‘Congratulations, you have won a prize’, is one of the most common methods that hackers have used to get financial details of their victims. But since many people in Kuwait are by now aware of such fraudulent pop-ups on their computers and mobile phones, hackers have of late begun to improvise and find new ways to attract the attention of victims and steal their confidential information.
There are several methods of financial fraud that easily convince those who have an average financial literacy to provide their financial and other confidential information to hackers. A new scam employed by hackers to target Kuwait is through fake emails and messages that are sent in the name of the Ministry of Communication, or other government authorities, to pry information from victims.
Unlike the lure of a prize, which usually attracts only a limited number of people, and even fewer people fall for the scam, a message or email from an ‘official agency’, such as the ministry of communication or interior, generally attracts a far wider response. A recent fake email, purportedly from the Ministry of Communications, asks recipients to transfer a nominal fee for the delivery or a service or letter, But once your bank details are entered everything in your bank account is wiped clean in seconds.
In the past weeks, dozens of bank accounts in Kuwait were reported to have been exposed to this type of financial fraud. Hackers have developed sophisticated tools to swiftly extract all the money in the account of their victims. Since the perpetrators of such hacks are usually in countries outside Kuwait, such as in African and Asian nations, it becomes difficult to trace these hackers and bring them to justice.
There are various ways that hackers target victims,A large segment of the Kuwaiti population today place several orders from abroad hence it is quite easy to fall into the hackers trap especially when the fee is limited. Adding to that, in order to pay this nominal fee the victim would provide their bank details, this is when the hacker achieves control of the victim’s bank accounts, and in seconds performs withdrawals of large amounts. Besides targeting the funds of individuals, these hackers also attack and seize control of the databases of private corporations and public sector entities, and then demand that a ransom be paid for the return of the database and its control to the concerned company or government entity.
Another common type of scam that is making the rounds in Kuwait these days is through the offer of discounted services from beauty and health parlors that do not exist. They lure the consumer with a direct call and use the name of a well-known entity. Once the victim agrees to an appointment or offer, the fraudster sends them a link with a small reservation fee. Unfortunately, once the payment process is completed, not only is the agreed amount deducted but several large transactions would follow even before the victim gets a chance to suspend the account.
Bank officials, asked about the potential to recover the stolen amounts, explain that there are two types of bank cards — the first is the regular debit card known as the ‘KNET’ card, from which any withdrawals are direct and mandatory. This means that the debit from a person’s account is immediate, which limits the ability of banks to intervene and stop the payment quickly.
The second type of financial card available in Kuwait is the credit card, this includes the likes of Visa and Mastercard. Withdrawals from these credit cards are made with the participation of four parties — the customer who owns the card and uses it to buy something, a merchant selling a product or service, the bank that holds the account of the buyer, and an intermediary bank that is usually located outside Kuwait.
Due to the presence of the four parties, the implementation of the payment process takes about a week, which gives the buyer the time needed to stop the completion of the transaction by asking the banks involved not to transfer the amounts to their destination.
Banks in Kuwait estimate that the chance of recovering money transacted through a credit card is nearly 80 percent, while that for a KNET debit card is only about 10 percent. The recovery time for these funds to be returned to the buyer’s account could range from a week to 45 days if the withdrawals were made through either Visa or Mastercard. While banks in Kuwait are striving to strengthen their defenses against hacking, it is also worth noting that hackers are constantly evolving their offensive hacking tactics.
Some of the steps to prevent financial fraud and keep accounts safe from hackers and other illegal actors is to always keep in mind that a bank account data should be kept confidential and never shared with strangers through emails or messages on social media platforms. It must not be given to any party, even if the sender of an online message claims to be a ministry or even your own bank. The request for personal data from bank accounts, even if required, is never done by telephone, e-mail or messages.
Even if you fall prey and enter your personal account data, you must never provide the OTP (one-time password) that is sent by your bank to another individual. Disclosing the OTP to another individual would be the equivalent of handing your house key to a thief, who will then have complete control over taking anything in your house at that point in time. The OTP is the key that allows hackers to easily steal from a victim’s account, and hence it must never be shared with any other person, no matter how persuasive or motivating the message asking for the OTP might be.
Central Bank of Kuwait along with local banks and many government agencies have been frequently sending out messages through online and offline media to raise the level of public awareness about hacking and other online fraudulent activities. While these proactive steps have helped tackle and reduce fraud operations to a large extent in Kuwait, we need to remember that it is also our individual responsibility to take the necessary precautions to prevent falling victim to such scams.