Combatting Scams: Protect Yourself From Government Impersonation In UAE

In the bustling heart of the UAE, where trust and community spirit thrive, a shadowy menace lurks - government impersonation scams. These deceptive schemes have evolved into a significant threat, targeting individuals under the guise of authority, deceitfully coaxing them into financial and emotional vulnerability.

Ms I. Warsi, an educator, received a phone call over the weekend. The voice on the other end claimed to be an official from Dubai Police, asserting that there was a critical issue with her bank account. Panic set in as Ms Warsi was informed that unless she changes password and security details immediately, she will risk losing her hard-earned money to fraudsters. The threat was palpable, and in her haste, she provided some of the personal information but refused to share OTP number, which saved her from the fraudster. But, not everyone is as lucky as Ms Warsi who took a wise decision at the eleventh hour.

A. Ali, another victim based in Dubai, shared his ordeal: "I thought I was helping my friend. They sent me a message claiming to be from the bank, asking for assistance. I didn't realise it was a scam until it was too late."

These scams often leverage sophisticated tactics, employing fake caller IDs, official-looking messages, and even impromptu visits from accomplices posing as government officials. Fraudsters exploit the natural fear individuals have when faced with legal or immigration issues, effectively manipulating their victims into quick compliance. These frauds typically unfold through sophisticated channels: vishing calls where fraudsters, using spoofed numbers, demand immediate payment for fabricated violations like visa overstays or traffic fines. Victims are directed to phishing websites mimicking official portals, where they unwittingly surrender banking credentials.

Cybercriminals also pose as officials from entities like the Ministry of Interior, Dubai Police, or the General Directorate of Residency and Foreigners Affairs (GDRFA) to exploit unsuspecting residents. Latest data from cybersecurity firms indicates that financial frauds jumped 25% in 2024, with impersonation schemes contributing over 30% of cases, leading to significant losses annually. A recent PwC report highlights that 65% of the UAE residents encountered at least one impersonation attempt in 2024, up from 45% in 2023, with millennials aged 25-34 hit hardest due to high digital engagement.

Public Awareness

The UAE authorities have recognised the growing prevalence of these scams and have ramped up efforts to educate the public. They ramp up their efforts to combat these scams and urge the public to remain vigilant.

"Always verify the identity of the caller and never share personal information over the phone. It's better to double-check than to become another victim," advise officials.

Using official channels and media platforms, the authorities have repeatedly warned about scams involving impersonation of law enforcement agencies, banks, and government institutions. Dubai Police, the Ministry of Interior (MOI) and banks frequently issue alerts, reminding residents that official entities and financial institutions will never request sensitive information such as banking details or UAE Pass authorisation via unsolicited emails or messages.

Ed Skoudis, President and Fellow at SANS Institute, said the government impersonation scams are becoming increasingly common and more convincing. Criminals are posing as government agencies, tax collectors and even law enforcement and they use detailed and twisted schemes to trick people into giving access to their personal devices, authenticating their bank accounts, and even just directly wiring money to the scammers.

"These scams often use very similar techniques from scam to scam, repackaged in a different format or posing as a different government agency. But they typically have one or more techniques (mentioned below) in common," he said.

Spoofed caller ID and an official government agency name: Spoofing Caller ID is easy to do today, and setting up an SMS name that looks like a trustworthy government agency or law enforcement group is not difficult. They sometimes use government ministry logos in association with their contact details.

Investigation or other official government business scenarios: Attackers often lead with a credible-sounding story, such as a law enforcement or tax investigation, claiming the victim is either under scrutiny or needed to assist in an official case. Traffic fines for parking or speeding are another common angle. These stories feel legitimate, least at first. But once trust is built, the demands escalate quickly: access to bank accounts, one-time passwords, or remote device control. By then, the social engineering is so effective that breaking the attacker's hold becomes incredibly difficult.

Tie-in with topical news or time of year activities: The scammers often base their scenarios on a popular media story associated with government ministries, newly passed laws, or time of year activities (such as tax collection days). This helps to make their scenarios more believable and likely to get a response.

The use of SMS or email: In the past, most of this activity occurred via spam email, but today, SMS is the king of delivery mechanisms for these scams.

The use of fear and urgency: The scenarios are inevitably based on an urgent situation that the victim must help with, such as a pending fine or fee that will only go up or even result in incarceration if the victim doesn't respond immediately. This push for speed and spread of fear is designed to short circuit the critical thinking processes of the victim and have them respond emotionally.

Layers of government personnel: To make the ruse even more convincing, attackers will often refer victims to another fake government agent to advance the scam forward. The victim will be passed from one person to the next, each 'helping' a little bit to defuse the situation, but all designed to win the victim's trust and get access to their money or devices.

Building trust with detailed walk-throughs and forms: Attackers will provide hand-held detailed verbal walk-throughs of how to defuse the phony situation, appearing to help the user via phone conversations through every step of the process. They help them fill out bogus government forms and applications, passing them off to other fake government personnel. The scammers come across as genuine and helpful, even though they are criminals.

Credential and device theft: The attackers move forward step by step to gather all the victim's sensitive information and access their financial resources. They do this by installing malicious apps, getting users to click links, gathering usernames and passwords, determining bank and other financial information, and stealing one-time passwords from multi-factor authentication solutions.

"These scams may vary in storyline, but over 80% follow this same pattern. They are highly targeted and meticulously executed, often aimed at elderly individuals, as they are more likely to have resources and easily succumb to the technical complexity of these attacks. That's why awareness matters, understanding the signs and educating your family or workforce can make the difference between staying safe and being exploited," Ed Skoudis told BTR.

