massive shift from the tomers on cyberattacks on a reg- ers about cyberattacks and how cyber-resilient physical world to the online space. ular and ongoing basis. best to navigate them. As a result, The past few months have similar- At NBF, we have built a robust after measuring our staff’s read- capabilities and ly accelerated the digital transfor- cybersecurity strategy that focus- iness to cybersecurity, we can educate the mation in the banking sector ush- es on three main pillars: identity proudly report that their ability ering in a new age of banking. At protection, data protection and to mitigate threats has increased workforce as well National Bank of Fujairah (NBF), culture. To protect the identity of by 90 per cent over the past fi ve as customers we can proudly report that more our customers, we have deployed years. than 70 per cent of our custom- the most advanced authentication In fact, I am very proud of the BY VINCE COOK ers have successfully transitioned methods such as biometrics and fact that in one recent phishing CEO OF NATIONAL BANK from traditional to online bank- facial recognition and will con- simulation we experienced zero OF FUJAIRAH ing and in some processing areas tinue to evolve our techniques to hooks and believe that it is from more than 90 per cent of transac- maximise security. building on such basic awareness tions are now fully automated. Our approach to data protection we will remain a safe place to do While digital banking provides is steered by a cross-functional business. faster processing of fi nancial data governance forum, which is Looking ahead, we will focus transactions and more conve- designed to ensure we manage our efforts on strengthening our nience, this new normal has data security, privacy, quality and three cybersecurity pillars by fre- heightened vulnerabilities that overall performance in an effec- quently updating our proactive banks spend much time and effort tive way. and reactive security controls to effectively counter. At NBF, our Lastly, we have made relentless and overseeing digital channel cybersecurity strategy sits at the efforts to foster a culture whereby fraud management to safeguard centre of our digitisation model employees, partners and custom- new technologies that continue to and we have worked tirelessly to- ers are fully aware and equipped evolve.

get unsuspecting customers, Remain vigilant to avoid through SMS and emails, so- liciting personal information related to their bank accounts, including SMS OTPs. Once pro- becoming a victim vided by the customer, fraudsters are able to potentially take over accounts and steal It is critical to stay educated and be aware of risks as well as comply with money by transferring it out. prevention strategies and authentication policies As a means of prevention, Citi regularly runs client education drives and spreads ver the past few years, awareness along with tips and the UAE’s fi nancial tools. Its latest offering is the market has embraced Citi Mobile Token, which allows O many new digital de- the customer to generate an velopment strategies. Howev- authentication code without er, given the coronavirus pan- depending on SMS OTPs. An- demic in 2020, this shift from other means by which Citi is analogue to digital has seen improving risk prevention is in an exponential shift. Now, con- using biometric authentication sumers have greater access to for card deliveries. their fi nancial institutions and Citi continues to invest ability to smoothly access their heavily in the latest technol- fi nances anywhere among a ogy within the fi eld of fraud plethora of devices. Therefore, prevention and detection. In it is immensely critical to stay fact, Global Finance magazine educated and aware of fraud awarded Citibank UAE and Bah- risks, comply with prevention rain under the award category strategies, authentication poli- of Best Consumer Information cies and remain vigilant about Security and Fraud Manage- CK

TO our own role in not becoming a ment for 2019. Citi always plac-

RS victim of fraud. es the utmost importance on TE In the case of social engi- protecting the safety of its cli- UT neering scams, fraudsters tar- ents’ and their data. SH 18 Tuesday, October 20, 2020 PROTECT YOURSELF FROM EVOLVING FRAUD TECHNIQUES

