Social Engineering in the UAE: Impersonating Police Officers

Social engineering has always fascinated me. What fascinates me about it is the ever-evolving methods and tricks cyber criminals come up with to trick people into giving up private or personal information.
We all know about OTP scams. There are several methods hackers utilize social engineering to gain access to private/confidential information. We will talk about one that’s unique to the United Arab Emirates.
OTP Scams in Short
In short, OTP scams are scams that involve hackers/fraudsters contacting the victim and asking them for a one-time password (OTP) that gets sent to them through SMS. In order to obtain this code, cyber criminals come up with interesting techniques and explanations for why you should send them the code. One example is the following: A scammer sends you a message pretending to be one of your friends/relatives. They tell you that they put your phone number by mistake and you got a text message with an OTP. You will then send it to them. Game over.
Why Shouldn’t Anyone Get This Code?
One-time passwords (OTP) are usually six or four-digit numbers that get sent to you through SMS. They help most social networking apps verify that you actually own the phone number you put in their app and registered your account with. This code also helps you register Whatsapp for example. The reason you shouldn’t share the OTP with anyone is because cyber criminals can and will gain access to your account(s) easily if they manage to trick you into giving up this code.
How to Avoid OTP Scams
Simple.
1- Don’t give anyone any OTP you get through SMS
2- Enable two-factor authentication (2FA) on all of your social networking accounts
OTP and Abu Dhabi Police
Now that you’ve known what OTP scams are, I will show you why you needed to know what they are before going on with this article.
Several cyber criminals have been calling people and starting off the conversations with the following:
“This is Lieutenant Ahmad Al ******* (fake Lt.) from Abu Dhabi Police’s Headquarters, you will now receive this transaction’s code from our headquarters through SMS.”
“I’m going to need to get a few of your personal details for further verification and we will proceed this conversation”
Screenshot from one of the victims’ iPhone (six-digit code)

 

After “proving” that they are from Abu Dhabi Police’s Headquarters and are in fact police officers, they ask for private details with regards to their bank accounts. One of the victims mentioned that after this conversation, they saw that there has been an attempt to withdraw 500AED from their bank account. This was right after the conversation ended with the supposed police officer and after they have given the cyber criminal their bank account details.
It appears that they are impersonating police officers, using Abu Dhabi Police’s app to send an OTP to the victims’ phone numbers to give the illusion that they are actually with the police and finally asking for private bank account details. All of this trickery to get their hands on the victims’ accounts and withdraw money from them illegally.
Conclusion
Be aware of this new and sophisticated scam. Warn friends, family members and any person you can reach. Use your social media platforms to warn of such scams as they could be devastating for some victims. Especially people with existing financial problems. Always remember, hacking humans is way easier than hacking machines.
 
By: Mohammad Ali Alawadi

Leave a Reply