UAE Cybersecurity Council warns public of six social engineering scams

Social engineering is one of the most effective methods for breaching electronic systems

Last updated:
Ali Al Hammadi, Reporter
2 MIN READ
Social engineering is used as a powerful tool by cybercriminals, who collect basic information about individuals.
Social engineering is used as a powerful tool by cybercriminals, who collect basic information about individuals.
Supplied

In today’s digital world, cybersecurity is one of the most rapidly evolving fields, with constant challenges in combating a wide range of cyberattacks that threaten the privacy of individuals and organizations.

Among these threats, social engineering stands out as one of the most effective methods for breaching electronic systems. Instead of directly targeting technological systems, attackers exploit their understanding of human nature and behavior.

The UAE Government’s Cybersecurity Council stated that social engineering is used as a powerful tool by cybercriminals, who collect basic information about individuals, build personal connections with them, or interact with their posts. They then exploit this trust to uncover vulnerabilities before disappearing once they have obtained the required information. The Council stressed that anything you would not share publicly in person should not be posted online or on any social media platform.

On its official social media accounts, the Council warned: “Do not give scammers the chance to steal your information. They may impersonate people you trust, relying on social engineering to exploit your vulnerabilities and trick you into revealing your personal data. Always verify messages before sharing any information, and outsmart them—your awareness is your first line of defense in the digital world.”

Six common fraud techniques

The Council highlighted six fraudulent techniques used in social engineering:

  1. Email Phishing – Sending fake emails that appear to come from banks or trusted companies to trick recipients into clicking malicious links or sharing their passwords.

  2. Vishing (Voice Phishing) – Attackers make phone calls pretending to be representatives of legitimate organizations to steal personal details such as account numbers or confidential data.

  3. Smishing (SMS Phishing) – Fraudulent text messages containing urgent claims, enticing links, or fake reward offers that lead victims to malicious software downloads or personal data theft.

  4. Baiting – Enticing victims with free downloads or gifts that actually contain malicious software compromising data security and privacy.

  5. Pretexting – Criminals fabricate convincing false stories to win the trust of individuals and lure them into sharing sensitive information.

  6. Quid Pro Quo Scams – Fraudsters offer fake technical support or “gifts” such as shopping vouchers in exchange for personal information.

The Council warned that cybercriminals often employ fake links, urgent messages, impersonated identities, malicious attachments, and “too good to be true” offers to trick victims and steal their data.

What is social engineering?

Social engineering is a collection of tricks and techniques used by attackers to exploit human trust or inattention in order to achieve their goals—whether by obtaining sensitive information or gaining access to protected systems.

It relies on studying individuals’ behaviors to identify exploitable weaknesses, such as psychological temptations, emotional manipulation, or social pressure.

Main types of social engineering attacks

  1. Phishing – The most common form, where attackers send emails that appear to come from trusted sources, tricking victims into revealing sensitive details like passwords or bank account information.

  2. Vishing (Voice Phishing) – Using phone calls or voice messages to convince victims to disclose confidential information, often by posing as official company representatives.

  3. Smishing (SMS Phishing) – Sending text messages with malicious links designed to trick victims into downloading harmful software or entering personal details on fake websites.

  4. Social Engineering via OSINT (Open-Source Intelligence) – Gathering publicly available information online, such as from social media, to craft highly targeted and convincing attacks.

Sign up for the Daily Briefing

Get the latest news and updates straight to your inbox

Up Next