ABU DHABI // The e-mails seemed innocuous enough. One was a routine message requesting a university account password change. The other promised entry into a prize raffle in return for filling out a banking survey.
But both were fraudulent. Fortunately, for many unsuspecting recipients at the American University of Sharjah (AUS) who followed the hackers' instructions, they were part of a harmless ruse, an experiment to see how many people would fall victim to a phishing scam.
The first part of the university-sanctioned experiment, conducted in April on 10,000 students, alumni, staff and faculty, lured 954 people into trying to change their university log-on passwords. More than 200 students fell for the second part, which involved them saying what banks they used.
No names or personal information were recorded during the experiment.
More than 96 per cent of those fooled were current students, said Dr Fadi Aloul, an associate professor in computer engineering, who supervised the study.
"I was definitely surprised to see such a large number in terms of students," he added.
Phishing attacks use spoof e-mails and bogus websites to trick recipients into sharing sensitive data. "Almost on a monthly basis, we get regular e-mails from bank-phishing e-mail addresses saying: 'Your AUS account has been locked', which is a typical rip-off," Dr Aloul said.
Cyber attacks in the Middle East had boomed in recent years, according to the computer security firm Trend Micro.
"It's still viewed as a rich region with an opportunity for a more recipient and less aware market when it comes to these threats," said Ian Cochrane, the company's marketing manager in Dubai.
Although AUS's IT department routinely warns its web community members to be vigilant, Dr Aloul suspected that the alerts went ignored. It appears that, in many cases, he was right, despite the IT department sending out a warning about the fake attack.
"It tells you that students don't care much about reading these e-mails carefully," Dr Aloul said. "After seeing this experiment, I hope it made a better impact on them."
Amna, 21, who is majoring in computer engineering at AUS, was one of the students caught out.
"The point is that it made me more aware," she said.
"Seeing it happen and then when I saw the e-mail from an IT director, that just made me realise it does happen. We see e-mails and we read them, but it doesn't hit us until it actually takes place.
"I was actually happy that someone made me realise. It would have been much worse if it had been a real attempt. I was lucky because the first time it happened to me, nothing bad happened. People probably lose a lot of money on things like that.
"It was a nice way to make people aware. It's a fun experiment to be a part of, rather than as a victim."
The idea for the experiment came from a conversation with the university's IT director. "They're doing a good job sending the e-mail warnings, but I asked him if he knew how many people actually fell for this?" Dr Aloul said. "He didn't know, so I proposed, let's be the hackers for one day and make it in a controlled way."
The only other people aware of the test were the university's provost and three computer engineering students, Jamshaid Mohebzada, Arsalan Bhojani, and Ahmed El Zarka, who created the phoney e-mails.
The first went out on April 10, urging recipients to change their passwords "immediately", after a "security intrusion". The link displayed in the e-mail redirected people to a strange domain name that was not associated with the university.
"Unfortunately, many people don't check the URL [uniform resource locator, the global address of documents and other resources on the internet], so people went to that page and sent their usernames," Dr Aloul said.
The second e-mail was sent 10 days later, requesting names, phone numbers, e-mail addresses and asking which bank recipients used. It offered a computer flash drive as a prize for taking part in the survey.
While 220 students fell for it, the 350 staff and faculty members appeared to have learned their lesson. "Staff and faculty did not bother at all, it was zero," Dr Aloul said.
Dr Aloul hopes to present the research at a future cyber security seminar and is trying to have the study published in an academic journal.
mkwong@thenational.ae
Jordan cabinet changes
In
- Raed Mozafar Abu Al Saoud, Minister of Water and Irrigation
- Dr Bassam Samir Al Talhouni, Minister of Justice
- Majd Mohamed Shoueikeh, State Minister of Development of Foundation Performance
- Azmi Mahmud Mohafaza, Minister of Education and Minister of Higher Education and Scientific Research
- Falah Abdalla Al Ammoush, Minister of Public Works and Housing
- Basma Moussa Ishakat, Minister of Social Development
- Dr Ghazi Monawar Al Zein, Minister of Health
- Ibrahim Sobhi Alshahahede, Minister of Agriculture and Minister of Environment
- Dr Mohamed Suleiman Aburamman, Minister of Culture and Minister of Youth
Out
- Dr Adel Issa Al Tawissi, Minister of High Education and Scientific Research
- Hala Noaman “Basiso Lattouf”, Minister of Social Development
- Dr Mahmud Yassin Al Sheyab, Minister of Health
- Yahya Moussa Kasbi, Minister of Public Works and Housing
- Nayef Hamidi Al Fayez, Minister of Environment
- Majd Mohamed Shoueika, Minister of Public Sector Development
- Khalid Moussa Al Huneifat, Minister of Agriculture
- Dr Awad Abu Jarad Al Mushakiba, Minister of Justice
- Mounir Moussa Ouwais, Minister of Water and Agriculture
- Dr Azmi Mahmud Mohafaza, Minister of Education
- Mokarram Mustafa Al Kaysi, Minister of Youth
- Basma Mohamed Al Nousour, Minister of Culture
The National's picks
4.35pm: Tilal Al Khalediah
5.10pm: Continous
5.45pm: Raging Torrent
6.20pm: West Acre
7pm: Flood Zone
7.40pm: Straight No Chaser
8.15pm: Romantic Warrior
8.50pm: Calandogan
9.30pm: Forever Young
BULKWHIZ PROFILE
Date started: February 2017
Founders: Amira Rashad (CEO), Yusuf Saber (CTO), Mahmoud Sayedahmed (adviser), Reda Bouraoui (adviser)
Based: Dubai, UAE
Sector: E-commerce
Size: 50 employees
Funding: approximately $6m
Investors: Beco Capital, Enabling Future and Wain in the UAE; China's MSA Capital; 500 Startups; Faith Capital and Savour Ventures in Kuwait
If you go...
