Dubai: The UAE's global ranking in internet security is little changed since last year, at 38th in the world for malicious activity, according to a recent Symantec Internet Security report. Users should not relax their vigilance.
While the country still ranks comparatively well in some areas, such as general spam, it fares worse in terms of the threats posed from harmful code resulting from phishing attacks.
According to Patrick Hayati, chief executive of McAfee, there are three types of threats. The first, he says, is the websites themselves, which can download malicious software, also called malware, on to the computer.
The second is hackers trying to gain access to an infected computer that is connected to the internet and use it for various purposes.
The third is the danger of a key-logger that can be imbedded in the computer that records usernames, passwords and credit card numbers as they are typed.
Within the realm of internet threats, the main concern is from phishing, Hayati says.
Phishing is an attempt to fraudulently acquire sensitive information by masquerading as a trustworthy entity, such as a bank.
Users are commonly guided to a deceptive website via e-mails, where they are asked to enter usernames, passwords and/or credit card numbers. The website may also attempt to download malware onto the user's computer.
To conquer internet threats, users need protection as well as awareness. Hayati says that phishing attacks are easy to identify if one knows the signs.
Signs come in the form of e-mails that ask for sensitive information, stress on urgent action required, those that offer monetary rewards in exchange of financial services and those that are unprofessional or lack personalisation.
But with e-business and e-commerce picking up in the UAE, users also need to be wary of financial risks. Users need to ensure that e-business or e-banking is carried out on websites that have a security certificate.
An SSL, or a secure sockets layer, is a way of ensuring the communication between a user's browser and the remote server (like a bank's server) is encrypted.
"The certificate proves the authentication of the site, since it is obtained after a process involving many security checks," says Rashid Majid Al Abbar, a senior manager for e-business services at etisalat.
"Banks in the country now notify users of the security certificate," Al Abbar said.
etisalat, a provider of the certificate, also provides a secure seal on sites that have obtained the certificate through them as an additional confirmation of the site's authenticity.
"Some banks have awareness campaigns to ensure customers log in on the correct site, and not through links sent in emails as part of the phishing attacks," he said.
The telecom provider has been working on creating awareness for banks on web security issues. "We tell them what measures they can take to further secure online banking," Al Abbar said.
But, overall, Ahmad Etman, a business development manager for security at Cisco, a supplier of networking equipment and management, believes security regulations in UAE are improving, mainly due to the influx of Western firms.
"There are more American and European companies coming in, which need to comply with their own standards, regardless of location. UAE is adopting their standards and making them local regulations," he says.
While awareness of internet-based risks is a must, users also need to be aware of what type of network they are using, since each poses its own risks.
Though wireless networks are convenient and widespread in the UAE, they could be more exposed to risk than hard-wired networks.
"Hackers can tap into wireless traffic and obtain sensitive information," Al Abbar says. Contrary to a GSM mobile network, where all data is encrypted, the wireless network can easily be tapped into, experts say.
While being popular spots to be connected and convenient locations for network games, internet cafes are not always up to the mark on security measures.
"Some cafes deploy Wi-fi without proper encryption or authentication of the customer," Al Abbar says.
Hayati says that if a user has sufficient protection on a computer, wireless networks shouldn't pose a threat.
Etman says wireless networks are more secure than hard-wired networks.
"Most wireless networks have at least the basic security," Etman says, while adding that sometimes, wired networks lack even that, allowing anyone to plug into the system and access corporate information and plant malware.