UAE alerts public: AI phishing scams now behind 90% of cyber breaches

The UAE Government’s Cybersecurity Council has warned of the growing risks associated with email fraud, noting that 75% of cyberattacks originate from fraudulent phishing emails.

The Council emphasized the importance of exercising caution when dealing with deceptive or fake emails used by cybercriminals to compromise electronic accounts—including personal accounts—and steal financial data, potentially exposing individuals and organizations to breaches and data theft. 

In an official statement published on its website, the Council explained that more than 75% of cyber intrusions begin with phishing emails or fake messages that may contain malware, aim to steal login credentials, or facilitate identity theft. It highlighted the dangers and consequences of such messages, noting the widespread nature of this type of fraud, which exploits gaps in user awareness and safe digital practices.

The Council revealed that over 3.4 billion phishing emails are sent every day worldwide, targeting large numbers of individuals to steal personal, financial, and sensitive information. Such data may later be used to launch cyberattacks, extortion schemes, or ransom operations.

 The Council stressed the importance of protecting personal data and outlined several indicators that can help identify phishing messages. These include emails requesting upfront payments, messages that pressure recipients into taking immediate action without proper consideration, requests for personal information without clear justification, offers that seem excessively attractive or suspicious, and messages prompting users to log in via unknown links.

 It also noted that emails containing spelling and grammatical errors are among the common signs of phishing attempts that may be used to compromise accounts and steal data.

The Council advised citizens and residents to follow a set of guidelines to protect themselves from fraudulent messages. These include avoiding clicking on suspicious or unknown links, refraining from scanning QR codes in public or untrusted locations, and safeguarding personal and login information by not sharing it with unverified entities.

It further emphasized the need to secure personal accounts—such as email and social media accounts that may contain sensitive information—by enabling multi-factor authentication and regularly updating systems and applications. Users are also urged to report any fraudulent or suspicious messages immediately, avoid engaging with them or their senders, and notify the relevant authorities to take appropriate action.

The Council underscored that the human element remains the most critical component in cybersecurity. Prompt reporting of phishing attempts or suspicious messages enables security teams to analyze threats and implement preventive measures swiftly, potentially averting serious security incidents.

It added that safety in cyberspace has become a major challenge, and that adherence to preventive measures and sound digital behavior supports ongoing government efforts to address digital threats driven by rapid technological advancements.

Notably, the Council’s awareness campaign “Cyber Pulse” forms part of the UAE’s broader efforts to build a secure cyber environment that protects users from evolving digital risks, keeps pace with technological progress, and enhances trust in the digital ecosystem. The initiative also aims to raise digital awareness among individuals and families and promote cybersecurity best practices to safeguard the privacy and security of citizens and residents amid accelerated digital transformation.

In its latest warning, the Cybersecurity Council stated that AI-powered phishing contributes to more than 90% of digital breaches. Cybercriminals are now capable of crafting messages that appear fully credible, using advanced technologies to eliminate typical warning signs and design highly sophisticated scams that are difficult to detect.

The Council urged users to remain vigilant before clicking on any links and to verify advertisements, message sources, and any requests involving personal or financial information before disclosing sensitive data.

The Council further noted that artificial intelligence technologies have fundamentally transformed fraud tactics and methods. Complex operations can now be executed within seconds, increasing the risks of cyber fraud—particularly AI-driven scams—and underscoring the need for enhanced awareness of these evolving threats.

 It explained that such technologies make detecting fraud more challenging by enabling scammers to produce highly convincing content, including voice cloning, manipulation of logos to appear official, refinement of language and design to near perfection, and framing scams as urgent security requests. Fraudulent links are also made to appear legitimate, contributing to the rapid escalation of technology-enabled cybercrime.