Business

Over 8,000 Middle East conflict-themed fake websites pose threat to residents

[Editor's Note: Follow Khaleej Times live blog amid US-Israel-Iran war for the latest regional developments.]There has been a spike in newly registered domains with keywords linked to the ongoing Middle East conflict, cybersecurity experts warned, noting sophisticated cybercriminals have registered more than 8,000 fraudulent websites in the past month, targeting individuals and businesses alike.“What is worrying is that more than 200 fake domains have precisely impersonated a prominent GCC oil company, a few major Gulf banks, and government services, putting savings, identity, and personal data at risk,” Rayad Kamal Ayub, managing director of UAE-based Rayad Group told Khaleej Times."The average GCC resident cannot distinguish these fake websites from legitimate ones—that's the terrifying reality we're facing," noted Ayub, adding: "Major institutions have been cloned with such precision that even cybersecurity professionals are being deceived. One wrong click, one credential entered on a fake site, and life savings could vanish in minutes."Last week, the UAE Cyber Security Council warned individuals and organisations to remain alert to the threat of a wiper malware. The Council said it is among the 'most destructive types of malicious software' designed to erase data and deliberately disrupt systems. The Council stressed the importance of adopting strong cybersecurity practices to ensure the safety of users.A warning from a bankAyub praised the UAE authorities “for their exceptional cybersecurity vigilance and proactive response to these threats.”"UAE cybersecurity agencies have successfully intercepted and neutralised over 1,200 malicious domains targeting Emiratis and businesses in the past quarter alone. Their rapid response teams have prevented an estimated Dh450 million in potential fraud losses,” Ayub noted.Stay up to date with the latest news. Follow KT on WhatsApp Channels. He continued: “The UAE Cyber Security Council and relevant authorities have established world-class threat monitoring systems that detect and disable fraudulent domains within hours of registration. This level of preparedness and technological sophistication in protecting citizens and businesses sets the standard for the entire region and demonstrates what excellent vigilance in cybersecurity can achieve in avoiding devastating attacks."Rayad Kamal Ayub‘Weaponised’ domainsAyub cited two sophisticated hacking networks:Spurious websites were created to mimic a prominent GCC oil company; they were designed to steal employee credentials and infiltrate critical infrastructure. Ayub quoted Dr. Mohammed Al-Shehri, former director of industrial cybersecurity, saying: "These fake portals are harvesting login credentials that give attackers access to internal systems and potentially networks controlling energy infrastructure.”A regional bank had 31 sophisticated replicas using online.com, secure__.com, verify.net, mobile-__.com, corporate.com, and app.com. These fake website, according to Ayub, trap customer into entering credentials on what appears exactly like the bank app or website. Within minutes, however, their entire account balance is transferred out and converted to cryptocurrency.”Digital pickpocketA former signals intelligence officer likened fake banking apps to digital pickpockets that read messages, capture passwords, and watch every transaction to provide cybercriminals keys to someone’s entire digital life.Hackers are not only after the money. They can steal your identity, your passport information, your family's data," warned a cybersecurity researcher at a leading GCC university, adding: “Your stolen identity could be used to commit crimes—all in your name."Important recommendationsThe UAE Cyber Security Council has repeatedly stressed the importance of adopting strong cybersecurity practices and gave the following recommendations.For individuals, regularly update systems and software; avoid suspicious links and untrusted files; and maintain regular backups of important data.For organisations, implement isolated backups and test them regularly; restrict and manage access privileges; strengthen security monitoring and incident response capabilities.Ayub also stressed “awareness and preparedness are essential to protecting data and reducing potential threats.” He also gave these advice:Never click links in emails or texts claiming to be from your bank. Access banking exclusively through bookmarked websites or official apps. Call your bank directly using the number on your physical card to verify any unusual requests.Verify all unusual requests through phone calls to known numbers. Never enter work credentials on sites accessed through email links. Confirm payment instructions through multiple out-of-band channels.Type government URLs manually. Verify you're on the correct domain.Educate elderly relatives and children who are most vulnerable to sophisticated attacks. Establish family verification protocols for any financial

Economist AdminEconomist Admin
Over 8,000 Middle East conflict-themed fake websites pose threat to residents

[Editor's Note: Follow Khaleej Times live blog amid US-Israel-Iran war for the latest regional developments.]

There has been a spike in newly registered domains with keywords linked to the ongoing Middle East conflict, cybersecurity experts warned, noting sophisticated cybercriminals have registered more than 8,000 fraudulent websites in the past month, targeting individuals and businesses alike.

“What is worrying is that more than 200 fake domains have precisely impersonated a prominent GCC oil company, a few major Gulf banks, and government services, putting savings, identity, and personal data at risk,” Rayad Kamal Ayub, managing director of UAE-based Rayad Group told Khaleej Times.

