Help your employees spot phishing emails

Phishing scams are rife in the Gulf Cooperation Council (GCC) region. Cyber criminals are getting smarter and their attacks more sophisticated, so businesses need to work harder to protect their information security and assets.

Ensuring your employees know the basics of cyber security minimises the risk of your company’s systems being infected. It is important that they know how to recognise and respond to phishing emails. Here are some signs to look out for.

A sense of urgency

Scammers draw people in with messages that make them feel like they need to act quickly. They might use capital letters and words like ‘urgent’ or ‘immediately’. This creates a sense of panic that leads people to act before thinking about the consequences.

Well-known brands

You might receive messages that look like they’re from businesses you know and trust – your bank, for example.

If you receive a message that looks like it’s from a business you know but are not sure whether it can be trusted, contact the business directly to check the validity of the message. Never reply to or click any links in the email.

Unfamiliar senders and strange URLs

Look at the sender’s email address and, if a link is provided, check the hyperlink address by hovering your mouse over the link. This will often reveal a non-official address or a URL that is misspelled or completely different to what you are expecting.

Asking for details

If any message asks for your password or bank account details, do not respond. The emails can be very convincing, warning recipients of suspicious activity, for example, but no legitimate correspondence would request this information from you.


Many phishing emails are automated and sent to thousands of people at once, and can contain very obvious errors. This might be a gap where your name should be, or spelling mistakes and poor grammar. A reputable company would not send emails with these mistakes. If you see an error, assume the message is a scam.

Phishing attacks in the GCC region

Individuals and businesses in the Gulf are potential targets for cyber criminals and should seek to protect themselves before it’s too late.

There have been more than 26 million phishing emails in Saudi Arabia in recent years, according to the National Cyber Security Centre (NCSC), and a recent survey of dubizzle found that 36% of online users in the UAE have never heard the term ‘phishing scam’.

Since 2015 there have been at least 11,500 information security breaches in the GCC region – this number could be much higher as it’s estimated that a third of people don’t report the crime.

The above statistics indicate that phishing and ransomware pose a huge threat to GCC region companies. Businesses should take action against the increasing threat of targeted phishing attacks by educating their employees to be alert, vigilant, and secure.

Minimise the impact of phishing attacks

It is important that staff are aware of the cyber security risks your organisation faces. Enrolling your employees on a phishing and ransomware e-learning course will help them understand how phishing attacks work, the tactics that cyber criminals employ, and how to spot and avoid a phishing campaign.

If you would like to find out more about improving your organisation’s online security, please get in touch.

Take action against the increasing threat of targeted phishing attacks


Subscribe to our newsletter for all the latest cyber security news and advice