UAE authorities warn residents against fresh phishing tactics

Abu Dhabi: The UAE Cybersecurity Council has emphasised that phishing attacks succeed only when victims respond to fraudulent messages and deceptive offers. It warned the public against clicking on links received without verifying their authenticity.

The council identified six common phishing tactics that rely on “social engineering” including:

1. Email Phishing: Cybercriminals use fake emails that appear to be from banks or trusted companies to trick victims into clicking on malicious links or sharing their passwords.

2. Vishing (Voice Phishing): Fraudsters make phone calls impersonating representatives of trusted institutions to steal personal information, such as account details or security codes.

3. Smishing (SMS Phishing): Scammers send deceptive text messages with enticing links or fake reward offers, which can lead to malware downloads or data theft.

4. Baiting: Fraudsters use free downloads or gift offers to lure victims into unknowingly installing malicious software that threatens their personal data and privacy.

5. Pretexting: Cybercriminals create fake scenarios, such as posing as technical support teams, to gain victims’ trust and obtain sensitive data.

6. Quid Pro Quo Scams: Scammers offer fake technical support services or fraudulent gift vouchers in exchange for sensitive information.

Awareness campaign

The council shared an awareness video on its official X account, titled “Phishing: From Deception to Breach”, warning that cybercriminals design fake messages and websites that closely mimic trusted entities. These fraudulent communications, sent via email, text messages, or advertisements, are crafted to deceive users into believing they are legitimate.

The council provided examples of phishing messages, including:

• “Alert: Your password expires today. Please urgently update your banking information.”

• “Urgent: Unauthorised login attempt detected.”

It warned that victims fall into the trap by clicking on links or providing sensitive information, thinking they are securing their accounts. However, stolen data is used for fraud or sold on the dark web for profit.

The council highlighted that phishing attacks are designed to manipulate victims into taking immediate action—such as updating account details—tricking them into revealing confidential information. Once obtained, this data is exploited for fraud or sold online.

The Cybersecurity Council urged individuals to verify messages and protect their personal and banking information. It emphasised the dangers of social engineering attacks, where cybercriminals impersonate trusted identities using fake messages, deceptive calls, and fraudulent offers. The council advised users to safeguard themselves by verifying sources, avoiding suspicious links, and recognizing that legitimate entities never request sensitive information.

Exploiting trust

The council explained that social engineering attacks are designed to manipulate victims by gaining their trust to steal personal information. These scams may begin with a simple fake email or an unexpected call from a “bank” requesting account verification.

Signs of a social engineering scam include:

• Fake links

• Alerts of suspicious login attempts requiring action within 24 hours

• Messages stating that a payment has failed, urging immediate action to avoid account suspension

• Fraudulent warnings such as “Your account has been hacked.”

• Suspicious offers like “Get 50% off any purchase by filling in your details.”

How to defend oneself

To counter these threats, the council advised:

• Verifying sources by directly contacting official channels

• Checking emails for spelling errors or suspicious domains

• Avoiding impulsive clicks on links or downloads

As part of the “Year of Community 2025” initiative, the Cybersecurity Council launched a new awareness campaign in collaboration with Abu Dhabi community councils to enhance digital security for families and society. The campaign aims to educate individuals on major cyber threats and best protective measures, including safeguarding children online.

It reiterated warnings about identity theft and phishing scams on social media. Cybercriminals exploit personal details such as names and addresses for identity theft. Credit card information is frequently traded on the dark web for fraudulent transactions.

The council warned that if personal data, emails, or passwords are compromised, hackers can gain access to private accounts. Social media activity also creates detailed profiles that increase the risk of phishing attacks.

Guard personal data

To protect personal information, individuals should:

• Use unique, complex passwords

• Always verify links and emails before clicking

• Enable multi-factor authentication (MFA) on all devices and accounts

• Make regular software updates

• Use biometric security (Face ID or fingerprint)

• Use strong passwords and MFA

• Controlled app permissions

• Secure cloud backups

• Disable unnecessary location tracking

• Activate anti-theft security features

• Fraudulent E-Commerce Schemes