5 main methods of financial fraud and hacking bank accounts

Experts in information security, digital media, and artificial intelligence said that the current time is witnessing a significant increase in fraudulent operations based on the “authorized payment” method by deceiving victims and directing them to pay large sums of money voluntarily, and using fake and artificial identities in order to carry out fraudulent operations against accounts on banking and lending platforms.

They explained to “Emirates Today” that there are 5 main methods for financial fraud and hacking bank accounts, explaining that fraudulent links usually use minor spelling errors in website addresses or imitate official trademarks, demanding not to click on any links or text messages urging urgent action related to the account, and to be suspicious of any message that requests immediate action or requests sensitive personal information outside the framework of a secure login process. And approved.

Frauds

In detail, Haider Pasha, Chief Information Security Officer for the Europe, Middle East and Africa region at Palo Alto Networks, said, “The current time is witnessing a significant increase in fraudulent operations based on the (authorized payment) method, as social engineering that is being enhanced with deep fake technologies contributes to deceiving victims and directing them to pay large sums voluntarily.”

He added that sophisticated criminal organizations are increasingly using fake, artificial identities in order to carry out new fraud operations against accounts in banking and lending platforms, taking advantage of fragmented identity verification procedures, noting that many fraudulent attacks aim to control user accounts by using data stolen from phishing operations or malware with the aim of completely controlling the accounts.

Pasha pointed out that “fraud and financial hacking methods have witnessed great development, which has led to the development of methods to confront fraud to detect it early.”

He explained that the most effective trend is to shift to integrated cybersecurity platforms that are concerned with unifying cybersecurity tools in one platform, starting from coding all the way to the cybersecurity operations center, so that the counter-standards include behavioral analyzes based on artificial intelligence to detect deviations in the ongoing operations and the flow of transactions that indicate the presence of fraud before the transaction is completed. The application of the zero trust model for network access also helps (ZTNA) in ensuring continuous identity verification.

He stated that “the presence of a unified security operations platform allows for a rapid and automated response by linking fraud detection to the implementation of countermeasures throughout institutions.”

He noted that ordinary people can differentiate between messages and links issued by official authorities and fraudulent messages, especially since fraudulent links often use minor spelling errors in website addresses or imitate official trademarks.

Pasha asked not to click on any links contained in unsolicited emails or text messages that are related to urging urgent action related to the account, and instead to resort to the bank’s official website or use its mobile application, and to be suspicious of any message requesting immediate action or sensitive personal information outside the framework of a safe and approved login process.

Pasha advised individuals who fall victim to financial fraud to immediately inform their financial institution to freeze their accounts and begin the fraud protection process, and to report the incident to law enforcement agencies and national units to combat cybercrime. He stated that this must be followed by the necessity of changing all passwords, starting from the email to the bank account, and using a password manager, noting the necessity of constantly monitoring financial balance reports and being vigilant in the event of receiving reminder calls or emails from alleged “data recovery agents,” which is often the beginning of another fraud attempt.

Bank accounts

Digital media and artificial intelligence expert, Dr. Muhammad Al-Feki, said, “There are four main ways to hack bank accounts, the first of which is social engineering, where the hacker does not penetrate the accounts, but rather makes the user give him data, especially related to bank accounts and credit cards, so that he can enter the accounts and withdraw money from them.”

He explained that in this case, the “hacker” speaks from a local phone claiming that it is from a bank by using fraudulent programs that enable him to change the caller’s name to the name of a bank or government agency, and asks him to update or complete the data, and informs him that there are certain fees that will be added to the account, which requires verification if the user will pay them or be exempt from them, indicating that “the hacker is aware of the victim’s basic data to convince him that he is from an official body.” It then requests some banking data gradually so that the user does not feel that it is a trap for fraud.

He noted that the “hacker” withdraws money from the victim’s account by creating e-commerce sites or sending the victim a data confirmation number (OTP) to transfer the money to his account. He pointed out another method of fraud, which is withdrawing the “cookies” that are stored on computers to remember personal information, by planting malicious software on the computer by sending a link, image, or invoice, and the victim clicks on it. This is followed by downloading the program to the computer and it appears as if the fraudster is the victim himself and does not ask him for any password, which facilitates fraud and money transfer operations.

He noted that one of the most dangerous scams is known as “SIM Swap” or the phone SIM swap scam, where the fraudster contacts the telecommunications operator and asks to change the SIM card with a new one, and gives him the victim’s basic data, only for the victim to find that his phone has been turned off, while the fraudster changes the password and thus “OTP” reaches him and withdraws the victim’s money easily.

He also pointed out the fraud through digital identity theft, which includes all the user’s personal data with an electronic signature after convincing the victim that he is from a police or official body and wants to verify the identity, and sends him a confirmation so he can click OK to withdraw the data and send it to the hacker. He enters from his phone, enters the identity and password, and can change the data and access his bank accounts.

He pointed out a fifth and common method, which is fraud through investment by sending messages to the victim via social media, especially Telegram, to persuade him to invest with a profitable return within a short period, and actually gives him an attractive return, which prompts the victim to increase the amount invested, followed by stealing large sums of money from the account. The fraudster also convinces people who he is sure have large sums of money in their account to invest in exchange for a profitable return through a platform he claims is official, through which payment can be made using a specific link, and it appears that the amount invested is, for example, a thousand dirhams, but in the same programming on the payment page, the amount withdrawn is 100 thousand, for example, or millions.

For his part, communications and information expert, Ahmed Hamdi, said, “Subscribers’ awareness represents the main barrier to financial fraud attempts in light of the significant increase in existing fraud operations, using deep fake techniques to deceive victims and direct them to pay large sums voluntarily,” adding that there are 5 common methods of fraud, the most prominent of which are identity theft, switching the phone SIM card, and hacking through cookies.

He noted the necessity of not trusting anyone and not responding to any message requesting immediate action or obtaining sensitive personal information outside the framework of approved login processes.