While geopolitical and social unrest make everyday life difficult, creating a consistent environment of panic and anxiety among residents, illegal actions have been on the rise in the Middle East. As the authorities battle to ensure safety, fraudsters and scammers are targeting innocent citizens in times of stress, aiming to make money from the instability.
According to cybersecurity experts, there has been a spike in newly registered domains with keywords linked to the ongoing Middle East conflict. In the past month, cybercriminals have registered more than 8,000 fraudulent websites, targeting individuals and businesses.
Beware of your data and money
“What is worrying is that more than 200 fake domains have precisely impersonated a prominent GCC oil company, a few major Gulf banks, and government services, putting savings, identity, and personal data at risk,” said Rayad Kamal Ayub, managing director of UAE-based Rayad Group to the Khaleej Times.
An average GCC resident can not distinguish between the fake and legitimate websites. Moreover, these have been cloned with such precision that even cybersecurity professionals have been deceived. "One wrong click, one credential entered on a fake website and life savings could vanish in a minute," added Ayub.
How do fraudsters target citizens?
Ayub cited two sophisticated hacking networks:
- Spurious websites were created to mimic a GCC oil company in order to steal employee credentials and infiltrate critical infrastructure.
- Another was numerous replicas of a regional bank using domain names such as online.com, secure.com, verify.net, mobile.com and more. These fake websites are extremely dangerous as they trap customers into entering their credentials on what appears to be a bank app or website. However, within minutes, they transfer out the entire account balance and convert it into cryptocurrency.
Not just employee information or money, hackers also aim to steal identities, passport information, family data and more to be able to commit larger crimes.
UAE Cyber Security Council warns citizens
Last week, the UAE Cyber Security Council warned individuals and organisations to stay alert to the threat of wiper malware. The council described it as the 'most destructive types of malicious software' designed to erase data and deliberately disrupt systems.
However, as per Ayub, the UAE cybersecurity agencies have successfully intercepted and neutralised over 1,200 malicious domains targeting Emiratis and businesses in the past quarter. "Their rapid response teams have prevented an estimated Dh450 million in potential fraud losses,” he noted.
He ensured that the UAE Cyber Security Council and other authorities have established world-class threat monitoring systems that detect and disable fraudulent domains within hours of registration.
The council advised digital users to regularly update their systems and software, avoid trusting suspicious links and downloading untrusted files and maintain backups of important data.
For organisations, it is important to maintain isolated backups, restrict and manage access privileges, and improve security monitoring and incident response capabilities.
Educating the elderly and children is also vital as they are more vulnerable to these sophisticated attacks.
