UAE · DUBAI POLICE WARNINGJune 12, 20267 min read

Dubai Police say one phone call cost a man his entire Dh800,000 loan. How does a "bank app update" empty an account?

On 11 June 2026, Dubai Police warned UAE residents about a scam that does not break into a bank at all — it talks you into opening the door yourself. A caller claims to be from your bank, says your app must be "updated" or "re-verified", and threatens to freeze the account if you do not act now. One Dubai resident, Gulf News reported, lost Dh800,000 — the whole bank loan he had just been granted — after installing a fake app and handing the caller remote access. The interesting question is not how the technology works. It is why a calm, competent adult does exactly what the voice on the phone asks.

June 11
Dubai Police issued the warning
Dh800k
One victim's entire bank loan, gone
Mar 2026
CBUAE deadline to retire SMS/email OTPs
901
Dubai Police · report at eCrime.ae
The short answer

On 11 June 2026 Dubai Police warned about a remote-access banking scam, citing a Dubai resident who lost Dh800,000 — an entire bank loan — to a caller posing as his bank. The script: an unsolicited call claims your banking app needs an urgent "update" or "re-verification", threatens an account freeze, and walks you into installing a fake app or a remote-access tool that lets the criminal see your screen and move your money. No real bank pushes an app update by link or phone, and no real authority asks for remote access — the UAE Central Bank is even retiring SMS and email one-time passcodes by 31 March 2026 to shut down this exact interception. The defence is unchanged: hang up, and call your bank back on the number printed on your card. To report in Dubai: ecrime.ae or 901.

"Never download applications that allow remote access to smartphones at the request of unknown callers."

— Major Saud Abdulrahman Al Khazraji, General Department of Criminal Investigation, Dubai Police, as reported by Gulf News (11 June 2026).

Most scam coverage stops at the number. Dh800,000 is a large loss, and it deserves a pause — but the figure is not the lesson. The lesson is in the mechanics, because this scam never touches the bank's systems. It works entirely on the customer, and it is built to make the most sensible response feel like the dangerous one.

If you just want the practical takeaway, skip to what to do. The short version: no real bank updates its app through a link or a phone call, "remote access" is the whole con, and the move that defeats every version is to hang up and call your bank back yourself.

What Dubai Police actually described

According to the warning, reported by Gulf News on 11 June 2026, the sequence ran like this. A cold caller claimed to be from the victim's bank. In conversation, the victim mentioned he had just been approved for a loan — a detail the criminals seized on. The "bank" told him a new app was required to update or secure the account, and warned that the account would be frozen if he did not act. He was guided through installing a fake app that granted remote access; the funds were then moved out across several accounts to obscure the trail.

Notice what is doing the work here. There is no malware breaking through the bank's defences and no stolen password guessed by a computer. There is a phone call, a manufactured deadline, and a request that sounds like help. Dubai Police's own advice cuts to the single point of failure:

"Never disclose bank account details, card information, loan details or information relating to financial facilities to anyone claiming to represent a bank or financial institution."

— Dubai Police, via Gulf News (11 June 2026).

How the "update" becomes remote control

The word "update" is the disguise. What you actually install is either a counterfeit version of your banking app or a legitimate remote-access tool — the kind IT departments use to fix a computer from afar — pointed at the criminal instead. Once it runs, the caller can see everything on your screen in real time: your balance, the messages your bank sends, the one-time passcode that flashes up to approve a transfer. They do not need to steal your password if you are reading it out to them, or if they can watch it arrive.

A recreated example of a fake UAE bank text message: a generic 'Bank Alert' sender claims the customer's mobile banking app must be re-verified under new Central Bank security rules within 24 hours, with a defanged lookalike link, followed by a second message saying a support agent will call to guide the update — shown beside red-flag tells that banks never push app updates by link, that 'verify' means handing over remote access, and to hang up and call the number on your card.
A recreated example of how the approach often starts — an urgent 'bank' text pushing an app re-verification link, then a promised 'support call'. The sender is generic on purpose: scammers spoof whatever bank name fits. Example only; not a real message, link disabled.

The text above is one common opener; in the Dubai case the pressure came by phone. Either way the structure is identical — urgency, a threat to your account, and an instruction to install something. And there is a sibling version arriving by email: Khaleej Times has reported UAE residents receiving fake invoices that appear to be from McAfee or PayPal, claiming a charge has already been taken and pushing you to call a number to "cancel" — where, once again, you are talked into granting remote access to your computer. Same engine, different envelope.

Here is the rule that collapses the whole scam: no legitimate company will ever ask you to install software that lets them control your phone or computer — and a real bank app updates only from the App Store or Google Play, never from a link. The moment "remote access", "AnyDesk", "screen share" or "install this to verify" enters the conversation, you are being robbed, not helped.

Why this warning lands now

There is a regulatory backdrop that makes the timing sharp. The UAE Central Bank has told banks to retire SMS and email one-time passcodes by 31 March 2026, moving customers to stronger in-app authentication — precisely because codes sent by text can be read, intercepted or talked out of people. That is the official direction of travel: make the passcode harder to steal. The remote-access scam is the criminal counter-move. If they cannot intercept the code in transit, they will simply watch you receive it, by sitting inside your screen. The technology arms race is real; the human one is the same as it has always been.

It is worth saying plainly, because the shame around these losses keeps them quiet: the Dubai victim was not careless. He was approached at the exact moment a real loan made a "bank security" call plausible, and he did what a cooperative customer is trained to do. That is not a failure of intelligence. It is a scam engineered around trust and timing — which is why the only reliable defence is a habit, not a hunch.

