The UAE is the second most targeted country for cyberattacks in the entire Middle East — accounting for 12% of all regional cyber incidents in 2025 and facing an average business breach cost of $2.9 million per incident. Yet most residents living and working here have never received a practical guide on how to protect themselves, their families, and their businesses online.

This is that guide. Whether you are an expat in Dubai, a business owner in Abu Dhabi, a student, or a professional working remotely, this cybersecurity guide for UAE residents covers the real threats targeting people like you right now, the UAE laws you need to understand, the free tools the government provides, and the practical steps that make an immediate difference — all without needing a VPN or any workaround.

Why Cybersecurity Matters More in UAE Than Almost Anywhere Else

The UAE’s rapid digital transformation — e-government services, contactless payments, digital banking, smart city infrastructure, remote work — has made it one of the most connected societies in the world. That connectivity is genuinely positive, but it also makes UAE residents and businesses high-value targets for a specific profile of cybercriminal that has learned to exploit the unique characteristics of life in the Emirates.

Several factors make UAE residents specifically vulnerable:

• High digital wallet adoption: The UAE has among the highest rates of digital payment and online banking use in the world — making financial account compromise extremely lucrative for attackers
• Multicultural, multilingual population: Phishing messages in English, Arabic, Hindi, Urdu, and Tagalog all circulate simultaneously, allowing scammers to target every community segment
• High trust in authority: Scammers impersonating government entities — DEWA, Etisalat, TDRA, UAE Pass — achieve high success rates because residents in the UAE are accustomed to receiving genuine communications from these organisations
• Heavy use of WhatsApp for business: The UAE has some of the highest WhatsApp business usage rates in the world — scammers exploit this by impersonating real contacts and businesses over WhatsApp with cloned or spoofed numbers
• International workforce: Expats arriving from countries with less sophisticated cyber threat environments often underestimate the risk in UAE’s highly connected digital ecosystem

The Top Cyber Threats Targeting UAE Residents in 2025

Understanding what criminals are actually doing in the UAE right now is the fastest way to recognise and avoid it. Here are the threats generating the most damage against residents in 2025.

1. Phishing — Fake Etisalat, DEWA, DHL, and Government SMS

Phishing is the most common cyber threat in the UAE and accounts for 83% of all email-based attacks according to Acronis’s UAE threat report for the second half of 2025. Attackers send fake SMS messages and emails impersonating Etisalat/e&, DEWA, DHL, Aramex, Dubai Police, and UAE Pass — telling victims their account is suspended, a parcel is held at customs, or a payment is overdue. The link leads to a cloned website that steals login credentials or payment card details.

Key warning signs specific to UAE phishing:

• Messages arriving from non-official numbers claiming to be from DEWA, Etisalat, or government entities
• Urgency language — “Your account will be blocked in 24 hours” or “Pay customs fee now to release your parcel”
• Links that look almost correct — dewa-uae.com, etisalat-ae.net — but are not the official domains
• Requests for your Emirates ID number, bank details, or OTP over SMS or through a website link

2. WhatsApp Impersonation and Business Email Compromise

In 2025, WhatsApp impersonation has become one of the most prevalent scams in the UAE. Attackers clone the profile photos and display names of real contacts — including family members, colleagues, and employers — and send messages asking for urgent bank transfers, gift card purchases, or OTP codes. A notable incident involved a deepfake audio message impersonating a UAE corporate executive, convincing employees to transfer funds to a fraudulent account.

Business email compromise — where attackers impersonate suppliers or management to redirect invoice payments — remains a major threat to UAE SMEs, with losses running into hundreds of thousands of dirhams per incident for affected businesses.

3. Investment and Crypto Fraud

Investment scams targeting UAE residents have grown sharply — driven by the country’s high concentration of high-income expats who are actively looking for investment opportunities. Fraudulent trading platforms and crypto schemes use social media advertising, WhatsApp group invitations, and fake influencer endorsements to recruit victims. Victims are shown false returns on fake dashboards, encouraged to invest more, then find they cannot withdraw their money. Over 40,000 UAE residents lost money to Ponzi schemes, pyramid scams, and bogus trading platforms in one recent year alone.

4. AI-Powered Phishing and Deepfake Scams

2025 marked a turning point where AI-assisted cybercrime became mainstream in the UAE. Attackers now use AI to generate highly personalised phishing emails — referencing your real name, employer, and recent transactions — that are far more convincing than generic scam messages. Deepfake technology is being used to create fake voice and video messages impersonating family members, employers, and government officials. The UAE Cybersecurity Council has specifically warned residents about this category of threat.

5. Ransomware Targeting UAE Businesses

Ransomware attacks on UAE businesses increased significantly in 2025, with Everest ransomware the most active group, followed by Medusa and Embargo. These groups primarily target businesses in finance, government, healthcare, and logistics — entering through phishing emails, exposed remote desktop connections, and unpatched vulnerabilities. A single incident in July 2025 resulted in more than 200GB of data being exfiltrated from a Dubai-based company. For UAE business owners, ransomware preparedness is no longer optional.

UAE Cybercrime Laws — What Every Resident Must Know

The UAE has one of the most comprehensive and strictly enforced cybercrime legal frameworks in the world. Understanding these laws protects you both as a potential victim and as a digital user — many residents are unaware that their own online behaviour could carry serious legal consequences.