Fly from Dubai or Abu Dhabi to Chiang Mai in Thailand, via Bangkok, before taking a five-hour bus ride across the Laos border to Huay Xai. The land border crossing at Huay Xai is a well-trodden route, meaning entry is swift, though travellers should be aware of visa requirements for both countries.
Flights from Dubai start at Dh4,000 return with Emirates, while Etihad flights from Abu Dhabi start at Dh2,000. Local buses can be booked in Chiang Mai from around Dh50
The White Lotus: Season three
Creator: Mike White
Starring: Walton Goggins, Jason Isaacs, Natasha Rothwell
Rating: 4.5/5
The Abu Dhabi Awards explained:
What are the awards? They honour anyone who has made a contribution to life in Abu Dhabi.
Are they open to only Emiratis? The awards are open to anyone, regardless of age or nationality, living anywhere in the world.
When do nominations close? The process concludes on December 31.
How do I nominate someone? Through the website.
When is the ceremony? The awards event will take place early next year.
Company%20Profile
%3Cp%3E%3Cstrong%3ECompany%20name%3A%3C%2Fstrong%3E%20Hoopla%3Cbr%3E%3Cstrong%3EDate%20started%3A%20%3C%2Fstrong%3EMarch%202023%3Cbr%3E%3Cstrong%3EFounder%3A%3C%2Fstrong%3E%20Jacqueline%20Perrottet%3Cbr%3E%3Cstrong%3EBased%3A%3C%2Fstrong%3E%20Dubai%3Cbr%3E%3Cstrong%3ENumber%20of%20staff%3A%3C%2Fstrong%3E%2010%3Cbr%3E%3Cstrong%3EInvestment%20stage%3A%20%3C%2Fstrong%3EPre-seed%3Cbr%3E%3Cstrong%3EInvestment%20required%3A%3C%2Fstrong%3E%20%24500%2C000%3C%2Fp%3E%0A
Key facilities
- Olympic-size swimming pool with a split bulkhead for multi-use configurations, including water polo and 50m/25m training lanes
- Premier League-standard football pitch
- 400m Olympic running track
- NBA-spec basketball court with auditorium
- 600-seat auditorium
- Spaces for historical and cultural exploration
- An elevated football field that doubles as a helipad
- Specialist robotics and science laboratories
- AR and VR-enabled learning centres
- Disruption Lab and Research Centre for developing entrepreneurial skills
Quick facts on cancer
- Cancer is the second-leading cause of death worldwide, after cardiovascular diseases
- About one in five men and one in six women will develop cancer in their lifetime
- By 2040, global cancer cases are on track to reach 30 million
- 70 per cent of cancer deaths occur in low and middle-income countries
- This rate is expected to increase to 75 per cent by 2030
- At least one third of common cancers are preventable
- Genetic mutations play a role in 5 per cent to 10 per cent of cancers
- Up to 3.7 million lives could be saved annually by implementing the right health
strategies
- The total annual economic cost of cancer is $1.16 trillion
Election pledges on migration
CDU: "Now is the time to control the German borders and enforce strict border rejections"
SPD: "Border closures and blanket rejections at internal borders contradict the spirit of a common area of freedom"
The years Ramadan fell in May
How does ToTok work?
The calling app is available to download on Google Play and Apple App Store
To successfully install ToTok, users are asked to enter their phone number and then create a nickname.
The app then gives users the option add their existing phone contacts, allowing them to immediately contact people also using the application by video or voice call or via message.
Users can also invite other contacts to download ToTok to allow them to make contact through the app.
Call of Duty: Black Ops 6
Developer: Treyarch, Raven Software
Publisher: Activision
Console: PlayStation 4 & 5, Windows, Xbox One & Series X/S
Rating: 3.5/5
Disclaimer
Director: Alfonso Cuaron
Stars: Cate Blanchett, Kevin Kline, Lesley Manville
Rating: 4/5
TO A LAND UNKNOWN
Director: Mahdi Fleifel
Starring: Mahmoud Bakri, Aram Sabbah, Mohammad Alsurafa
Rating: 4.5/5
more from Janine di Giovanni
