Fraudsters deceive people using new techniques
One of the most common methods used by hackers to gain financial information is 'Congratulations, you have won a prize'. But since many people in Kuwait are by now aware of such fraudulent pop-ups on their computers and mobile phones, hackers have of late begun to improvise and find new ways to attract the attention of victims and steal their confidential information.
It is easy for those with average financial literacy to provide their financial and other confidential information to hackers through several methods of financial fraud. A new scam employed by hackers to target Kuwait is through fake emails and messages that are sent in the name of the Ministry of Communication, or other government authorities, to pry information from victims.
Unlike the lure of a prize, which usually attracts a small number of people, and even fewer people fall for the scam, an official message or email from a ministry of communication or interior usually attracts a much broader response. According to a recent fake email from the Ministry of Communications, recipients are asked to transfer a nominal fee for delivery or service. However, once your bank information is entered, everything in your account is wiped clean.
A number of Kuwaiti bank accounts have been reported to have been accessed by this type of fraud in recent weeks. Hackers have developed sophisticated tools to swiftly extract all the money from the accounts of their victims. Since the perpetrators of such hacks are usually in countries outside Kuwait, such as African and Asian nations, it becomes difficult to trace these hackers and bring them to justice.
The Kuwaiti population places several orders from abroad today, making it easy to fall into the hackers' trap especially when the fee is low. Added to that, in order to pay this nominal fee the victim would provide their bank details. This is when the hacker achieves control of the victim’s bank accounts, and in seconds performs withdrawals of large amounts. Besides targeting the funds of individuals, these hackers also attack and seize control of the databases of private corporations and public sector entities, and then demand that a ransom be paid for the return of the database and its control to the concerned company or government entity.
In Kuwait, another common scam is the offer of discounted services from beauty and health parlors that do not exist. They lure the consumer with a direct call and use the name of a well-known entity. When the victim agrees to an appointment or offer, the fraudster sends them a link with a small reservation fee. Unfortunately, once the payment process is completed, not only is the agreed amount deducted but several large transactions will follow even before the victim gets a chance to suspend the account.
Asked about the possibility of recovering the stolen amounts, bank officials explained that there are two types of bank cards - the 'KNET' card, a regular debit card that allows direct withdrawals. This means that the debit from a person’s account is immediate, which limits the ability of banks to intervene and stop the payment quickly.
Visa and Mastercard are two types of credit card available in Kuwait. A customer who owns the credit card and uses it to buy something, a merchant selling a product or service, a bank that holds the buyer's account, and an intermediary bank that is usually located outside Kuwait are involved in withdrawing from these credit cards.
As the payment process involves four parties, it takes about a week to complete, allowing the buyer to stop the completion of the transaction by asking the banks involved not to transfer the amounts.
Kuwaiti banks estimate that credit card transactions have an 80 percent chance of being recovered, whereas KNET debit card transactions have only a 10% chance. If the withdrawals were made through either Visa or MasterCard, it could take between a week and 45 days for the funds to be returned to the buyer's account. While banks in Kuwait are striving to strengthen their defenses against hacking, it is also worth noting that hackers are constantly evolving their offensive hacking tactics.
To prevent financial fraud and keep accounts safe from hackers and other illegal actors, keep in mind that bank account information should be kept confidential and never shared with strangers through emails or social media messages. It must not be given to any party, even if the sender of an online message claims to be a ministry or even your own bank. The request for personal data from bank accounts, even if required, is never done by telephone, e-mail or messages.
The OTP (one-time password) sent by your bank must never be shared with anyone, even if you fall prey and enter your personal account data.
Disclosing the OTP to another individual would be the equivalent of handing your house key to a thief, who will then have complete control over taking anything in your house at that point in time. The OTP is the key that allows hackers to easily steal from a victim’s account, and hence it must never be shared with any other person, no matter how persuasive or motivating the message asking for the OTP might be.
The Central Bank of Kuwait along with local banks and many government agencies have been frequently sending out messages through online and offline media to raise the level of public awareness about hacking and other online fraudulent activities.
While these proactive steps have helped tackle and reduce fraud operations to a large extent in Kuwait, we need to remember that it is also our individual responsibility to take the necessary precautions to prevent falling victim to such scams.