Even if you think you have a trained eye, a phishing email can stump you. Imagine receiving an email with the subject line: ‘Accepting refund of bill’, with the sender showing up as the government department that manages your utility services.
Open the email, and the format looks the same as your usual monthly bill notification – the official logos are there on top, the colours used as well as the font are exactly what you are accustomed to. The language, too, is official: “We apologise for the accidental overcharge on your bill. To rectify this promptly, please accept the refund for the excess amount.”
But pay just a little more attention and you will start seeing the red flags. Instead of the refund being sent to your account automatically, which is what usually happens as all the systems in the UAE are digitised, the email asks you to click on the link ‘accept online’.
Tap on the sender’s name and you can see the actual domain name – a random website registered in another part of the world.
Why you shouldn’t click on a link too quickly
Over the past few months, government departments from the Dubai Electricity and Water Authority (Dewa) to the Telecommunications and Digital Government Regulatory Authority (TDRA) have been raising awareness about such phishing scams – what may look like an official email from a government entity, could lead to you getting hacked or losing money. In fact, the Dubai Electronic Security Centre (DESC), has even released a web extension, which you can use to detect phishing scams.
Also read
What is a phishing attack?
Phishing attacks refer to the practice of sending fraudulent communications – often via email – that appear to come from a reputable source, according to Cisco Systems Inc., a multinational digital communications technology company. The goal is to steal sensitive data like credit card and login information, or to install malware on your machine.
You may come across a phishing email in the form of emails or text messages from postal or courier companies, asking you to pick up undelivered parcels or as a Know Your Customer (KYC) email claiming to be from a service provider.
UAE’s Cybersecurity Council has also previously alerted users against a surge in scams targeting residents via messaging apps, especially those related to job offers. The authority asked residents to be cautious of:
• Unexpected high-paying job offers.
• Simple tasks with high rewards.
• Offers from unfamiliar companies.
• Guaranteed jobs without qualifications.
• Requests for personal or account information.
Three ways you can spot a scam message
Accounts impersonating an official authority can try to scam you via email, text messages or Whatsapp. Here is what you should look out for:
1. Double check the complete email address
Pay attention to the email address. Hackers will use domains that are similar to or resemble the brand they are trying to target. Also, by tapping on the sender’s address name, you will be able to view the complete email address of the sender. The domain name, which follows the ‘@’ in the email address will show where the email is actually coming from.
2. Ignore and report an email with a payment link
Do not entertain any email where you are required to click on a link to complete a shipment delivery or claim a benefit.
3. Look at the number in case of a Whatsapp message
If you have received an alert though Whatsapp, it is important to check the phone number and not just view the display picture, which may show an official logo. Most government entities have Whatsapp accounts with their official customer service numbers. Also, the Whatsapp account would be verified, which is identified by a green check mark.
