As enterprises in one of the Gulf’s richest economies take to remote working, their employees are at risk of falling into traps set by online scammers, who are finding new ways to exploit the confusion surrounding the pandemic.
In the Middle East, the UAE is among the countries that are most vulnerable to these attacks. As of January 2020, the country had 9.73 million internet users, with an internet penetration rate of 99 percent, according to consultancy DataReportal.
Reliance on the internet has increased exponentially since the beginning of the Covid-19 outbreak, which has sent scores of users scurrying to online platforms for everything from grocery purchases to money transfers.
To protect users from fraud and cybercrime, the UAE Banks Federation (UBF), the Central Bank of the UAE (CBUAE), Abu Dhabi Police, and Dubai Police launched the country’s first national fraud awareness campaign last month.
The initiative, which is expected to run till the end of the year, seeks to raise awareness on different kinds of cyberscams, including SIM swap fraud, phishing, vishing, lottery scams, and email redirection fraud.
Authorities issues warnings about cyberscams
“This is a serious threat to society that must be addressed, particularly under these challenging circumstances where fraudsters are taking advantage of the fear and uncertainty created by the COVID-19 outbreak,” UBF chairman AbdulAziz Al Ghurair said in a statement.
Reports of fake offer letters meant for medical practitioner roles have been doing the rounds, and so have been phishing emails that promise airline ticket refunds to customers. The growing number of cases forced Dubai’s flagship airline carrier Emirates to put out an alert on its website urging customers to practice caution.
“We’ve been alerted to recent email phishing attacks that contain the subject “Your flight is cancelled: collect your refund”. These are not emails sent from Emirates,” the company said.
Instances of fraud are not new in the country.
From the beginning of 2019 up until February this year, the Abu Dhabi Police arrested multiple “criminal gangs” including 142 fraudsters who were involved in vishing attacks – phishing attacks that try to lure their target via SMS message and voice calls. The fraudsters were posing as bank employees and asking customers to disclose their bank details and personal information.
Last year, a local bank was held responsible by Dubai’s authorities for a SIM card swap fraud that cost a customer AED 4.7 million (US$1.3 million) in life savings. This type of scam occurs when criminals exploit a weakness in two-factor authentication and verification in which the second step is a text message (SMS) or call to a mobile phone number.
Phishing poses risks for enterprises
Enterprises in the country are also at risk of being compromised by hackers.
Cybersecurity firm Mimecast released a report last year, which includes insights from 1,025 global IT decision makers. In the UAE, the report found that phishing or impersonation attacks – emails that impersonate a trusted individual or firm – increased by 75 percent, with 77 percent of those organizations having taken a direct hit in the form of loss of customers, financial loss, and data loss.
Globally, phishing attacks were the most prominent type of cyberattack, the Mimecast report says, with 94 percent of respondents having experienced phishing and spear phishing attacks in the previous 12 months and 75 percent citing seeing an increase in phishing attacks over the same time period.
Meanwhile, Gulf countries, and in particular Saudi Arabia and the United Arab Emirates, are increasingly becoming the targets of sophisticated cyberattacks that are aimed at stealing personal data and, in some cases, exposing state secrets.
UAE-based cybersecurity firm Dark Matter said in a report that breaches in the Middle East are “widespread, frequently undetected, and increasingly appear to be state-sponsored.”
This comes against the backdrop of growing technology adoption by enterprises and institutions in the Middle East. The region’s online marketplaces have been expanding with an annual growth of 12 percent, and the number of users with access to the internet is rising particularly since the 2011’s Arab spring, according to the Konrad Adenauer Foundation.
However, some countries have taken steps to secure their vital infrastructure and data against potential attacks. For instance, UAE’s National Cybersecurity Strategy involves the implementation of a comprehensive legal and regulatory framework that will cover all types of cybercrimes, secure existing and emerging technologies and protect small and medium enterprises against most common cyber threats.
Saudi Arabia has set up a National Cybersecurity Authority, which works closely with public and private entities to improve the cybersecurity of the country in order to safeguard its vital interests, national security, critical infrastructures, high-priority sectors, government services and activities. The Kingdom’s oil resources and location in a region rife with geopolitical tensions have long made it an obvious target for cyberattacks.