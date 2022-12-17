“You have been fired from work.” A fake e-mail message that citizens and residents received recently, aimed at catching them electronically, to defraud their bank accounts using a new trick, by hacking their smartphones, and forging their business mail, to notify them that it was decided to dismiss them from work, and that they should be fired. They have to click on a link below the message to find out the reasons for dismissal, and their total financial dues.

A number of those who received these messages told Emirates Today that the majority of them reviewed human resources departments and information security specialists at their business entities before interacting with their content, and made sure that the link was “fake”, targeting fraud and theft of money from bank accounts, while others responded to the message link until It became clear to them that it is fraudulent, which confirms that fraud operations are now approaching victims by asking them to provide personal or professional information about them, after reassuring them and notifying them of the sincerity and safety of the sending party.

An information security specialist stated that “most of the information that fraudsters rely on in these messages is already on the personal pages of the victims, on social media.”

Citizen Salem Al-Mulla, an institutional liaison coordinator in an oil company, stated that he was finally surprised by a message on his work e-mail, which read: “Respected Mr. Muhammad Al-Mulla.. We regret to inform you that it has been decided to dispense with your services with the company for administrative reasons. We invite you to review the link Below to find out its details, as well as to know your entitlements and the requirements for disclaiming responsibility from work.

Al-Mulla said: “Despite the ability of such messages to provoke anger and quick provocation, waiting and checking the sender’s email address carefully before interacting with them reveals that they are fraudulent, which is what I did, as I had great doubts about the language of the message and the method of notifying the termination of services.” Therefore, I checked the mail address and compared it to the previous messages that I receive from human resources, and I made sure that it was fake.

This is what Moza Saeed Al-Amiri, an official in the Human Resources Department at one of the major water companies, was exposed to, as she stated that she was more calm in dealing with the message, for the sole reason that she received it on an official holiday, but it was on her desk, inside her workplace, She does her job in the Human Resources Department concerned with these matters, and therefore she did not pay attention to them.

Nasser Saleh Abdullah, an account officer at a contracting company, confirmed that as soon as he received this message, he could not control his mind, and he clicked on the link attached to the alleged “dismissal from work” message to clarify the truth of the matter and find out the reasons, but he was surprised that the link referred him to a page. Others ask him for personal data and his bank account number, which information is already registered with the Human and Financial Resources Department in order to deposit the monthly salary of any employee.

Abdullah said: “When I read the required data, I felt some reassurance, and immediately contacted one of my colleagues in the Human Resources Department, and told him what happened, so he denied that the company followed any of these procedures against any employee.”

For his part, Khaled Mohammed Al-Shibli, an information security specialist at the Emirates Center for Strategic Studies and Research, confirmed that electronic fraud messages depend on providing some personal or professional information about the person to whom the message is sent, with the aim of reassuring him and notifying him of the sincerity and safety of the sending party, pointing out that Most of the information scammers rely on in these messages is already on social media profiles.

Al-Shibli told «Emirates Today», that «carefulness and scrutiny of the information contained in such messages reveal the falsehood of the sending party, but the real danger remains in not controlling the feelings and shock that may prompt some to respond to the fraudster and give him what he wants of bank account numbers, or Identification documents that can be sold for various purposes and destinations.

A study conducted by the “Function Five” technology solutions company confirmed that phishing attacks have recorded a remarkable development in recent years, making it difficult to distinguish between deceptive email messages and those actually legitimate messages, after they were previously characterized by primitiveness, intuitive errors, and the use of unfamiliar language. Quite convincing.

The UAE-based company’s study presented three solutions or methods that can be followed to mitigate the risks arising from the theft of personal credentials. The first is the elimination of automated attacks, where attackers create a database of stolen personal credentials that are collected. From various sources, one of which is phishing operations, and large batches of this stolen data are often tested by automated “bots”, then the valid data is often used to commit ATO account takeovers, or manual fraud, stressing that eliminating these attacks The mechanism not only eliminates these risks, but also reduces the infrastructure resources occupied by unwanted automated processes of bots.

According to the study, the second solution to mitigate the risks of electronic fraud is to stop ATO account takeovers, as the parties behind these attacks can take advantage of stolen credentials to log into stolen accounts, disguise themselves as a legitimate user, and commit fraud, causing losses. For individuals and companies that are victims of these incidents, while the third and final solution is to reduce the inconvenience of additional procedures, pointing out that the increasing risk of fraud prompts some individuals and companies to impose more stringent requirements for user identity authentication and multi-factor authentication (MFA), which causes In additional steps that may seem annoying to legitimate customers, without guaranteeing to reduce fraud losses to a large extent.

5 types of cyber attacks

Information security specialist, Khaled Al-Shibli, identified five types of cyberattacks, which are malware attack that contains viruses to destroy files and others, spyware that aims to seize data on the phone or computers, phishing attack that targets individuals through fake links, and attack The middleman, which is done by connecting mobile devices to other devices to steal data, and the password attack in which fraudsters use a person’s password experiment to take over personal data and accounts.

7 ways to prevent “cyber fraud”

Information security specialist, Khaled Muhammad Al-Shibli, confirmed that the risks of cyberattacks can be prevented through seven methods, represented by the use of anti-virus software, which is installed on devices to protect against malware, and avoiding anonymous communications and messages, in which the fraudster requests some data. Personal. And the use of complex passwords for each of the personal accounts of individuals, and avoid entering the Internet, through open networks in cafes, hotels, commercial centers, etc., and avoid entering the fake electronic links that are circulated between friends, and avoid leaving devices open unattended, and finally Copying important information In places other than the device used by the individual.