Layla, a woman in her 70s, was initially hesitant to reveal her bank details to a caller pretending to be a bank official and requesting an update of her ATM debit card. She surrendered when the scammer insisted her ATM visa card would stop working if she declined to cooperate.
Strangely enough, the scammer also managed to provide her ID card number and address as evidence that he was an official from the bank. Layla feared that her account would be frozen if she did not cooperate, and ultimately she provided the one-time password (OTP) for her ATM card.
A few seconds later, she received a message from the bank saying that LE20,000 had been withdrawn from her account via her ATM card. Layla hastened to report the incident to the bank, but officials insisted she has been subjected to vishing. She reported the fraud to the authorities, but she was told that it was hard to detect the perpetrators or retrieve the money since fraudsters use fake numbers.
Unfortunately, Layla is not alone, and other similar cases of fraud have been reported, including stealing accounts through phishing (via e-mails or malicious websites), vishing (via calls), and smishing (via sms/text messages). Based on these reports, all it takes can be a five-minute call or message for bank customers to lose their savings.
One typical vishing call might go as follows. “We are your bank’s customer service. We have detected an unusual withdrawal attempt on your account and need to verify your data. We have sent you a message with a PIN. Please click on the link to receive it.”
The victim then typically clicks on the link, and within minutes he finds his bank account emptied. Only then do victims realise that they were subjected to digital fraud.
Such incidents are no longer isolated cases. Digital fraud has grown into a trend recently, and it may be carried out in the name of major national banks such as the National Bank of Egypt, the Bank of Alexandria, and the Banque du Caire. Fraudsters commit their digital crimes through fake webpages, deceptive messages, and links that closely mimic official sites to steal banking credentials and transfer funds. This is compounded by limited user awareness and insufficient digital security practices.
Recent estimates indicate that 57 per cent of the users of digital financial services in Egypt have been exposed to phishing attempts through messages, fake websites, or fraudulent calls, highlighting the scale of the phenomenon and its evolution into a daily threat.
Organised electronic fraud gangs use different schemes to steal from customers. Every member of the gang has a role in the phishing process, ranging from impersonating bank employees, making fake calls, or sending fake messages and links in attempts to deceive customers.
More dangerously, perhaps, is the fact that these gangs are not necessarily located in the same country where the crime takes place. Cross-border fraud groups, nicknamed accountant theft gangs, have emerged worldwide, exploiting digital security loopholes in some countries to target victims in other countries including Egypt.
Many of these fraudulent networks are headquartered in Western countries like the US and Canada.
Ironically, the present writer was targeted while investigating the issue. My personal bank account details were about to be compromised by a cross-border phisher, who hacked my credentials before I was able to stop him. He probably failed to withdraw any money as it was in Egyptian currency — or that was what I was told at the bank upon receiving an SMS informing me that my account had been temporarily suspended.
The bank asked me to change my credentials as a protective measure. I was informed that the phishing attempt was probably conducted by a fraudulent network headquartered in the US or Canada.
GROWING PHENOMENON: Egyptians are not the only ones targeted, of course. A 2026 report by the Russian research centre Kaspersky revealed that more than one million online bank accounts were compromised last year through information-stealing malware.
The report found that while traditional phishing attacks persist, new methods have also emerged. Fake online stores topped the list of account theft schemes, accounting for 48.5 per cent of all phishing attacks in 2025, a significant increase from the previous year. Spoofed banking service pages came second, representing 26.1 per cent of fraudulent activity, followed by fake payment system pages at 25.5 per cent.
The report also noted a decline in attacks targeting banks directly, reflecting the greater difficulty of spoofing banking platforms compared with other services and a trend that has pushed fraudsters to seek easier access to users’ funds.
In the Middle East, e-commerce accounts for 85.5 per cent of phishing attacks, while in Africa the banking sector remains the main target, representing 53.75 per cent of attacks. In Latin America, phishing attempts are more evenly distributed between e-commerce platforms and banks, whereas the Asia-Pacific region and Europe show a wider diversity of attack methods.
In attempts to curb electronic thefts, the Central Bank of Egypt (CBE) has been circulating messages to clients warning them against sharing or revealing their bank account details with any one on the phone or via messages. The banks always insist that updating accounts can only be done in a bank branch and not by phone.
However, not all clients are technology literate or able to listen. “In Egypt, the users are the big issue, not the technology,” Hatem Gaafar, president of the Court of Appeal, said.
Gaafar, who is also an expert in cybersecurity and digital evidence at the Arab League Academy for Judicial Training, explained that “phishers find it easier to deceive users into stealing their credentials than spoofing banking platforms to carry out electronic thefts.”
According to Gaafar, smishing is the most common scheme in digital fraud.
“This involves sending fake text messages bearing a bank’s logo and claiming there is a pending shipment waiting or prize money,” he said. He added that “vishing,” meaning fraudulent phone calls in which scammers impersonate bank employees to request updated personal data or PIN numbers, is another widely used tactic. In many cases, obtaining a OTP is enough to empty a victim’s bank account within minutes.
