ByOran Juriel
October 15, 2024

Everything you should know to stop falling for digital scams in Dubai

Not a single day goes by without another post about someone’s credit card getting hacked or someone being duped by fake website, this is why I decided to dedicate few minutes of my time to pitch in and spread awareness.

Common Types of Scams in Dubai

  1. OTP (One-Time Password) Scams
  2. Fake E-commerce Websites
  3. Phishing Emails and Messages
  4. Fake Job Offers
  5. Investment Scams
  6. Charity Scams

Let’s break these down and learn how to protect yourself from each type.

1. OTP Scams: How They Work and How to Protect Yourself

What is an OTP Scam?

An OTP scam usually involves fraudsters pretending to be from your bank or a trusted organization, tricking you into sharing your OTP, usually from Whatsapp so they can continue scamming other people, or from UAE Pass app so they can perform unauthorized transactions from your bank account. As with any scams, the steps you take after being scammed is REALLY important, contact your bank, let your friends & family know and for absolutely no reason do not pay anyone to ‘recover’ anything.

How OTP Scams Unfold:

  • The scammer contacts you pretending to be a government official or bank representative.
  • You receive an OTP on your phone, which the scammer asks for, claiming it’s needed for “verification” or to “reverse” a suspicious transaction.
  • Once you share it, they use it to make fraudulent transactions.

Steps to Avoid OTP Scams:

  • Never Share Your OTP: No legitimate company, especially your bank, will ever ask for your OTP.
  • Be Cautious of Unsolicited Calls: If someone asks for your OTP over the phone, hang up and contact your bank directly through official channels.
  • Double-Check Before Clicking: Always verify the sender before clicking on any link sent via SMS or email that leads to an OTP request. The sender can also be spoofed so be extra cautious.
  • Enable Two-Factor Authentication: Use two-factor authentication (2FA) that involves more than just an OTP, like Yubikey or use one of the Authenticator apps to store 2FA codes. Once I had my google account login compromised due to data leak i reused passwords everywhere, only reason I still have the account is due to 2FA I’ve setup.

2. Fake E-commerce Websites: Recognizing and Avoiding Them

What are Fake Websites?

These are fraudulent websites designed to look like legitimate e-commerce platforms, luring you into providing your payment information for products that either don’t exist or will never be delivered.

Recently there has been a trend of scammers buying ads on google search so when you search for mobile recharge or NOL card recharge they’ll bombard you with their scam ads leading to their fake website.

How to Spot a Fake Website:

  • Check for Contact Information: Legitimate websites often display physical addresses, customer service numbers, and live chat options.
  • Check the URL: Literally the simplest thing you can do, check the URL, simply copy and paste it into google search and see if its legitimate.
  • Research the Website: Search for online reviews or warnings about the website. Scam websites are often reported by past victims.
  • Too Good to Be True Offers: Be wary of deals and discounts that seem too good to be true. They might be bait to capture your payment details.

How to Protect Yourself:

  • Use Trusted E-commerce Platforms: Stick to well-known websites like Amazon, Noon, Dubaistore or other reputed retailers.
  • Use the apps whenever possible: Unless there’s a supply chain attack like one of the JS library CDN being hacked (see Polyfill JS) you can’t really do anything wrong with official apps, just ensure its downloaded from app store or google play.
  • Pay with Secure Methods: Use payment methods that offer buyer protection, such as credit cards. Avoid bank transfers or debit cards for online purchases, fraudulent transactions on a debit card can lead to immediate loss of funds from your bank account, making recovery more complicated sometimes impossible and time-consuming.
  • Check for Social Media Presence: Legitimate companies often have verified social media accounts or Wikipedia pages with their website link somewhere on their social media page.

3. Phishing Emails and Messages: Avoiding the Trap

What is Phishing?

Phishing is when scammers send fake emails or messages, often disguised as being from a legitimate source like your bank, trying to trick you into providing personal information or clicking malicious links.

Most of the time depending on the email host, they will just end up in spam but once in a while you’ll find them in Inbox, scammers are always innovating with the delivery method.

How to Identify Phishing Attempts:

  • Check the Sender’s Email: Scammers may use emails that look similar to legitimate addresses but often have minor spelling differences (e.g., “[email protected]” instead of “[email protected]”).
  • Urgent Language: Phishing emails often claim that you must act “immediately” to avoid serious consequences, such as account suspension or a missed payment.
  • Suspicious Attachments or Links: Phishing emails may ask you to download files or click on a link that installs malware on your device.

