Sarika Thadani, a Bur Dubai resident and single mother who has been living in Dubai for two decades, became a victim of a phishing scam, resulting in a significant financial loss from a Dh29 meal to Dh9,872. This incident highlights the increasing prevalence of fraudulent websites that imitate legitimate food delivery services to steal credit card information from unsuspecting customers.

Sarika detailed her experience, stating that on July 31, she tried to order through a Facebook ad offering discounted meals from a well-known fried chicken restaurant. She planned to order sandwich rolls and chicken nuggets for her staff as a treat on her mother's birthday. 'I felt it was my duty to treat my staff since they had called to wish my mum a happy birthday. I saw this heavily discounted offer and decided to take it,' she explained to Khaleej Times. However, after entering the OTP provided by her bank, she was shocked to see a Dh2,020 charge instead of the Dh29 she expected. 'I immediately called the bank and was told that multiple unauthorized transactions had been made, totaling Dh9,872.69,' she recounted.

Sarika expressed her frustration with the bank's reaction. 'I informed the bank within minutes, but they couldn’t stop the payment. What’s worse, I only received one OTP for all these transactions. Why isn't there a system in place to hold such transactions when the bank is informed about fraudulent activity immediately? If they had put a hold on the payments and investigated, the outcome could have been different.'

Understanding the seriousness of the situation, Sarika asked the bank to stop the transactions and block her card. The bank directed her to the nearest police station to file a complaint, which she did at the Al Raffa Police Station. There, she was told to register the case on the police's e-crime website and submit supporting documents, including a dispute form and bank statement. 'The next day, the bank acknowledged that the transactions were on hold, but later informed me that the payments had gone through,' she said, adding, 'I’m devastated. As a middle-class family, this money is a lot, even if I pay it back in instalments.'

After receiving her bank statement on August 14, she registered the case with Dubai Police. Two days later, however, the bank notified her that the case had been closed because she had provided the OTP, making her liable for the charges. Similar incidents have been reported in the past. Last year, Khaleej Times reported how Rahul Khillare, a Dubai resident, was tempted by an enticing deal of Dh14 for a combo meal. After clicking the link and entering his credit card details, he was shocked to find that Dh14,000 had been charged instead. Similarly, another Dubai resident, Frank (name changed), ordered from what he believed to be a popular fast food chain’s authentic website. Expecting to pay only Dh37, he was instead charged Dh4,848, with no food delivered to his flat.

Cybersecurity experts highlighted that Sarika's ordeal underscores the escalating threat of phishing scams, where fraudulent websites pose as legitimate food delivery platforms to deceive users into revealing their credit card information. 'Lured by attractive offers, individuals unwittingly share their card details, which scammers then exploit to carry out unauthorized transactions,' said Obaidullah Kazmi, founder and CTO of CREDO Technology Services LLC. 'Education campaigns can help raise awareness and prevent scams. Additionally, swift action at the country level to shut down fraudulent websites and better collaboration between banks and law enforcement are crucial in minimising the impact of such incidents. Banks should implement artificial intelligence (AI) and machine-learning (ML) driven technology to continuously analyse transaction patterns, detect anomalies in real-time, and predict potential fraudulent activities, allowing for proactive intervention and minimising the likelihood of such scams,' Kazmi added. Authorities and banks have routinely advised residents to be vigilant and verify the authenticity of websites before making online transactions, especially when prompted by advertisements on social media platforms.