Gaafar also warned about the growing use of fake websites designed to closely mimic official banking or commercial platforms.
Fraudsters, he explained, are “increasingly exploiting messaging applications by hacking users’ accounts and impersonating friends or relatives to request urgent money transfers.”
“These scams rely primarily on creating a sense of urgency, fear, or greed rather than on technical sophistication,” he noted, adding that “the best defence is to pause communication and think carefully before responding or taking action as a result of such messages.”
This is particularly important, he said, “with the rise of artificial intelligence-based attacks that use deepfake audio to imitate voices.”
Gaafar also stressed the need for stronger legislation and dedicated awareness campaigns to confront this emerging form of cybercrime.
There are globally organised networks known as “Cybercrime-as-a-Service,” he said, which begin with the purchase of ready-made fake banking website templates from clandestine platforms on the Dark Web, sometimes for as little as LE100. These networks can acquire databases of phone numbers from illicit sources and use mass messaging tools and automated calling systems.
Gaafar explained that once a victim clicks on a spam link, their data is immediately stolen. Funds are then quickly transferred to five or 10 different e-wallets within minutes. The money is then withdrawn in cash through intermediaries, while digital currencies or fake accounts are used at the final stage to launder the proceeds.
Network addresses and devices are constantly changed to hinder tracking. Investigations indicate that 80 per cent of reported cases relied on e-wallets as the primary channel for dispersing stolen funds.
Amal Gad Al-Haq was a recent victim of such a cybercrime that cost her LE50,000 in losses. Unaware of vishing, she had responded to a scammer’s phone call requiring credentials for an ATM update, only to discover a few minutes later that she had fallen prey to fraudsters. A shocked Gad Al-Haq hastened to take legal action in the hope that she would retrieve her stolen funds but to no avail.
Gaafar noted that retrieving stolen funds through a legal path is technically complicated, despite the fact that the phishing process is known to the authorities.
Firstly, hackers use international platforms hosted on servers beyond the country’s borders, and thus they cannot be easily tracked. Secondly, phishers usually transfer stolen funds to accounts in neighbouring countries or into cryptocurrencies, which again makes retrieving the funds almost impossible.
Meanwhile, according to Gaafar, coordination among banks, technology companies, and state authorities remains largely inadequate. He pointed to a widening gap between attackers, who operate without restrictions, and institutions whose policies and technologies are constrained by regulatory, technical, and financial requirements in a disparity that often works in favour of cybercriminals.
He stressed that the most practical judicial, humanitarian, and technical solution would be the establishment of a joint 24/7 digital operations room to reduce response times from days to just a few hours.
SOLUTIONS: Mechanisms are already in place and even evolving to combat digital fraud.
According to Gaafar, the major banks already use artificial intelligence (AI) to monitor suspicious transactions like sudden fund transfers or money withdrawn from a mobile number not registered at a client’s bank.
Meanwhile, the National Telecommunications Regulatory Authority (NTRA) cooperates with the telecommunications companies to track suspicious wallet numbers. This cooperation has managed to indict some members of organised hacking networks, who have been sentenced to up to three years in prison and forced to pay fines exceeding LE1.5 million.
But more efforts are needed to curb digital fraud. Whereas the authorities managed to detect LE4 billion in digital fraud attempts in 2025, they could only recover LE116,800 of stolen funds.
“Precautionary procedures need to be accelerated, including freezing accounts once a suspicious transaction is detected, easing procedures for reporting fraud, and developing international cross-border cooperation mechanisms,” Gaafar suggested.
Mohamed Nour, a victim of electronic fraud, concurred. Nour had logged onto his bank website, only to discover that the website was a spoof and that LE10,000 was stolen from his account upon entering his credentials. Appalled by how the website had mimicked the original one, Nour hastened to report the incident to the bank. However, he did not recover his stolen funds, and since then he has decided to quit all Internet banking and do his transactions at a bank branch instead.
“Protection requires a shift from a defensive model to a proactive one,” Gaafar suggested. This is what the CBE has been trying to do by establishing an Internet Emergency Response Centre for the banking sector and issuing many controls and frameworks binding on the banks in this regard, such as SMS messages requiring authentication or developing biometric authentication applications
“In the meantime, the banks should reinforce smart behavioural monitoring systems that analyse customer usage patterns and automatically stop a transaction when anomalies or abnormal behaviours are detected,” Gaafar said. “Simplifying reporting channels within banking applications and linking them immediately to anti-fraud units is also a must.”
“It is important to increase the proactive partnership to exchange security issues among the banks, on the one hand, and between the banks and cybersecurity companies, on the other,” he added. “That partnership should preferably be administered through a network that works under the supervision of the authorities.”
The CBE has already issued its Financial Cybersecurity Framework, a pioneering mandatory regulatory standard for all banks and financial institutions in Egypt. It is meant to secure the financial sector, but it needs to be implemented more broadly and rapidly, according to Gaafar.
Awareness, however, remains key. Clients should be informed that banks never ask for confidential data or an OTP verification code on the phone and that any such request should be discarded immediately. Clients should also beware of clicking on links even when sent via friends.
