The UAE Cyber Security Council has issued a renewed warning about the growing threat of financial cybercrime, cautioning that stolen login credentials remain the most common entry point for attacks targeting individuals, companies, and institutions. According to the council, around 60% of financial cyberattacks begin with the theft of usernames and passwords, making compromised credentials a primary gateway for fraud, identity theft, and unauthorized access to sensitive financial information.
In comments to the Emirates News Agency (WAM), the UAE Cyber Security Council said that financial data remains one of the most sought-after assets for cybercriminals, particularly as digital banking and online transactions become more deeply embedded in daily life. The council stressed that while threat actors are increasingly sophisticated, many successful attacks still exploit basic security weaknesses that can be mitigated through stronger digital hygiene.
The council urged individuals and organizations to exercise greater caution when handling financial information online, emphasizing that simple preventive steps can reduce exposure to cyber risks. Users were advised against storing sensitive passwords on unsecured or inadequately protected devices, and were encouraged to regularly review privacy settings, remove untrusted applications, and ensure operating systems and software are kept up to date.
Also read: The Top 25 Women Cybersecurity Leaders in the UAE in 2025
Emirates News Agency Reports 60% of Attacks Begin with Compromised Credentials
Speaking to the Emirates News Agency, the UAE Cyber Security Council highlighted two-factor authentication as one of the most effective defenses against unauthorized access. The council described multi-factor security controls as a critical layer of protection in an environment where stolen credentials are frequently traded, reused, or exploited across multiple platforms. “Every step taken to protect personal and financial data contributes directly to reducing the likelihood of falling victim to online fraud,” the council said.
The council also warned that cybercriminals often gain access to financial information indirectly. Rather than attacking banking systems outright, attackers may first compromise email or social media accounts and then use those accounts to reset passwords or harvest banking details. This method enables fraudsters to remain undetected while expanding their access to more sensitive systems.
To counter this, the UAE Cyber Security Council called on users to adopt safer digital habits, including using secure payment methods, avoiding the storage of financial data on mobile phones or personal computers, and monitoring bank accounts regularly for suspicious activity. The council also recommended enabling instant bank alerts to receive real-time notifications of account activity, allowing for rapid response and immediate reporting in the event of a breach.
Council Urges Stronger Digital Habits to Protect Banking and Financial Data
The council further cautioned against engaging with fake advertisements, phishing messages, or unverified online entities. According to the Emirates News Agency, fraudsters are increasingly using advanced technologies to imitate the logos, branding, and messaging styles of banks and trusted financial institutions, making fraudulent communications harder to identify. Users were urged to carefully verify messages, avoid clicking on suspicious links, and refrain from sharing personal or financial information outside official banking channels.
As part of its ongoing weekly cybersecurity awareness efforts, the UAE Cyber Security Council emphasized the importance of constant vigilance to prevent attacks targeting financial and banking data. It noted that cyber threats may take the form of direct attacks on bank accounts or indirect identity theft through unauthorized access to personal accounts, often resulting in financial losses.
The council also advised against using open or free Wi-Fi networks for banking activities or financial transactions, warning that such networks are often unsecured and vulnerable to interception. It stressed the importance of creating strong, unique passwords for banking and financial service accounts, noting that password reuse increases the risk of compromise.
