Today, as organizations expand their use of advanced secure technologies, hackers are attempting to break into organizations by targeting the weakest link: the uneducated computer user. The paper below shows the need for security awareness programs in schools, universities, governments, and private organizations in the Middle East by presenting results of several security awareness studies conducted among students and professionals in UAE in 2010.
One of the studies focuses on studying the chances of general users to fall victims to phishing attacks which can be used to steal bank and personal information. Results of an approved phishing audit made without notice within the academic organization (American University of Sharjah) is presented. The study is the first-of-its kind in UAE and has shown to be very useful in increasing the general security awareness.
The audit results are summarized below:
AUS 2007 Audit -
- Phishing email sent to 5000 students and 5000 alumni.
- Phishing victims = 800 users (8% of the total number of users)
AUS 2010 Audit -
- Phishing email sent to 5000 students, 5000 alumni, and 1000 faculty & staff.
- Phishing victims = 954 users (8.7% of the total number of users)
For more information about Phishing and the Approved Phishing Audit, please see the papers below:
The Need for Effective Information Security Awareness
F. Aloul
Journal of Advances in Information Technology (JAIT), 3(3), 176-183, 2012.
Information Security Awareness in UAE: A Survey Paper
F. Aloul
IEEE International Conference for Internet Technology and Secured Transactions (ICITST), London, UK, pp. 1-6, November 2010.
UAE news articles related to Phishing Attacks:
- Bank ordered to pay client whose account was hacked, GulfNews, October 2011.
- Mum-to-be faces fraud case after being conned by hackers, GulfNews, October 2011.
- UAE hit hard by increasing phishing, ITP.net, April 2011.
- Cyber gangs on the prowl in UAE, GulfNews, February 2011.
- Man loses Dh2,000 in 'Phishing' attack, GulfNews, January 2011.
- Phishing scam hits Mashreq Bank online customers, ITP.net, December 2010.
- Study sounds alarm over UAE data security, TheNational, November 2010.
- Phishing alert issued for Mashreq Bank, ITP.net, July 2010.
- Phishing ruse nets 1,000 at university, TheNational, June 2010.
- Phishing raid empties bank accounts, TheNational, April 2010.
- UAE bank targeted in major phishing attack, ITP.net, January 2010.
- UAE faces phishing threats, GulfNews, May 2008.
- 'Phishing' website of bogus recruitment agency blocked, GulfNews, February 2008.
For more information, please contact Dr. Fadi Aloul (faloul@aus.edu).
Return to main page