What to do

1Treat any unsolicited call, text or email about your bank account as a scam until you prove otherwise — especially one that creates a deadline or threatens to freeze your account.
2Never install an app or 'update' from a link, and never grant remote access (AnyDesk, screen-share, 'verification' software) to anyone who contacted you. Your bank's app updates only from the App Store or Google Play.
3Hang up and call your bank back on the number printed on the back of your card — not the number that called you, and not one from the message. If it was really your bank, they will be there.
4Never read out or type a one-time passcode for anyone on a call. A code approves a transaction; if someone needs yours, they are making a transaction as you.
5If money has already moved, call your bank immediately to freeze the account and attempt a recall, then report it — in Dubai via the Dubai Police eCrime platform (ecrime.ae) or 901, in Abu Dhabi via the Aman service on 8002626 or SMS 2828. The first hour matters most. See the recovery playbook for the order of operations, and our UAE reporting guide for every channel.
Expect a "recovery" call next. People who have just lost money are the prime target for a second scam — someone posing as the police, the bank, a regulator or a "fund recovery" agency, promising to get the money back for an upfront fee. No legitimate body ever charges a fee to recover your losses. If a contact follows the theft asking for money or more details, it is the next con, not the cure — we take the pattern apart in the recovery-scams piece.
From the field. The detail that should stay with you from the Dubai case is the timing: the call worked because a real loan had just made a "bank security" conversation believable. Scammers do not pick victims at random — they ride a moment when their story fits your life. That is why the defence cannot be "be more suspicious in general"; suspicion fades under a calm, official-sounding voice and a ticking clock. The defence is mechanical: you do not act on an inbound contact about your money, ever — you end it, and you reach the institution yourself, on a number you already had. Boring, repeatable, and the one thing the scam cannot survive.

If you take one thing from the Dubai Police warning, take this: your bank will never ask you to install an app or grant remote access to "secure" your account — so the call that asks is the theft, and the cure is to hang up and dial the number on your card.

Got a "bank security" call or a suspicious app request? Send it to us first.

Paste the message, the number, the app you were asked to install. A real expert reviews every case and replies within 24 hours. Free, confidential, no pressure.

Submit a free case review →Try the Scam Checker

Common questions about the UAE fake bank-app scam

What is the UAE 'fake banking app' scam Dubai Police warned about?

It is a remote-access fraud. A caller poses as your bank, says a 'new app update' or 'security re-verification' is required to keep your account active, and pressures you with a threat to freeze the account. You are sent a link to install a fake app — or a remote-access tool — and once it is installed, the criminals can see your screen and move your money. Dubai Police publicised the warning on 11 June 2026 alongside a real case in which a Dubai resident lost Dh800,000, the entire value of a bank loan he had just taken out. According to Dubai Police, the funds were quickly moved across several accounts to hide the trail.

How much did the victim lose, and how did it happen?

According to Dubai Police, reported by Gulf News on 11 June 2026, a Dubai man lost Dh800,000 — his whole newly-issued bank loan. The chain: a cold caller claimed to be from his bank, the victim mentioned he had just taken a loan, the 'bank' said a new app was needed to update the account, threatened to freeze it, and walked him through installing a fake app that granted remote access. The money was then transferred out across multiple accounts. The loss was not a hack of the bank — it was the victim being talked into handing over control.

Will my bank ever ask me to update its app by a link or phone call?

No. A legitimate banking app updates only through the Apple App Store or Google Play — never through a link sent in a text or email, and never because someone on the phone told you to. No real bank, and no real authority, asks you to install software that lets them control your phone or computer. The UAE Central Bank is in fact moving away from SMS and email one-time passcodes entirely, setting a 31 March 2026 deadline for banks to retire them in favour of stronger in-app authentication — a direct response to exactly this kind of interception fraud. If a caller asks you to download anything or grant remote access, that is the scam.

How do I report a banking scam in the UAE?

If money has moved, call your bank immediately on the number printed on the back of your card to freeze the account and attempt a recall — speed matters most in the first hour. Then report the crime: in Dubai, use the Dubai Police eCrime platform at ecrime.ae or call 901. In Abu Dhabi, use the Aman service on 8002626, by SMS to 2828, or email aman@adpolice.gov.ae. You can also report a spam or scam SMS by forwarding it to 2828. Keep screenshots, the caller's number, the app you were asked to install, and your transaction references.

I already granted remote access or installed the app — what should I do now?

Act fast and in order. Put the phone into airplane mode or disconnect it from the internet to cut the attacker's access, then uninstall any app the caller told you to add. From a different, trusted device, change your online-banking password and call your bank on the number on your card to freeze accounts and dispute any transfers. Report to Dubai Police eCrime (ecrime.ae / 901) or Abu Dhabi's Aman service. Do not engage anyone who then contacts you offering to 'recover' the money for a fee — that is a second scam targeting people who have just been hit.

Sources & further reading

Claims in this piece are attributed to these sources. Click any of them to verify.

Gulf News — Dubai man loses Dh800,000 in fake banking-app scam (11 Jun 2026)Gulf News — UAE banks phase out SMS/email OTPs by March 2026 (CBUAE Notice 2025/3057)Dubai Police — eCrime reporting platformKhaleej Times — fake-invoice email + remote-access waveUAE Government — reporting cyber crimes (Aman / eCrime)

Keep reading

UAE · WHERE TO REPORT
Scammed in the UAE? Where to report it — eCrime, Aman, and your bank
THE FAKE-OFFICER CALL
The 'digital arrest' scam: how a fake police call empties an account
THE SECOND SCAM
Recovery scams: why 'we'll get your money back for a fee' is the next con