t First Abu Dhabi Bank threatening the victim that their ● How to protect yourself: When As fraudsters (FAB), we take great account will get blocked if they do receiving such emails from your continue to pride in protecting our not cooperate. Victims are tricked counterparts, immediately con- A customers against fraud, into sharing their OTP, leading to tact them on their usual regis- adapt to change as we strive to put them first in all unauthorised transactions. tered telephone number to ver- in technology, that we do. Fraud attempts contin- ● How to protect yourself: Ensure ify the validity of the email and ue to adapt as technology and dig- the caller introduces themselves whether they have in fact updated customers need ital capabilities evolve, and one of along with their designation. Ver- their account details. to stay cautious the latest trends that we are wit- ify that the number they are call- ● Mule accounts: Fraudsters ap- nessing at the moment includes ing you from is legitimate. Always proach genuine account holders fraudsters using social engineer- check the purpose of receiving an with business or employment of- BY PRADEEP RANA ing techniques to get victims to OTP, as usually OTP messages in- fers, which require them to receive GROUP CHIEF RISK share their secured credentials clude information on the amount payments into their account. After OFFICER, FIRST ABU and authentication codes, includ- and reason for receiving the noti- being told that a sum is to be left DHABI BANK ing One Time Passwords (OTPs). fication. In any case, never share for them, they are then directed Here’re some tips on how to pro- your OTP with anyone. to hand over large amounts of the tect yourself from such schemes: ● Business Email Compromise transaction to fraudsters either in ● OTP scams: Fraudsters mis- scams: In this scenario, compa- cash or through onward transfers. use victim accounts at all levels. nies receive an email from a fraud- ● How to protect yourself: Never They contact individuals imper- ster impersonating a supplier or use your bank account for any un- sonating bank representatives or counterparty requesting them to related third-party transaction. If employees from official entities, make an urgent payment to an someone approaches you with of- compelling them to share an OTP updated IBAN or account. Based fers that are too good to be true, message that they received, in on such instructions, victims send be wary. Do your research, and order to update their contact de- the funds to the fraudster’s ac- when in doubt, contact your rela- tails. They sometimes go as far as count (beneficiary). tionship manager or bank. TIGHTER SECURITY MEASURES AND CONTROLS IN PLACE

t is perhaps no surprise that a new setup that aggressively cybercrime spiked during the adopts cloud and remote access lockdown to tackle Covid-19. services. I Since the beginning of May, ADIB has introduced a new se- phishing attempts have risen 600 cure set of collaboration tools to per cent in the UAE, while 80 per increase business productivity cent of companies claim to have without compromising informa- seen an increase in cyberattacks. tion security. The bank has also There are numerous contribut- enhanced its technical, procedur- ing factors to the acceleration of al and security awareness con- cyber fraud. Firstly, phishing at- trols, increased the portfolio of tacks had customised messages secure remote connectivity ser- related to the pandemic. Second- vices to cater to different kinds ly, working from home and the of users, and leveraged various adoption of various digital plat- essential than ever, especially institutions need to face, such technologies by moving from forms encouraged fraudsters to to banking customers who are as the enhancement of physical on-premises tools to cloud-based be opportunistic. Thirdly, individ- always the number-one target security controls; risk of internal technologies. uals accessed more data at home for fraudsters. There has been a and external fraud; risk of avail- Through a progressive strate- giving potential opportunities for 230 per cent rise in attacks on ﬁ- ability and business disruption; gy, ADIB will continue to ensure misuse by fraudsters. Finally, in- nancial institutions attributed to and the possibility of data leak- tighter security measures and dividuals using open public WiFi, the pandemic, as cybercriminals age. controls are in place, ensuring which often has no security mea- were quick to adapt well-known As a leading Islamic bank, ADIB staff are fully aware of its work- sures, was a further invitation for schemes by leveraging emotions is focused on increasing its mon- from-home policies and practise online criminals to strike. such as fear and confusion. itoring capabilities, as well as secure working, while updating Due to the pandemic, fraud In this new reality came new implementing additional layers the bank’s readiness plan to meet protection has become more challenges that companies and and types of controls to support all potential scenarios.

A GULF NEWS SPONSORED SUPPLEMENT SENIOR EDITOR PRIYA MATHEW | HEAD OF CONTENT — SUPPLEMENTS AND CONTRACT PUBLISHING SANKAR SRI PILLAI DUBAI P. O. BOX 6519 SENIOR ART EDITORS JOHN CATHERALL, NICHOLAS D’SOUZA | ASSISTANT ART EDITOR PRANITH RATHEESAN EDITORIAL: 04 406 7688 BUSINESS SUPPORT EXECUTIVE FERMEL FUENTES | HEAD OF SALES — SUPPLEMENTS AND CONTRACT PUBLISHING SUNDAR GHOSH ADVERTISING SALES: 04 406 7455 SENIOR ACCOUNT GROUP MANAGER CHRISTINA REBELLO | PRE-PRESS SUPERINTENDENT SHAJI VARUGHESE EMAIL: [email protected] PRE-PRESS OPERATORS YOUSAF NAEEM, ATUL PARADKAR ABU DHABI P. O. BOX 7441 TEL: 02 634 5144 PRINTED AND PUBLISHED BY AL NISR PUBLISHING LLC CEO AND EDITOR-IN-CHIEF ABDUL HAMID AHMAD | DIRECTOR, SALES AND PUBLISHING ANSHUMAN JOSHI DISTRIBUTED BY AL NISR DISTRIBUTION LLC PUBLISHER DAVID GEORGE | DESIGN DIRECTOR S.M. ARSHAD | PRODUCTION EDITOR FLOYD GONSALVES