Cyber Strategy
Cyber Secure
Cyber Operations
Cyber Response
Cyber ResilienceGot an email or online message? Follow these 7 steps to ensure it is not a scam
Our Co-founder & CISO, Shah Sheikh spoke to Gulf News about how to recognize and avoid a phishing scam.
You wake up and have a seemingly endless number of notifications – WhatsApp, email, social media and SMS. Scanning through all the communications you receive can be tricky – one misstep and you may end up being a victim of an online fraudster.
In 2021 alone, governments worldwide saw a 1,885 per cent increase in ransomware attacks, and the healthcare industry faced a 755 per cent increase in those attacks in 2021, according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company. But government and organizations alone are not a target of cybercriminals – the average online user can be an easy target, too.
In the UAE, police authorities and the Telecommunications and Digital Government Regulatory Authority (TDRA) regularly issue awareness messages to keep online users safe.
This week, Dubai Electricity and Water Authority (DEWA) also warned users to not fall prey to fraudulent messages asking users to pay their bills, answer questions or forward messages to win prizes.
But why do people fall prey to cyber attacks, despite being aware of the problem? And how can you identify a fraudulent message?
Got an email or online message? Follow these 7 steps to ensure it is not a scam
Our Co-founder & CISO, Shah Sheikh spoke to Gulf News about how to recognize and avoid a phishing scam.
You wake up and have a seemingly endless number of notifications – WhatsApp, email, social media and SMS. Scanning through all the communications you receive can be tricky – one misstep and you may end up being a victim of an online fraudster.
In 2021 alone, governments worldwide saw a 1,885 per cent increase in ransomware attacks, and the healthcare industry faced a 755 per cent increase in those attacks in 2021, according to the 2022 Cyber Threat Report released by SonicWall, an internet cybersecurity company. But government and organizations alone are not a target of cybercriminals – the average online user can be an easy target, too.
In the UAE, police authorities and the Telecommunications and Digital Government Regulatory Authority (TDRA) regularly issue awareness messages to keep online users safe.
In January 2022, Dubai Police issued detailed tips on how users can stay safe. Similarly, Abu Dhabi Police, the UAE Public Prosecution and TDRA regularly share tips on how users can protect themselves against cybercrimes.
This week, Dubai Electricity and Water Authority (DEWA) also warned users to not fall prey to fraudulent messages asking users to pay their bills, answer questions or forward messages to win prizes.
But why do people fall prey to cyber attacks, despite being aware of the problem? And how can you identify a fraudulent message?
According to Shah Sheikh, Co-founder and Cybersecurity Advisor at DTS Solution, this is because cyberattacks can vary from being very simple in nature, to highly sophisticated. While you may be able to spot a scam email from an allegedly wealthy dying man in a different country, who wishes to bequeath his wealth to you, cyberattacks are no longer limited to such outlandish offers. Sometimes, it may just be a social media user direct messaging you for help or an email from an established company asking you to pay your bills.
“Email phishing is one method but instant messaging through WhatsApp and other social media channels is also proving to be a big success for cyber criminals, as the interaction rate on these platforms is a lot higher,” Sheikh said.
“Cyberattacks are here to stay and will only increase as we venture into the Web3 and Metaverse paradigm,” he added.
According to Shah Sheikh, Co-Founder and Cybersecurity Advisor at DTS Solution, this is because cyberattacks can vary from being very simple in nature, to highly sophisticated. While you may be able to spot a scam email from an allegedly wealthy dying man in a different country, who wishes to bequeath his wealth to you, cyberattacks are no longer limited to such outlandish offers. Sometimes, it may just be a social media user direct messaging you for help or an email from an established company asking you to pay your bills.
“Email phishing is one method but instant messaging through WhatsApp and other social media channels is also proving to be a big success for cyber criminals, as the interaction rate on these platforms is a lot higher,” Sheikh said.
“Cyberattacks are here to stay and will only increase as we venture into the Web3 and Metaverse paradigm,” he added.
Based on the warnings by police authorities and cyber experts, ransomware and phishing attacks are among the most common types of malicious online activities. According to Sheikh, these two types of cyberattacks are often used in tandem by cyber criminals.
“Ransomware is malware that encrypts files on your computer rendering them useless, which can only be decrypted if ransom is paid. The payload [malicious file] is often delivered through phishing emails with malicious links to download a file or an office document that is injected with malicious code,” Sheikh said.
“Credential theft through phishing is another common cyberattack, where one’s username and passwords are compromised. This can lead to further attacks and takeover of social media logins or cloud accounts,” he added.
Based on the warnings by police authorities and cyber experts, ransomware and phishing attacks are among the most common types of malicious online activities. According to Sheikh, these two types of cyberattacks are often used in tandem by cyber criminals.
