The Government's anti-cybercrime unit has warned that "phishing" attacks are increasingly targeting the UAE's domestic financial sector and has urged bank customers to be vigilant.
About 72 per cent of phishing attacks last year targeted customers of local banks, according to statistics from aeCERT,a UAE cybercrime task force. In phishing, cybercriminals attempt to dupe bank clients with emails resembling official bank requests for user names and passwords.
International banks were experiencing a lower rate of attacks on their customers, which might be a result of more sophisticated data centres spread across multiple countries, said Meshal Abdulla BinHussain, the operations manager at aeCERT.
"The statistics show that local banks are being targeted more often," he said at a press round table in Dubai. "We're working more actively with the local banks, though we've not had anything reported yet in terms of losses."
However, aeCERT believes that cybercriminals are being successful in their efforts because of the persistence of attacks and their frequency.
One potential vulnerability could be phishing attacks timed to coincide with banks' website upgrades, Mr BinHussain added.
Institutions such as National Bank of Abu Dhabi and First Gulf Bank have recently redesigned their websites. Cybercriminals might have viewed as a "window of opportunity", Mr BinHussain said.
"We've noticed that we have been changing websites more often," he said. "Users surprised to see the new website can fall for the trick."
The computer response agency did not say which banks had been targeted by phishing attacks and added that it had no evidence that any accounts had been compromised.
HSBC Middle East has attempted to secure its customers' online-banking operations through providing keypads that generate a single-use password, said Rick Crossman, the bank's head of retail banking and wealth management for the UAE.
"We're trying very, very hard to balance the need for enhanced security with customer experience," Mr Crossman said. "This is a process that we've put an awful lot of time and effort into."
But such devices are far from popular. Several Facebook groups have been set up in the United Kingdom criticising the keypads, which are required to process most online banking transactions.
Bank customers in the UAE have complained to The National over difficulties receiving the keypads, particularly those lost in the mail.
HSBC said that no risks were posed by a lost keypad and that the bank had tried to ensure receipt by using courier deliveries for the devices.
"The quickest way to evaporate trust and credibility is to have a customer base that thinks you're not doing everything to protect their information," Mr Crossman said. "The last thing we want is customers going back to carrying lots of cash around in their pocket. All banks are serious about online security."
However, banks were likely to face significant difficulties in dealing with cybercrime for the foreseeable future, said Johnny Karam, the regional director at the global online-security firm Symantec.
"From a research and development perspective, this is an arms race today," he said. "We can put all the solutions you want … If the customer isn't at par with what needs to be done online, we haven't done anything."
The UAE had a number of qualities that made its financial system a tempting target for cybercriminals, Mr Karam added.
"You don't see Greece or Portugal on top of the list. Those attackers want to make money. That's why the Middle East is a fertile target," he said.
From: The National