"The average GCC resident cannot distinguish these fake websites from legitimate ones—that's the terrifying reality we're facing," noted Ayub, adding: "Major institutions have been cloned with such precision that even cybersecurity professionals are being deceived. One wrong click, one credential entered on a fake site, and life savings could vanish in minutes."

Last week, the UAE Cyber Security Council warned individuals and organisations to remain alert to the threat of a wiper malware. The Council said it is among the 'most destructive types of malicious software' designed to erase data and deliberately disrupt systems. The Council stressed the importance of adopting strong cybersecurity practices to ensure the safety of users.

A warning from a bank

Ayub praised the UAE authorities “for their exceptional cybersecurity vigilance and proactive response to these threats.”

"UAE cybersecurity agencies have successfully intercepted and neutralised over 1,200 malicious domains targeting Emiratis and businesses in the past quarter alone. Their rapid response teams have prevented an estimated Dh450 million in potential fraud losses,” Ayub noted.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

 He continued: “The UAE Cyber Security Council and relevant authorities have established world-class threat monitoring systems that detect and disable fraudulent domains within hours of registration. This level of preparedness and technological sophistication in protecting citizens and businesses sets the standard for the entire region and demonstrates what excellent vigilance in cybersecurity can achieve in avoiding devastating attacks."

Rayad Kamal Ayub

‘Weaponised’ domains

Ayub cited two sophisticated hacking networks:

  • Spurious websites were created to mimic a prominent GCC oil company; they were designed to steal employee credentials and infiltrate critical infrastructure. Ayub quoted Dr. Mohammed Al-Shehri, former director of industrial cybersecurity, saying: "These fake portals are harvesting login credentials that give attackers access to internal systems and potentially networks controlling energy infrastructure.”

  • A regional bank had 31 sophisticated replicas using online.com, secure__.com, verify.net, mobile-__.com, corporate.com, and app.com. These fake website, according to Ayub, trap customer into entering credentials on what appears exactly like the bank app or website. Within minutes, however, their entire account balance is transferred out and converted to cryptocurrency.”

Digital pickpocket

A former signals intelligence officer likened fake banking apps to digital pickpockets that read messages, capture passwords, and watch every transaction to provide cybercriminals keys to someone’s entire digital life.

Hackers are not only after the money. They can steal your identity, your passport information, your family's data," warned a cybersecurity researcher at a leading GCC university, adding: “Your stolen identity could be used to commit crimes—all in your name."

Important recommendations

The UAE Cyber Security Council has repeatedly stressed the importance of adopting strong cybersecurity practices and gave the following recommendations.

  • For individuals, regularly update systems and software; avoid suspicious links and untrusted files; and maintain regular backups of important data.

  • For organisations, implement isolated backups and test them regularly; restrict and manage access privileges; strengthen security monitoring and incident response capabilities.

Ayub also stressed “awareness and preparedness are essential to protecting data and reducing potential threats.” He also gave these advice:

  • Never click links in emails or texts claiming to be from your bank. Access banking exclusively through bookmarked websites or official apps. Call your bank directly using the number on your physical card to verify any unusual requests.

  • Verify all unusual requests through phone calls to known numbers. Never enter work credentials on sites accessed through email links. Confirm payment instructions through multiple out-of-band channels.

  • Type government URLs manually. Verify you're on the correct domain.

  • Educate elderly relatives and children who are most vulnerable to sophisticated attacks. Establish family verification protocols for any financial requests. Monitor bank accounts daily for suspicious activity. Report fraud immediately to authorities.

Ayub underscored: "Every person who takes these precautions builds the best defence. This is about protecting what matters most—financial security, personal identity, family safety. The criminals are counting on complacency and ignorance. Don't give it to them."

Read More

Tags:

Previous Article

Disrupted sleep, fatigue: What is ‘Eid coma’, how can you combat it?

Next Article

When Eid Al Fitr was simpler: How celebrations in the UAE have changed

What's Your Reaction?

like

dislike

love

funny

angry

sad

wow

Economist Admin
Economist Admin Admin managing news updates, RSS feed curation, and PR content publishing. Focused on timely, accurate, and impactful information delivery.

Related Posts

Sanlayan to deepen R&D in counter-drone and electronic warfare tech with ₹186 crore fundraise

Sanlayan to deepen R&D in counter-drone and electronic ...

FEDA-HQ

SmartCrowd secures record-breaking Dhs24 million sale on Palm Jumeirah villa flip

SmartCrowd secures record-breaking Dhs24 million sale o...

Economist Admin

Sprinklr, PTC, Samsara, Zeta Global, and Fastly Stocks Trade Down, What You Need To Know - FinancialContent

Sprinklr, PTC, Samsara, Zeta Global, and Fastly Stocks ...

Economist Admin