Today's Edition
Dr Mohamed Hamad Al Kuwaiti*
Email phishing is considered one of the most dangerous cyber threats facing individuals and institutions alike in today’s era of rapid digital transformation.
Attackers send deceptive emails that appear official or trustworthy but are in fact designed to steal login credentials, financial information or even implant malicious software into devices.
Estimates indicate that more than three-quarters of cyberattacks begin with a fake or deceptive phishing email. Attackers exploit weak digital awareness among some users and the neglect of others to secure devices and applications containing personal data.
The danger of these emails lies in their ability to deceive recipients by imitating trusted brands or using persuasive language, making them difficult to detect to the untrained eye.
Phishing has become one of the most widespread forms of cyberattacks today. It simply exploits user trust and quick reactions. In fact, most successful attacks have not relied on complex technical breaches but rather on a convincing message that pushed the victim into making a wrong decision in a moment of haste.
Understanding the nature of these attacks is therefore the first step toward protection. At societal level, the spread of phishing undermines trust in digital services and e-commerce, negatively impacts the digital economy, and increases the burden on security agencies and financial institutions in combating such crimes.
This highlights the importance of cooperation among individuals, institutions and governments to promote a culture of cybersecurity and strengthen a safe, sustainable digital environment that protects everyone from these threats.
Given the accelerating cyber risks, digital awareness serves as the first line of defence against these persistent threats. Users must learn how to identify suspicious emails, such as those requesting advance payments, pressuring recipients to act quickly, or containing unfamiliar links. Spelling errors or exaggerated offers are also indicators that the message may be a phishing attempt.
Among the most important tips for dealing with such emails is to avoid interacting directly with any message that demands urgent action, such as “Update your information” or “Confirm your account”.
Attackers rely on urgency to confuse users, especially those less aware. It is better for users to take time to think carefully about the content and purpose of the message, asking themselves questions like: Was I expecting this email? If it claims to be from your bank or a known platform, do not click the link inside the email; instead, access the official website directly through your browser. This simple step prevents a large proportion of attacks.
It is also crucial to examine link details before clicking. Users are advised to hover over the link to check the website address. Even a minor difference, such as a missing letter or an unusual addition in the domain name, is a red flag. Likewise, emails containing linguistic errors or unusual phrasing are often signs of phishing attempts.
Users should never enter sensitive information, such as passwords or card details, except on websites they fully trust. Always ensure the presence of the lock symbol (HTTPS) in the address bar.
Most importantly, individuals must enable two-factor authentication on critical accounts such as email and banking services. Even if a password is compromised, attackers will struggle to access the account without the additional verification code.
Regular system updates are also recommended to address security vulnerabilities, along with the use of trusted security software to detect malicious programmes.
Equally important is the immediate reporting of suspicious emails to relevant authorities, enabling cybersecurity teams to analyse threats and take preventive measures.
Ultimately, email phishing is not merely a technical issue but also a social and cultural challenge, as it exploits gaps in awareness and unsafe digital behaviours.
Building a strong cybersecurity culture within society is therefore essential. This culture should focus on strengthening trust in the digital ecosystem, raising awareness among families and individuals and encouraging safe practices in handling emails and personal data.
The human element remains the most critical link in combating phishing attacks. No matter how advanced security systems become, user awareness and digital behaviour are decisive factors in resisting these threats.
For this reason, continuous awareness efforts are indispensable to protect individuals and institutions and to ensure the safety of the digital community in the face of growing cyber challenges.
*The writer is the Head of Cybersecurity for the UAE Government
