The UAE MoEI (Ministry of Energy and Industry) has warned of scam emails that claim to be “issued, represented or related” to the government department.
— وزارة الطاقةوالصناعة (@MOEIUAE) 30 July 2018
The emails “ask for detailed information and / or money from individuals and companies promising that they will receive contracts of employment, money or other benefits in return”.
Some of these emails contain the MoEI logo and are sent from an email that appears to be from the ministry or an employee’s address, but they are in no way associated with the MoEI.
In the statement on its website, the MoEI reminds users that all vacancies are “advertised on the Ministry’s website or in the Ministry’s social media accounts.
“We confirm that the Ministry of Energy and Industry does not require any fees either for applying for an employment or even at any stage of employment”.
If you are unsure about the authenticity of an email, take a look at our top tips below, which will help you identify if an email is genuine. In the case of any contact purportedly from the MoEI, you can also email firstname.lastname@example.org before taking any further action.
How to spot a phishing email
Government emails are an increasing type of phishing attack – not just in the UAE, but across the GCC (Gulf Cooperation Council) countries and the globe – and more and more people are being caught out.
Phishing attacks are becoming more sophisticated, and a lack of basic knowledge about them only increases their chance of success.
Here are some simple things to look out for to spot a phishing email:
- Check the email address: Even if the ‘from’ name seems legitimate, the email address used may be unfamiliar. Check for typos within the email address or incorrect email addresses used altogether – this is an increasingly common technique used by cyber criminals to trick victims.
- Check for spelling or grammar errors: Phishing emails are often badly written.
- Check for links or attachments to unrecognised sites: A phishing email may use a button or a disguised hyperlink to make it appear valid. However, if you hover over the URL you will see the actual hyperlinked address, which could be slightly misspelled or different to what you were expecting. Always double-check before you click.
- Does it seem too good to be true? Unfortunately, it probably is. If you receive an email containing big promises from an unknown sender, it’s likely to be a phishing email.
Train employees on phishing
Falling victim to a phishing attack can be devastating for organisations, with the average attack costing mid-sized companies $1.6 million, according to PhishMe’s Enterprise Phishing Resiliency and Defense Report 2017.
Organisations should train their employees to spot potential phishing attacks.
IT Governance’s Phishing Staff Awareness Course uses real-life examples and practical tips to help employees become an active part of their company’s cyber security strategy.
The course can be deployed for existing employees, and as part of an induction process for new starters, to teach the importance of being alert, vigilant and secure.