“Enable two-factor authentication on all your accounts and use strong and unique passwords for every website,” Gaafar advised. “Keep your applications up to date, save your bank’s official fraud-reporting numbers, and keep 108, the cybercrime reporting hotline, readily available. It is also important to remember that writing down your PIN or sharing it with others may be considered gross negligence, potentially weakening your right to claim compensation in the event of fraud.”
TARGETS: According to Gaafar, investigations have revealed clear patterns in fraud targeting.
Pensioners, estimated at 11.5 million people in Egypt, are frequently targeted due to a combination of overconfidence, financial need, and, in some cases, limited digital awareness. Scammers often exploit these vulnerabilities through schemes involving assistance with pension disbursements or promises of reward and appreciation prizes.
Young people between the ages of 18 and 35 are also common targets because of their high level of digital activity and their tendency to respond quickly to attractive offers and opportunities.
According to Gaafar, a recent international study revealed that 53 per cent of Egyptians have been exposed to at least one electronic fraud attempt. The study also warned that 46 million active electronic wallets may be exposed to fraud if not sufficiently secured.
In the same vein, a recent parliamentary report revealed that, based on the analysis of 219 incidents of seizure between 2024 and 2025, a large percentage of criminal hotspots are concentrated in specific governorates. The absence of a standardised count does not mean fewer crimes, but rather it reflects the need for a centralised reporting system that protects victims and encourages reporting.
“Egyptian law provides a comprehensive legal framework to deal with these crimes, but it needs urgent development to keep pace with the rapid development of digital fraud schemes,” said Mohamed Mahmoud Mahran, a professor of public international law and a member of the American, European, and Egyptian societies of international law.
According to Mahran, Egyptian law defines cyberfraud crimes related to banks through three basic pieces of legislation. First, there is the Anti-Information Technology Crimes Law 175/2018, which is the backbone of combating cybercrimes in the country. Second, there is Egyptian Penal Code Law 58/1937 and its amendments for traditional financial crimes. Third, there is the Central Bank and Banking System Law 194/2020, which regulates the protection of customers’ financial data.
Mahran explained that Article 23 of the first law establishes a graduated penalty system for fraud involving bank cards and electronic payment instruments. The law imposes a minimum prison sentence of three months and a fine of at least LE30,000 on anyone who unlawfully accesses the data associated with such cards. The penalty increases to a minimum of one year in prison and a fine ranging from LE100,000 to LE200,000 if the offender successfully obtains another person’s funds or benefits through these services.
He noted that the article serves as a strong deterrent against phishing schemes that target victims’ financial data.
Mahran added that publishing fraudulent links or impersonating bank staff may also fall under Article 102 of the Penal Code, which penalises the deliberate dissemination of false news or rumours when such actions threaten public security or harm the public interest. This is particularly relevant when such deceptive practices undermine public confidence in the banking sector.
“International cooperation in prosecuting cross-border crimes is done through the Budapest Convention on Combating Computer and Internet Crimes of 2001,” Mahran told Al-Ahram Weekly, adding that Egypt is not a participant in the convention.
“Egypt relies on bilateral agreements to exchange legal and judicial assistance with other countries, but these agreements are slow and ineffective in confronting such crimes as electronic fraud.”
Regarding evidence-related challenges, Mahran identified five major obstacles facing victims. First, proving that the message or link originated from a fraudulent source rather than the legitimate bank requires a specialised technical report from the Department for Combating Computer and Internet Crimes. Second, victims must demonstrate that they were genuinely deceived and not complicit in the fraud, a particularly difficult task when data was voluntarily entered into a fake website.
Third, they must establish a causal link between the fraudulent act and the financial loss. Fourth, identifying the perpetrators is often challenging because many use VPNs and overseas servers to conceal their identities. Fifth, legal proceedings can be lengthy, often taking months or even years before a final judgement is reached.
Mahran emphasised that victims should act immediately upon discovering a fraud by notifying their bank to halt suspicious transactions and temporarily freeze the account. They should preserve all digital evidence, including e-mails, links, screenshots, and call records, and they should promptly file a report with the Anti-IT Crimes Department or the nearest police station.
Victims should also request a technical examination by the Department for Combating Computer and Internet Crimes, submit complaints to the CBE through its website or hotline (16777), report the incident to the NTRA, and seek legal assistance from a lawyer specialising in cybercrime cases.
Mahran further noted that the protection of bank customers’ rights in electronic transactions is governed by the Central Bank and Banking System Law. Article 7 of this grants the CBE the authority to protect customers’ rights and resolve related disputes, while Article 83 requires the banks to exercise due diligence, safeguard customer interests, and maintain effective internal controls in accordance with established banking rules and practices.
Mahran concluded that silence only “emboldens the criminals” and urged all victims to report incidents immediately, regardless of the amount lost, as “every report helps expose criminal networks and protect other citizens from similar crimes.”
* A version of this article appears in print in the 4 June, 2026 edition of Al-Ahram Weekly
Follow us on:
Short link:
Click Here For The Original Source.
