Phishing attack in the MENA region

Phishing in general

Phishing is a form of cybercrime where targets are contacted by someone posing as a legitimate institution through email, telephone, or text message. The aim is to lure individuals into providing sensitive data such as personally identifiable information, banking and credit card details, and passwords.

Phishing, a prevalent form of social engineering, is a technique where cybercriminals impersonate trustworthy organizations to trick users into taking certain actions. These actions typically include clicking on links that lead to counterfeit websites, downloading and installing harmful files, and revealing confidential information such as bank account or credit card details.

The term “phishing” has been in use since the mid-1990s to describe cybercriminals who send deceptive emails to “fish” for information from unsuspecting individuals. Over time, phishing attacks have evolved and are now categorized into various types, including email phishing, spear phishing, smishing, vishing, and whaling. Each type is distinguished by its specific channels and execution methods – such as email, text message, voice call, social media, etc. – but they all share a common goal.

Global phishing statistics (in the year 2022):

According to statistics in 2022, nearly 30 percent of adults worldwide were involved in phishing attacks. Moreover, during the last quarter of 2022, the number of unique phishing sites across the globe exceeded 1.35 million.  The most targeted industry was the financial, followed by software services, and webmail. 27 percent of overall detected phishing attacks targeted delivery services worldwide.  In phishing schemes, cybercriminals often impersonate well-known brands to quickly earn the trust of their victims. This technique is also known as spoofing. In October 2022, nearly 600 brand names were implicated in global phishing incidents. Microsoft, Google, and Yahoo were the brands most frequently exploited in these spoofing attacks. PayPal was the payment system most commonly associated with phishing attacks, with references to the service appearing in over 84 percent of such incidents.

Phishing in UAE:

According to a Kaspersky report, the number of emails that contain phishing threats increased by 77 percent in the UAE. The tactics, which are widespread in the Middle East, Turkey, and Africa region, encompass emails related to undelivered packages, know-your-customer notifications, offers of free money, and alerts about unusual email login activity.

How not to become a victim of a phishing attack:

  1. Stay Informed: Keep up to date with new phishing techniques to avoid falling victim to them. Regular security awareness training is recommended for IT administrators.
  2. Think Before Clicking: Be cautious when clicking on links in emails and messages. Check if the links lead to the correct websites. Be wary of emails that start with “Dear Customer”.
  3. Use Antivirus Software: Use antivirus software with up-to-date definitions to guard against phishing attacks. Regularly update your anti-spyware and firewall settings.
  4. Don’t Share Personal Information: Avoid sharing personal or financial information online. If unsure, contact the company directly. Don’t provide confidential information through email links.
  5. Use Anti-Phishing Toolbars: Customize your browser with anti-phishing toolbars that alert you about malicious sites.
  6. Use Firewalls: Use both desktop and network firewalls to protect your computer and network from hackers and phishers.
  7. Verify Site Security: Ensure the site’s URL begins with “https” and check for a closed lock icon near the address bar before submitting any information.
  8. Regularly Check Online Accounts: Regularly check your online accounts and change your passwords frequently. Regularly check your financial statements for any fraudulent transactions.
  9. Keep Browser Updated: Regularly update your browser to benefit from the latest security patches.
  10. Beware of Pop-Ups: Pop-ups can often be phishing attempts. Block pop-ups in your browser settings and close them using the “x” in the corner, not the “cancel” button.

Remember, there’s no foolproof way to avoid phishing attacks, but these tips can help enhance your online security.

References:

https://www.phishing.org/what-is-phishing

https://www.statista.com/topics/8385/phishing/#topicOverview

https://www.thenationalnews.com/business/technology/2023/08/23/phishing-email-threats-in-the-uae-surged-77-last-quarter-kaspersky-says/

Pin It on Pinterest