“Ransomware is malware that encrypts files on your computer rendering them useless, which can only be decrypted if ransom is paid. The payload [malicious file] is often delivered through phishing emails with malicious links to download a file or an office document that is injected with malicious code,” Sheikh said.
“Credential theft through phishing is another common cyberattack, where one’s username and passwords are compromised. This can lead to further attacks and takeover of social media logins or cloud accounts,” he added.
Another form of cyberattack that is popular on the internet is phishing.
“Phishing emails are a common technique employed by hackers to send legitimate looking emails impersonating a brand and tricking you into taking action,” said Sheikh
Here is a roundup of the top tips shared by police authorities and cyber experts on how you can detect phishing scams lurking in their emails and messages:
1. Do not disclose personal information:
Dubai Police warns users to be careful when receiving suspicious calls or messages asking for personal information. Police reminded users that government officials, including Dubai Police, will not ask you for personal details.
2. Do not give away bank information:
Dubai Police warned users not to give away bank details such as OTP (One Time Passwords) or CCV codes, credit card expiry date and never click on unknown links.
3. Do not accept seemingly attractive offers
Dubai Police stated that residents should be wary of “offers that sound too good to be true”. Criminals using fake identities can trick you into thinking you have won a giveaway or prize.
4. Report eCrime
If you are a victim or have come across a dubious message or email, report it immediately to Dubai Police on their non-emergency call centre 901, or on the ‘Dubai Police’ application or head to the nearest Smart Police Station.
5. Beware of unsolicited emails
When checking your emails, always be wary of unsolicited emails, as this is the first sign that you may not have received a correspondence which is safe.
“[The email] is always unsolicited, with a subject line that will make you open the email. The content is crafted specifically to trick the victim into clicking a link and submitting credentials or details,” Sheikh said.
6. Always double check the exact email address
There are many ways phishing emails can be detected – the first and foremost is to double check the email sender domain. Hackers will always use domains that have a resemblance of the brand they are targeting. “This is what we call typosquatting domains. Users should always pay extra attention to the domain that sent the email,” Sheikh said.
However, the domain name may not always be visible in your email’s default view. Tap on the email display name, and you will be able to see the exact address the email was sent from. Pay attention to the domain name. If it is not a legitimate email from an organization, you may see the domain name have certain extra or missing characters, which make it seem legitimate at first glance.
7. Watch out for typos
Hackers always leave breadcrumbs, according to Sheikh. “Identify typos, grammatical mistakes and other typographical errors. Sophisticated hackers will spend time in perfecting the attack but in a majority of the cases, users can detect it if they pay attention,” he said.
To read the full interview published on gulfnews.com, please click here.
What is Phishing?
1. Do not disclose personal information:
Dubai Police warns users to be careful when receiving suspicious calls or messages asking for personal information. Police reminded users that government officials, including Dubai Police, will not ask you for personal details.
2. Do not give away bank information:
Dubai Police warned users not to give away bank details such as OTP (One Time Passwords) or CCV codes, credit card expiry date and never click on unknown links.
3. Do not accept seemingly attractive offers
Dubai Police stated that residents should be wary of “offers that sound too good to be true”. Criminals using fake identities can trick you into thinking you have won a giveaway or prize.
4. Report eCrime
If you are a victim or have come across a dubious message or email, report it immediately to Dubai Police on their non-emergency call centre 901, or on the ‘Dubai Police’ application or head to the nearest Smart Police Station.
5. Beware of unsolicited emails
When checking your emails, always be wary of unsolicited emails, as this is the first sign that you may not have received a correspondence which is safe.
“[The email] is always unsolicited, with a subject line that will make you open the email. The content is crafted specifically to trick the victim into clicking a link and submitting credentials or details,” Sheikh said.
6. Always double check the exact email address
There are many ways phishing emails can be detected – the first and foremost is to double check the email sender domain. Hackers will always use domains that have a resemblance of the brand they are targeting. “This is what we call typosquatting domains. Users should always pay extra attention to the domain that sent the email,” Sheikh said.
However, the domain name may not always be visible in your email’s default view. Tap on the email display name, and you will be able to see the exact address the email was sent from. Pay attention to the domain name. If it is not a legitimate email from an organization, you may see the domain name have certain extra or missing characters, which make it seem legitimate at first glance.
7. Watch out for typos
Hackers always leave breadcrumbs, according to Sheikh. “Identify typos, grammatical mistakes and other typographical errors. Sophisticated hackers will spend time in perfecting the attack but in a majority of the cases, users can detect it if they pay attention,” he said.
To read the full interview published on gulfnews.com, please click here.
See also:
Dubai