Almost every cyberattack target exploits human weaknesses rather than technical flaws, the UAE Cyber Security Council warned on Sunday.
The Council urged the public to verify identities, avoid sharing personal data such as account details or passwords, and be wary of sudden messages demanding immediate action. It also advised monitoring official alerts and staying updated on cybersecurity guidance.
The Council explained that social engineering tactics, where criminals manipulate people into handing over information or making unsafe decisions, are involved in nearly 98 percent of cyber incidents. The warning was issued during the sixth week of the Council’s Cyber Pulse initiative, a year-long campaign to boost digital literacy and resilience across the country.
It also explained that social engineering attacks rely on deception rather than code. Hackers often impersonate banks, government officials, or even colleagues. They also send urgent messages threatening account closures or fines and might offer fake rewards or flood victims with conflicting information with a simple goal to exploit fear, urgency, or trust and trick people into sharing passwords, banking details, or clicking unsafe links, added the council.
Global wake-up call
The UAE warning comes just two days after a major cyberattack disrupted operations at several European airports, including Heathrow, Brussels, Berlin and Dublin. Hackers struck MUSE, a passenger-processing system by Collins Aerospace used for check-in, boarding, and baggage drop. Automated functions collapsed, forcing airlines to revert to manual processes. After the attack, queues stretched across terminals, with several flights delayed and cancelled. The incident highlights how dependent critical infrastructure has become on third-party digital systems and how attackers increasingly use human-system interaction points to paralyse operations.
With Dubai and Abu Dhabi driving rapid digital transformation, from smart cities and fintech to real estate portals and prop-tech platforms, exposure is growing. A single employee clicking a malicious link, or a resident handing over details to a fake portal, could compromise entire networks. Businesses relying on external service providers are especially vulnerable.
Staying safe online
The Council urged the UAE residents and businesses to verify identities before sharing sensitive information; avoid disclosing passwords or account details via email, phone or messaging apps; be skeptical of urgent requests that demand immediate action; monitor official alerts for the latest cybersecurity guidance and audit third-party vendors to ensure they meet security standards.
Now in its second year, the Cyber Pulse campaign forms part of national efforts to strengthen digital safety and build confidence in the UAE’s fast-growing digital ecosystem. The Council says public awareness is critical to sustaining trust as the nation pushes ahead with its digital ambitions. – With inputs from WAM
