More than 75% of cyber breaches in the UAE originate from phishing emails and fraudulent messages, according to the UAE Cyber Security Council, as reported by WAM, highlighting a growing vulnerability in the country’s digital ecosystem.

The Council warned that email-based fraud remains one of the most common entry points for cybercriminals, who use deceptive messages to infiltrate personal and institutional accounts, steal financial data, and enable broader cyberattacks.

Globally, the scale of the threat is accelerating. The Council estimates that over 3.4 billion phishing messages are sent daily, targeting individuals with malware, credential theft schemes, and identity fraud tactics.

These attacks often rely on social engineering rather than technical complexity. Fraudsters exploit gaps in user awareness, using tactics such as urgent requests for action, fake payment demands, suspicious links, or offers that appear too good to be true.

The Council identified several common red flags, including unsolicited requests for sensitive information, messages that pressure recipients into immediate decisions, and login prompts from unfamiliar sources. Poor spelling and grammatical errors also remain a frequent indicator of phishing attempts.

In response, authorities are urging residents and businesses to adopt stricter digital hygiene practices. This includes avoiding unknown links, steering clear of QR codes from untrusted or public sources, and never sharing personal or login information with unverified parties.

Strengthening account security is also critical. The Council recommends enabling multi-factor authentication across email and social media platforms, alongside regularly updating systems and applications to reduce vulnerabilities.

Equally important is rapid reporting. Users are encouraged to flag suspicious messages immediately, allowing cybersecurity teams to assess threats and prevent wider breaches or ransomware incidents.

The Council emphasized that human behavior remains the weakest link in cybersecurity frameworks. As digital adoption accelerates, individual awareness and proactive action are becoming central to national cyber resilience.

With cyber threats evolving alongside technological advancements, authorities say maintaining safe online practices is no longer optional—but essential to safeguarding both personal data and institutional security.