Authorities in the United Arab Emirates have warned that phishing emails remain the dominant driver of cyber attacks, accounting for more than 75 percent of recorded attacks. The figure, confirmed by the UAE Cyber Security Council, underscores how deceptive email campaigns continue to expose both individuals and organisations to digital threats.
The Council says most cyber breaches now begin with fraudulent messages designed to trick users into revealing login credentials, financial data, or granting system access. These emails often carry malicious links or attachments and can serve as the first step in wider attacks, including identity theft and network infiltration.
Deception Over Technical Exploits
Rather than relying on complex system vulnerabilities, attackers are increasingly exploiting human behaviour. Phishing messages are crafted to appear legitimate, often imitating banks, service providers, or government agencies. This approach allows cybercriminals to bypass technical safeguards by targeting trust and urgency.
Officials note that such tactics remain effective because they require minimal resources while delivering consistent results. Globally, billions of phishing messages are sent daily, ensuring that even a small success rate can lead to significant breaches.
A Growing Risk Amplified by AI
The threat is becoming more sophisticated. UAE authorities have warned that advances in artificial intelligence are making phishing campaigns harder to detect, with some scams now appearing nearly indistinguishable from legitimate communications.
These messages are increasingly used to steal credentials, distribute malware, or initiate broader cyber campaigns. Once access is gained, attackers can move deeper into systems, targeting sensitive data or launching further attacks.
Awareness Becomes the First Line of Defence
The UAE Cyber Security Council has emphasised that user awareness remains critical in reducing exposure. It advises individuals and organisations to avoid clicking on suspicious links, verify message sources, and enable multi-factor authentication on accounts.
Officials also stress the importance of reporting suspicious emails promptly. Early reporting can help authorities identify patterns, limit the spread of attacks, and prevent further damage.
A Persistent Entry Point
The continued dominance of phishing highlights a broader cybersecurity reality: human interaction remains the most exploitable vulnerability. Despite investments in advanced security systems, a single deceptive email can still open the door to a major breach.
For the UAE, the challenge is no longer just about strengthening infrastructure, but about ensuring that users can recognise increasingly sophisticated threats before they take hold.
