EN
Within hours of Iranian missiles striking Dubai on February 28, 2026, scammers were already on the phone. While residents sheltered from explosions near the Palm Jumeirah and Dubai International Airport was struck by a suspected airstrike, fraudsters were cold-calling UAE residents claiming to be from a fictitious “Dubai Crisis Management” department — a fake government body falsely tied to Dubai Police.
Their goal was not to help. It was to steal UAE Pass credentials and Emirates ID details — enough information to execute a SIM swap attack and drain victims’ bank accounts through mobile banking apps.
Dubai Police officially confirmed the scam and issued a public warning on March 1, 2026: “Dubai Police affirm that they do not request confidential information or verification codes via telephone calls or text messages under any circumstances.”
This was not opportunism. It was a pre-planned operation waiting for a crisis to deploy. The same playbook has been used after hurricanes in the US, COVID lockdowns worldwide, and earthquake emergencies across Asia. Understanding how it works could save your bank account — and your identity.
In a Nutshell
Golden rule: No real government agency will ever call you to request passwords, verification codes, Emirates ID, UAE Pass credentials, or banking details.
The Dubai Crisis Management scam was not improvised. It followed a precise, tested sequence that government impersonation scammers use worldwide. Understanding each step makes the scam easier to recognise in future:
① Monitor the news
Scam operations actively monitor breaking news events, natural disasters, security incidents, and political crises, for opportunities to deploy impersonation scripts.
② Activate the operation within hours
Within hours of the Dubai missile strikes, call centre operators began contacting UAE residents. Speed is deliberate — fear is highest immediately after an event.
③ Spoof official caller ID
The calls appeared to come from official-looking numbers. Modern spoofing technology allows scammers to display any phone number they choose.
④ Claim a fictitious department
"Dubai Crisis Management" does not exist. Scammers create plausible-sounding department names that victims cannot easily verify in a moment of stress.
⑤ Create immediate urgency
Victims were told their accounts or identities were at risk due to the crisis and needed urgent verification. Fear overrides critical thinking.
⑥ Request sensitive credentials
UAE Pass login details and Emirates ID numbers were requested — enough to perform a SIM swap and take over mobile banking.
⑦ Execute the SIM swap
With the credentials, scammers contact the victim’s mobile carrier, transfer the phone number to a SIM they control, intercept banking OTPs, and drain accounts.
"Dubai Crisis Management." "National Emergency Coordination Bureau." "Digital Safety Response Unit." These names sound real. They’re invented. Scammers deliberately create plausible-sounding department names because, in a moment of panic, most people don’t stop to verify whether they exist. Real government bodies have verifiable names, website presence, and official contact channels. Fictitious ones don’t.
What to do: Before engaging with any caller claiming to represent a government body, hang up and search the department name on the official government website. If it doesn’t appear, it doesn’t exist.
The crisis is real. The fear is real. The scammer is not. Government impersonation scammers time their operations to coincide with events that generate maximum fear and minimum scepticism: missile strikes, earthquakes, disease outbreaks, and major cyber incidents. The urgency they create is borrowed from the real event, which is why it feels so convincing. But real government agencies do not contact citizens individually by phone in the hours after a crisis to request personal verification.
What to do: Ask yourself: Is this call urgent because of a genuine personal risk to me, or because a news event is making me feel afraid? If the answer is the latter, hang up
This is the clearest red flag of all — and the one that Dubai Police emphasised explicitly: "Dubai Police affirm that they do not request confidential information or verification codes via telephone calls or text messages under any circumstances." This is universally true. No real government agency, police force, bank, or utility company will ever call you to request your UAE Pass credentials, Emirates ID number, one-time passcodes, PINs, or banking passwords. Ever. If a caller requests any of these, the call is a scam. No exceptions.
What to do: Hang up immediately. Do not provide any information. Call the official government number you find on the official website to report the attempted fraud.
"Your account will be frozen unless you verify now." "We need to protect you before the window closes." "This call is being recorded and your cooperation is required." Pressure is the operating mechanism of all impersonation scams. It overrides critical thinking and prevents victims from hanging up to verify. Real government agencies send written notices, allow time to respond, and have formal processes — they do not create telephonic emergencies that expire in minutes.
What to do: Any pressure to act immediately, without time to verify, is a manipulation tactic. The correct response is always to slow down, not speed up.
Yes — and quickly. The FTC received over 330,000 government impersonation complaints in 2025, a 25% year-on-year increase, with losses from government impersonation fraud reaching $405.6 million in the US alone.
Advances in technology are also making these scams more convincing. AI tools can clone voices, generate convincing messages, and automate large-scale scam campaigns. Combined with caller ID spoofing and messaging platforms, criminals can reach thousands of potential victims within minutes of a crisis.
Despite these advances, the rule remains simple: no legitimate government agency will call you to ask for passwords, verification codes, or personal ID details.
If you receive a suspicious call, the safest response is to hang up and contact the government agency using the official phone number listed on its website.
Government impersonation scams succeed because they exploit fear during real-world crises. The Dubai example shows how quickly criminals can act when breaking news creates confusion and urgency. Remember the key rule: if someone claiming to represent a government agency asks for passwords, verification codes, or personal ID details over the phone, it’s almost certainly a scam. Hanging up and verifying the contact through official channels can protect both your identity and your bank account.
Adam Collins is a cybersecurity researcher at ScamAdviser who operates under a pseudonym for privacy and security. With over four years on the digital frontlines and 1,500+ days spent deconstructing thousands of fraud schemes, he specializes in translating complex threats into actionable advice. Adam’s mission is simple: exposing red flags so you can navigate the web with confidence.
