Cybercrime, fraud and phishing attacks are just a few keywords used to describe the current scene of internet activity that is affecting the Middle East and in particular companies and individuals in Dubai, UAE due to its vast amount of business and financial activity.
As your web hosting provider, we feel it is our duty to create awareness about this issue as it might affect you and business partners.
A simple search on a few popular news outlets such as GulfNews.com and Emirates247.com will show you to what extend cyber criminals go to extract funds from their targets. This includes but not limited to:
-Remote access to your computer/smartphone and logging of your keyboard strokes
-Access to your email account and communication with your customers and suppliers
-Registering look a like domain names to communicate with your customers, such as flytoDXD.com which looks like flytoDXB.com
-Duplication of your SIM card to receive bank authentication code, yes this is happening!
Here are a few recent articles in the UAE media and this includes only large and well known cases, however thousands of others are simply not reported as the community needs to develop a framework at the legal level to counter such attacks.
6th November 2016: Fraudsters allegedly obtained a SIM card for bank verification in large-sum bank transfers and Timeline of identity fraud cases in the UAE
29th September 2016: Dubai Police cracks Dh800,000 cybercrime
29th September 2016: UAE tops regional list for most employee data leaks
In all the above cases, Human factor is the common mistake and the only way to protect yourself if to be vigilant and pro-active. If you get an email from your boss asking you to send funds to a new bank account or to a Western Union account, think twice and validate before doing so. The same applies when your customers with whom you worked for many years all of a sudden ask you to send money to a new bank account as they are having trouble with their bank account.
Remember! Cybercrimals are organized gangs and rackets that are well organized and funded.
It is also important to make sure before you click on any links that appear to be from your company (even if it matches the style, signature) and read out (pronounce) the domain name URL and the email ID after @ to be sure you are communicating with the real user. Email Interception is the most common types of cyber attacks. One letter change in your domain name such as DXD.com instead of DXB.com is hard to see!
Finally, it is extremely important not to only have a secure password and an anti-malware package installed office wide but to also rotate your passwords and never use the same passwords on different services. Such as matching your email password with your facebook password. It is a fact that big organizations like linkedin and twitter had data leaks recently and in most cases you will be surprised but your email password might be available for purchase on the underground cyber portals.
This message is sent for the public's interest and we advise you to forward it to your colleagues and friends to raise awareness about such incidents.
Remember having a secure password will not protect you, you need to be proactive and vigilant at all times when dealing with computers related to your banking and other confidential data.
At AEserver, we recommend the following steps:
-Use unique and secure passwords and rotate them often
-Enable 2 factor authentication for your client area (you get a one time SMS code to login each time) and enable 2 factor in your cpanel so even if you password is leaked no one can access your cpanel to manage your emails without the 2nd factor. You can find this option in your cpanel under Security settings
-If you doubt an email, phone call the sender to validate it.
-Please report any suspicious activity on your account to our support team.
Remember! AEserver will never send you or call for the following:
-Emails asking you to login to validate or change your password
-Emails asking you to pay renewal charges for "domain names SEO services" or "domain search engine renewal" or others
-AEserver will never call you on the phone for your credit card data validation or updates
-A full history of emails sent from AEserver is always available in your client area and this can be used to validate if an email is indeed from AEserver or not.
As always, we care for your safely and security and we decided to compile the above cyber security safety tips for your peace of mind.