Protect Yourself:

  • Do Not Click Links in Unverified Emails: Hover over the link to check if the URL looks legitimate before clicking.
  • Use Anti-Phishing Tools: Enable anti-phishing tools provided by your browser or email client.
  • Report Suspicious Emails: Most email services allow you to report phishing attempts.

4. Fake Job Offers: Identifying Employment Scams

How Fake Job Scams Work:

Scammers offer fake jobs, often asking for an upfront fee for “visa processing” or other services. Once the money is sent, the scammer disappears, and the promised job never materializes. Last year while I was job hunting a seemingly legitimate company which I applied to sent me an email congratulating me with a password protected folder which was malware, I used the password and extracted the folder because I use Arch Linux it didn’t execute.

The first dead giveaway was the domain through which they emailed me was “[email protected]” instead of “[email protected]” or “[email protected]”, the second giveaway was the language used which i discounted as probably translated, and third the urgency language used.

How to Spot Fake Job Offers:

  • Unrealistic Salaries: If the salary offer seems too good to be true, it probably is.
  • Request for Payment: Legitimate companies will never ask you to pay for a job.
  • No Interview: If you’re offered a job without a proper interview process, be suspicious, cause literally no one’s going to do that.

How to Avoid Fake Job Offers:

  • Research the Company: Check the company’s website and verify its legitimacy, double check the domain name from where the email originates.
  • Use Trusted Job Portals: Stick to well-known job portals like LinkedIn, Indeed/Glassdoor or Bayt.
  • Never Pay for a Job: Genuine employers will never ask for payment at any stage of the recruitment process. Only cost that will be borne by you will be for the ILOE (Involuntary Loss of Employment) Insurance.

5. Investment Scams: Protecting Your Finances

How Investment Scams Work:

Fraudsters promise high returns with little to no risk, often using complex jargon or fake testimonials to seem legitimate. They may offer “exclusive” investment opportunities in real estate, crypto, or forex trading.

Red Flags:

  • Guaranteed Returns: No legitimate investment can guarantee returns.
  • Pressure to Invest Quickly: Scammers often pressure you to invest before you have time to think.
  • Unlicensed Brokers: Always ensure that the person or company offering the investment is licensed and regulated.

Steps to Stay Safe:

  • Do Your Research: Verify the legitimacy of the investment through financial authorities.
  • Consult a Financial Advisor: Before making any investment, consult a professional advisor.
  • Use Licensed Platforms: Only invest through licensed and regulated platforms like Sarwa, Equiti, eToro, Saxo Bank or IBKR.

6. Charity Scams: Beware of Fake Causes

What are Charity Scams?

Scammers create fake charities, often following a disaster or during festive seasons, to trick people into donating money to fraudulent causes.

How to Spot Fake Charities:

  • Verify the Charity: Check if the charity is registered with official bodies like the Dubai Charity Association.
  • Look for Pressure Tactics: Scammers may pressure you into donating immediately.
  • No Detailed Information: Legitimate charities will provide detailed information about how your donations will be used.

How to Avoid Charity Scams:

  • Donate Directly Through Official Channels: Use the charity’s official website or channels.
  • Request Receipts: Ask for official receipts for your donations.

General Tips to Avoid Falling for Scams in Dubai

  1. Keep Your Personal Information Private: Be cautious about sharing personal details over the phone or online.
  2. Use Strong Passwords: Regularly update your passwords and use strong, unique ones for each account. If you reuse your passwords everywhere then you’re a single leak away from being hacked. (See Donald Trump case)
  3. Stay Informed: Keep up to date with the latest scam techniques and fraud alerts from local authorities.
  4. Report Scams Immediately: If you suspect you’ve been targeted by a scam, report it to the Dubai Police through their official website or by calling 901.
  5. 2FA everything: Enable 2FA/TOTP in every single platform that allows you to enable.

Scams in Dubai, like in many cities, are evolving as technology advances. While the threat is real, staying vigilant and informed can drastically reduce your chances of falling victim. Always question unsolicited offers, keep your personal information safe, and report suspicious activities to the authorities.

Stay safe, stay smart, and remember: if something sounds too good to be true, it probably is!

ByOran Juriel
Updated

Read Next

Leave a Reply

Your email address will not be published. Required fields are marked *

Twitter Instagram Pinterest
2025 — Oran Juriel. All Rights Reserved.