Noor Ahmed, a resident of the UAE, has been losing over Dh3 daily from his post-paid mobile account for several weeks. He only became aware of this when he received a message from his telecom service provider informing him that he had reached his credit limit. "I was surprised to receive a message from a local telecom service provider as I hadn't used much of my available balance. I only use my pre-paid mobile balance to pay for parking via SMS. When I inquired with the telecom service provider's customer service at a hypermarket, I discovered that I was being charged by the VPN I had installed. So, I immediately uninstalled it," he explained. After uninstalling the Virtual Private Network (VPN) app, Ahmed, who had lost over Dh200 in just one month, stopped losing his balance. Ahmed was not the only victim of this type of VPN fraud.
Another long-term resident, Masoom Fatima, who had installed a VPN app for audio-video calls with friends and family, lost all her balance within a few days after recharging. "Whenever I recharged my mobile account, the funds disappeared within a day or two. This happened multiple times. After a friend suggested I remove the VPN app, I stopped losing credit," Fatima recounted. In the UAE, residents are allowed to use VPNs, but misuse can lead to legal trouble, including imprisonment and fines up to Dh2 million.
What do experts say? "If someone has installed a malicious VPN app on their mobile, the scammer can potentially access their phone and make unauthorized purchases, leading to deductions from the person's post-paid or pre-paid mobile balance. A malicious VPN app can gain control over the device, allowing scammers to make purchases from app stores like the Apple App Store or Google Play Store without the user's consent," explained Ezzeldin Hussein, regional senior director for solution engineering at Sentinel One. He noted that VPNs can intercept communications between the device and the internet, capturing sensitive information such as account credentials for app stores, which scammers can use to make unauthorized purchases.
Karthik Anandarao, chief technical evangelist at Manage Engine, emphasized that mobile phones are more susceptible to cyberattacks than other personal devices. "Users often don't know whether the VPN is connected or disconnected. Once hackers gain access to a user's mobile phone, they can access any app. The telecom provider’s app is no exception. Scammers can easily deduct money from users’ pre-paid or post-paid mobile balance. All the scammer needs is a point of entry into the user's mobile phone. It doesn't matter whether a VPN is active or disconnected," Anandarao stated. He also added that using a VPN does not make users invisible to hackers.
Ezzeldin Hussein mentioned that telecom operators can detect unusual activity and identify if scammers are stealing mobile balances from pre-paid customers or making postpaid customers pay for unauthorized purchases. "They monitor transactions and can flag unusual or suspicious activities, such as sudden large purchases or multiple small transactions within a short period of time. By analyzing typical usage patterns of customers, telecom operators can detect anomalies that may indicate fraudulent activity. Many operators use advanced fraud detection systems and algorithms to identify patterns associated with scams and unauthorized transactions," he explained. Additionally, Hussein advised customers to monitor their accounts regularly and report any suspicious activities promptly to help operators respond quickly and take necessary actions to prevent further losses.