Online mask ads mystery revealed as Saudi banks launch cybersecurity campaign

RIYADH: The mystery surrounding a series of eye-mask adverts which have caused a stir on social media has been revealed with the launch of a new cybersecurity campaign by a group of Saudi banks.
The Khalaha Lek (keep it for yourself) initiative aims to raise awareness about financial fraud, explain how people can protect their personal information, and combat hackers and other online tricksters.
The banks participating in the program are Al-Rajhi Bank, NCB, Riyad Bank, SABB, Samba, ANB, Banque Saudi Fransi, Alinma Bank, The Saudi Investment Bank, Bank Albilad, Bank Aljazira, and Meem.
Financial fraud and phishing — where hackers posing as reputable organizations try to gain access to sensitive information — has increasingly become a problem not just in Saudi Arabia, but worldwide.
The Nilson Report, the leading global card and mobile payments trade publication, reported that global losses to fraud reached $27.85 billion in 2018, and are projected to rise to $35.67 billion in five years and $40.63 billion in 10 years.
According to a 2017 report by the Center for International Communication (CIC), the number of cases of bank fraud in Saudi Arabia are lower than most countries in the world.
However, at a time when rates of forgery and fraud in the industry have been rising steadily throughout the world, most cybersecurity experts still urge caution.
Muhammad Khurram Khan, professor of cybersecurity at King Saud University and founder and CEO of the Global Foundation for Cyber Studies and Research, told Arab News that people should not take the threat of phishing lightly.
“Phishing is a constantly growing global cybersecurity concern that uses social engineering techniques to target online users and has also become one of the top methods to perform ransomware attacks. It is estimated that over 90 percent of hacking attempts are performed by some sort of phishing scams and spam messages,” he said.
Khan urged users to carefully check their emails and messages to ensure that they were coming from a verifiable source.
“Phishing is the most favorite technique employed by cybercriminals to obtain personal and financial information by masquerading as a trustworthy organization.
“The price tag of a successful phishing attempt could cost tons of money in loss, business operations disruption, damage to the organization’s reputation, and hefty fines from regulatory bodies,” he added.
Saudi cybersecurity specialist, Abdullah Al-Jaber, told Arab News that the initiative could not have come at a better time, and he was pleased to see so many big-name banks throwing their weight behind it.
“It’s awesome that they tried to approach the public in a different way, rather than the usual text messages or emails that many people tend to ignore,” he said.
He also praised the focus on providing awareness to the public, and the emphasis on taking care of personal data.
“The videos they shared did touch on multiple ways of hacking, such as phishing campaigns using phone calls, emails, and texts. Those are the most common attacks that we see regularly here in Saudi and the GCC.
“It’s also helpful that they went public with the campaign during the G20 Summit, as with such events, hacking and cyberattacks tend to increase,” he added.
Khan said that a one-size-fits-all solution to protect against cyberattacks did not exist, but a combination of different strategies, solutions, tools, and services could help people to become more safety conscious.
“Equipping users and organizations with cybersecurity knowledge and awareness, the exercising of basic cyber-hygiene and best practices, and implementation of rudimentary cybersecurity controls could help to mitigate the risks and diminish the success of cyber incidents,” he added.
He also warned people not to click on web links in unsolicited emails or messages, and never to open email attachments from unknown sources.
“Similarly, we should avoid sharing our personal data and banking information with anyone impersonating a bank or an organization,” said Khan.
To help with this, the Saudi banks’ initiative has a dedicated team to assist users in ensuring the validity of any emails or messages they receive supposedly from the banks in questions. A form is available on the website at, where users can enter their information along with a screenshot of the received email to be evaluated by the team.