Criminals are expected to ramp up cyberattacks and online scams during the upcoming Eid Al Adha holiday season, UAE experts warn, asking consumers to practice caution when making online purchases.
“Cybercriminals target big events such as holidays and festive periods,” said Gopan Sivasankaran, General Manager, META at Secureworks.
The peak of summer is one such opportunity, he explained, as people are more likely to have their guard down and are more eagerly prepared to make purchases as they search for last minute offers on travel packages or leisure experiences and look for discounts online.
This creates fertile ground for scammers and cybercriminals to carry out phishing campaigns.
“Attackers can easily catch individuals off guard with a deal-themed email or messages – consumers expect to receive this type of communication, so their guard might be down,” Sivasankaran said.
“The urgency of time-limited deals stops people from performing their sense checks.”
Known as the “Festival of Sacrifice,” the Eid Al Adha holiday is expected to begin on June 27 and run until June 30 for most private sector companies in the UAE, and until July 3 for the public sector.
During the Eid Al Adha holiday season, many UAE residents seek out deals on hotels and flights to make the most of the long holiday. It is one of the country’s busiest travel seasons, with 3.5 million passengers expected to fly in or out of Dubai International Airport over the next two weeks.
According to Sivasankaran, cybercriminals frequently exploit the popularity of such highly anticipated travel periods, using discounts for flight tickets and hotels to take advantage of consumers as effective hooks in phishing campaigns.
“They send fake emails or texts claiming to provide exclusive deals, discounted tickets, or free upgrades,” he explained.
“These messages look authentic and may contain links to deceptive websites that steal personal information or trick victims into making payments. Scammers may even pose as airline representatives, contacting people directly for sensitive information under the pretence of ticket confirmations or account verifications.”
Scammers also tend to use similar tactics with hotels where they send phishing emails or texts claiming to offer discounts and time-sensitive offers to create urgency and override caution.
“By exploiting the trust people have in these industries and their desire for travel deals, scammers take advantage of individuals’ eagerness to secure offers.”
Scams to watch out for
The rise in financial activity as UAE residents rush to book experiences or flight tickets during this time is a “lucrative time for fraudsters to target potential victims,” Emad Fahmy, Systems Engineering Manager, Middle East at NETSCOUT, told Arabian Business.
“During these periods, consumers generally spend more time online. The summer holiday period often sees a rise in digital banking activity, as consumers buy gifts, book flights, and arrange travel.”
Fahmy expects two types of scams to be the most common during this time: phishing and malware attacks.
Phishing attacks are emails or text messages that appear to be from a reputable source such as a bank which include a malicious link.
“During the summer, users are likely to receive scam messages with airfare and accommodation offers that appear too good to be true. The emails or text messages will frequently contain a link that, when clicked, will transport the user to a false website that appears to be the actual website,” he warned.
“Cybercriminals will take the user’s personal information once they enter it on the bogus website.”
Malware attacks, however, occur when cybercriminals infect a user’s computer with malware which can happen when someone opens an infected email attachment or downloads a file from an untrustworthy source.
“When malware is installed on a computer, it can steal personal information, corrupt files, and even seize control of the computer,” he explained.
Protect yourself from scammers this holiday season
“While there is a spectrum of cyberattacks, most campaigns are mass market and not sophisticated. Even so, we can’t expect that consumers will always be able to spot these things,” said Sivasankaran.
He advised consumers to look out for the usual signs of phishing such as a company name, URL, or email address spelt wrong or any other spelling mistakes, as well as out of date email templates.
But he warned that, most importantly, people need to pay attention to their bank account activity.
“If in doubt of a transaction, contact your bank. Avoid clicking on links, enable multi-factor authentication (MFA) such as text or email where you can, and try to avid downloading applications of software from unofficial sources – even if it does claim to be free,” Sivasankaran added.
Fahmy shared the same sentiment and added that users should also keep their software up to date.
“Traditional logins are vulnerable to attacks. MFA adds an extra layer of security by requiring two pieces of information, such as a password and a one-time code. If MFA is enabled, even if a password is exposed, an attacker won’t be able to log in without the second factor,” NETSCOUT’s Fahmy said.
“Software updates often include security patches that can help to protect the user’s computer from malware attacks.”
Follow us on
