UAE banks warn of ‘magic pen’ phishing frauds

UAE – The national media in the UAE has highlighted the issue some banks are facing with “magic pen” fraud.

In an email alert sent to its customers, First Gulf Bank (FGB) said: “Instances of cheque forgery are being increasingly reported. A variation of a cheque fraud is where the cheque issuer is persuaded to fill up details related to amount and/or beneficiary by a pen provided by the third part. The writing of such “magic ink pens” disappears after a while and the fraudster fills up desired amount and beneficiary name to fraudulently cash such cheques.”

The following tips have been provided to protect individuals from such fraud:

  • Consider having different set of signatories depending upon amount thresholds
  • Keep your cheque book secure and use it sparingly, where possible use electronic banking
  • Regularly check your account statements, SMS and emails from your bank
  • Don’t give cheques to unknown people, sometimes fraudsters offer deals which are “too good to be true” to get a cheque sample from victims
  • All cheques have security features, some of which are printed on the front/back of the cheque. Please ensure that any cheque being presented by you contains those security features
  • If someone offer you a pen to write on cheques, be careful and check whether this could be a “magic ink pen.” Remember that usage of such pens in prohibited in UAE and any person found to be using such pens may be reported to relevant authorities.

Earlier, RAK Bank had also warned customers of “magic pen” fraud.

“These fraudsters ask customers to complete the loan/credit card applications and provide a blank signed security cheque wherein the imposter fills up the details on the cheque in their presence using his magic pen.

“Subsequently, the details of beneficiary and amount in the cheque are altered since it was filled up with the magic pen, which allows the details entered to be erased without a trace.  The cheque is then cashed from various banks using third parties,” the notice said.

What is “phishing”?

Another serious issue is “Phishing”.

“Phishing” is an internet scam whereby fraudsters send emails with the intention to collect critical personal and financial information. These “phishing” emails look genuine and appear to be coming from a legitimate bank. They always contain a link to a “spoofed” website asking you to provide an update or confirm sensitive personal information and / or download and install “security software” by clicking on a link. Typically these emails will:

  •     Carry a message stating urgent action is required due to a system or security upgrade
  •     Contain a warning stating that your account / card has been suspended or will be suspended and that you need to visit a “secure” link to activate or restore your account / card
  •     Contain a link to update your contact details like mobile number or email address. Clicking on the link would open a webpage which may appear to be very similar to Citibank Online (for example) but would actually be a spoofed site