:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/thenational/JL2LTDI3IQIV4M5CEEAUJVS2LA.jpg)
:quality(70)/s3.amazonaws.com/arc-authors/thenational/c4ca6cb5-05b0-4e9a-94ca-35da7c89dd08.png)
Consumers and businesses in the UAE suffered more than 600,000 phishing attacks at the height of the Covid-19 stay-at-home measures, according to findings by Kaspersky.
From April to the end of June, more than 2.57 million phishing attacks were detected across the Middle East, from Egypt to the UAE, Saudi Arabia, Qatar, Kuwait, Bahrain and Oman, the global cyber security company said.
Saudi Arabia, the biggest Arab economy, saw 973,061 phishing attacks by cyber criminals during the second quarter, the most in the region. This was followed by the UAE with 617,347 attacks, Egypt (492,532), Oman (193,379), Qatar (128,356), Kuwait (106,245) and Bahrain (67,581), according to the Kaspersky data.
“Cybercriminals have noticed that with people spending more time on the internet, whether it is working from home or shopping online, they have the opportunity to exploit internet users,” said Emad Haffar, head of technical experts, META at Kaspersky.
“Cybercriminals are taking advantage of users who are uninformed by recreating landing pages of streaming platforms and online retailers. To internet users who are not aware about the threat of phishing attacks, they will not be able to separate a legitimate website from a phishing website.”
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/thenational/5JKAPCML77GTJ53RVL6T5QVIHE.jpg)
Phishing is one of the oldest forms of cyber crime, in which users are lured to a site and tricked into entering their personal information. This could include financial credentials such as bank account passwords and payment card details, or login details for social media accounts. This often results in money being stolen or corporate networks being compromised.
A report from tech security company McAfee in May warned of a worldwide surge in activity from cyber criminals since March as they tried to capitalise on the panic and uncertainty triggered by the Covid-19 crisis.
The substantial increase in people working from home during the pandemic presents more opportunities for cyber criminals to send out phishing e-mails, say industry experts. Prior to the pandemic, more employees were working from offices, which have advanced security systems in place to protect them from cyber attacks.
:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/thenational/K3CAT2APDZF5IHQAKU3S6RUPMI.jpg)
Another study in June by Dubai Future Foundation found a 600 per cent increase in phishing emails recorded since February, with healthcare facilities at high risk.
Cyber criminals resorted to a number of new tricks to scam victims through phishing – from HR dismissal emails to attacks disguised as delivery notifications, Kaspersky said.
“At the peak of the pandemic, organisations responsible for delivering letters and parcels were in a hurry to notify recipients of possible delays. These are the types of emails that fraudsters began to fake, with victims asked to open an attachment to find out the address of a warehouse where they could pick up a shipment that did not reach its destination,” Kaskpersky said in the report.
Another new technique used by cyber criminals during the pandemic was to send emails to unsuspecting users about amendments to medical leave procedures or arbitrary dismissals. These emails would usually contain virus-laden attachments that could be used to download and install encryptors.
Kaspersky experts advise users to always check online addresses in unknown messages, whether it is the web address of the site you are being directed to, the link address in a message and even the sender’s email address to ensure they are genuine.
Users are recommended to not enter their credentials if they are unsure whether the website is genuine and secure. In the event that you did enter your login and password details on a fake page, immediately call your bank or payment provider to change your password, the cyber security company advised.