Unfortunately, he said there's no reliable way to verify if a phone number truly belongs to a government agency.

"Search engines rarely help, and official government personnel often use generic or unlisted lines. The safest option? Visit the agency's official website, find a published contact number, and call directly to verify."

In reality, he said the government ministries rarely initiate contact via phone or SMS, official communication is typically handled through postal mail. "So any unsolicited call or text claiming to be from a government body should raise red flags. It's not impossible, but it's uncommon. As for how attackers knew to reference a government interaction? There's no easy answer. It could be coincidence, a compromised agency system, or the victim's own device already being monitored. Any of these could open the door and determining the exact source is often impossible."

Don't Share Personal Info

Gopan Sivasankaran, Sales Director, Sophos, shares his personal experience and advised the residents to be vigilant and don't rush for financial transactions or share personal information with unknown officials.

“Just last week, I received a video call from a Gmail ID titled 'Dubai Police' with a random number. Out of curiosity and honestly to waste their time so they don't prey on someone more vulnerable, I answered the call. On the other end was someone posing as a police officer, wearing a full UAE Police uniform. Speaking English with a strong Arabic accent, he claimed I had made an illegal ATM transaction and demanded that I flip my camera to show him my bank card. I played along for eight or nine minutes until he realised I wasn't falling for it and began swearing. I immediately reported it to Dubai Police's eCrime section. Their first question to me was: 'Did you share anything?' Of course, I hadn't. But imagine if this had been someone less suspicious or more fearful, this scam could have worked," he said.

"The lesson is simple: if someone is pressuring you to act immediately, whether it's a fine, a visa issue, or your bank account, it's almost always a scam. No government department or bank in the UAE will ask you to share your ATM card on a video call or transfer money to a personal account. Fraudsters use fear and authority as weapons. If you feel rushed or threatened, pause and verify through official channels. That moment of doubt might just save your money and your identity,” Sivasankaran said.

Ram Vaidyanathan, Chief IT Security Evangelist, ManageEngine, said cybercriminals are more active to fool innocent people through their frauds.

According to the 2024 State of Scams in UAE survey, about 56% of the population receives at least one scam attempt each month. It doesn't come as a surprise that scam calls and messages are on the rise, with fraudsters pretending to be government officials, law enforcement, or the victim's bank. Their goal is to trick people into sharing sensitive information they can use to siphon money.

One of the most common scams involves scammers posing as the Dubai Police or Federal Authority for Identity, Citizenship, Customs & Port Security, claiming that the victim's Emirates ID is blocked or that they can face deportation unless a fine is paid. Once they gain access to banking details or OTPs, they can drain funds. In March 2025, a Dubai resident received a call from an unknown individual posing as a Dubai Police officer, claiming his bank account would be frozen unless he updated his details over the call. The realistic nature of the call led him to comply and soon he discovered Dh9,900 had been withdrawn from his account.

Criminals can also pretend to be from law enforcement and tell victims that their identity has been linked to criminal activities. They can then demand money to“settle the case”. It is critical to remember that no real police would conduct arrests or investigations over the phone. Watch out for these red flags:

Urgency and threats: Real authorities will not threaten you with arrest over the phone or demand instant payment.

Requests for personal data: Banks in the UAE will never ask for your PIN, password, or OTP.

Unusual payment methods: If you are asked to transfer money to a personal account, buy gift cards, or use cryptocurrency, it is a scam.

How the Scams Work

Government impersonation scams involve fraudsters posing as representatives of federal or local agencies or departments. Scammers attempt to gain trust by claiming there is an urgent issue, such as unpaid taxes, suspended benefits, or immigration concerns. They pressure victims into providing personal information or making immediate payments. These scams are typically carried out through phone calls, emails, or text messages.

Be Aware of Red Flags

• Unexpected phone calls, texts, or emails about taxes or benefits

• Spoofed caller IDs or email addresses that appear legitimate

• Poor spelling or grammar in messages

• Pressure to act immediately, often with threats of arrest or fines

• Requests for payment through gift cards, cryptocurrency, or peer-to-peer apps

• Demands for immediate payment within hours or days

Call of Action

> Report the incident to the government agency being impersonated

> File a complaint with the authorities concerned

> File a police complain with local law enforcement

> Contact your financial institutions to file a fraud claim

How to protect yourself

Verify the source of contact: Official government entities in the UAE will never ask for sensitive personal or banking information over the phone, via text message, or through unofficial channels. If you receive such a request, hang up and verify the matter using an official contact method.

Do not click suspicious links: Be cautious of any links in unsolicited emails or SMS messages, even if they appear to be from an official authority. Always access government websites by typing the official URL directly into your browser or by using official apps.

Decline unsolicited UAE Pass requests: If you receive a login request or OTP for UAE Pass that you did not initiate, decline it immediately and do not share any codes.

Use official channels for payments: Only make payments for fines or government services through official websites, apps, or payment centers. Never use a payment link provided in a message.

Secure your financial details: No legitimate bank or government entity will ever ask for your CVV, PIN, or online banking password. Never share these details with anyone, even if they claim to be from an official organisation.

Be wary of high-pressure tactics: Scammers often use fear and a sense of urgency to make you act without thinking. Be suspicious of anyone demanding immediate payment to avoid a penalty.

MENAFN29092025000049011007ID1110123288