Law	What It Covers	Key Penalties
Federal Decree-Law No. 34 of 2021	Hacking, unauthorised access, fraud, defamation, spreading false information online, privacy violations	Fines up to AED 3 million + imprisonment up to 25 years for serious offences
Personal Data Protection Law (PDPL) — Federal Law No. 45 of 2021	Collection, storage, processing, and sharing of personal data — applies to businesses handling customer data	Fines from AED 100,000 to AED 1,000,000 for violations — up to AED 3 million for critical infrastructure harm
Cyberbullying & Defamation (under Law 34)	Offensive posts, harassment, false information on social media — applies even to reposts and messages sent to others	Up to AED 250,000 fine and/or 2 years imprisonment — up to AED 500,000 and 5 years if targeting a government entity
UAE National Cybersecurity Strategy 2025–2031	Framework for national cyber resilience — guides businesses on mandatory security-by-design requirements from 2026	Non-compliance by regulated businesses can result in operational restrictions and licence issues

Free Government Cybersecurity Tools Every UAE Resident Should Use

The UAE government provides several free tools specifically designed to help residents protect themselves online. Most UAE residents are completely unaware these exist.

1. Stay Safe — staysafe.csc.gov.ae

This free tool from the UAE Cybersecurity Council, developed in partnership with Etisalat/e& and the Global Anti-Scam Alliance, lets you instantly check whether any website is legitimate or a known phishing scam. Before clicking any unfamiliar link — especially one received by SMS or WhatsApp — paste the URL into Stay Safe and check it first. It takes five seconds and can prevent significant financial and personal data loss.

2. RZAM — Free Malicious Website Blocker

RZAM is a free browser extension developed by the Dubai Electronic Security Centre. It automatically scans and blocks malicious websites in real time, detecting phishing sites, malware delivery pages, and unsafe browsing addresses before you can interact with them. It supports Arabic and is available free from the App Store, Firefox Store, and Chrome Store. Every UAE resident should have this installed on their primary browser.

3. aeCERT — UAE Computer Emergency Response Team

The UAE’s dedicated Computer Emergency Response Team provides public advisories, vulnerability alerts, and cybersecurity incident information. If you or your business has experienced a cybersecurity incident, aeCERT is the primary technical support body. Visit aecert.ae for current advisories and incident reporting guidance for organisations.

4. UAE Pass — Secure Digital Identity

UAE Pass is the country’s official digital identity system. Using UAE Pass for government service authentication is significantly more secure than using individual username and password combinations. If you have not yet set up UAE Pass, it is available free via the App Store and Google Play and provides secure verified access to over 6,000 UAE government and semi-government services.

10 Practical Cybersecurity Steps for UAE Residents in 2025

These are the actions that have the most immediate protective impact — prioritised so you can start with what matters most.

1. Enable Two-Factor Authentication on Every Account That Offers It

Two-factor authentication (2FA) is the single most effective security measure available to individuals. Even if a criminal obtains your password through a phishing attack or data breach, they cannot access your account without the second factor. Enable 2FA on your email, banking apps, UAE Pass, social media accounts, and any platform containing personal or financial information. Use an authenticator app (Google Authenticator or Microsoft Authenticator) rather than SMS where possible, as SMS codes can be intercepted through SIM-swap attacks.

2. Use a Password Manager and Never Reuse Passwords

Most UAE residents use the same two or three passwords across dozens of accounts. When one account is breached — and data breaches happen constantly globally — criminals use those credentials to access your banking, email, and social media in attacks called credential stuffing. A password manager (Bitwarden is free and excellent; 1Password costs approximately AED 25/month) generates and stores unique strong passwords for every account so you never have to remember or reuse them.

3. Verify Before You Click — Every Time

Before clicking any link in an SMS, email, or WhatsApp message — regardless of who sent it — ask yourself whether you were expecting this message. If you received an unexpected message about a DEWA bill, a parcel from Aramex, a bank alert, or a government notification, go directly to the official website or app rather than clicking the link. Check any unfamiliar URL at staysafe.csc.gov.ae before opening it.

4. Keep All Devices and Apps Updated

Software updates patch security vulnerabilities that criminals actively exploit. In 2025, drive-by downloads — where visiting a legitimate website with an outdated browser installs malware silently — accounted for a significant share of UAE cyber incidents. Enable automatic updates on your iPhone or Android, your laptop, and all apps. This one habit eliminates an enormous category of attack vector with no effort beyond turning on a setting.

5. Secure Your Home WiFi Network

Many UAE residents have never changed their router’s default admin password — a basic security failure that allows anyone on your network to intercept traffic or compromise connected smart home devices. Log into your router settings and change the admin password to something unique. Use WPA3 encryption if your router supports it, or WPA2 as a minimum. Change your WiFi password from the default if you have never done so. Disable WPS (WiFi Protected Setup), which has known vulnerabilities.

6. Be Extremely Cautious on Public WiFi in UAE Malls and Hotels

Public WiFi in Dubai malls, hotels, cafes, and airports is convenient but carries genuine risk. Criminals set up fake hotspots with names like “Dubai Mall Free WiFi” to intercept traffic. If you must use public WiFi, avoid accessing banking apps, email, or any account containing sensitive information. Use your mobile data instead for sensitive tasks — Etisalat/e& and du 4G/5G data is fast enough for all practical purposes and far more secure than public WiFi.

7. Protect Your Emirates ID Information

Your Emirates ID number is the master key to a wide range of UAE government and financial services. Never provide your Emirates ID number over the phone, via SMS, or through an unfamiliar website link. No legitimate UAE government entity, bank, or utility will ask for your full Emirates ID via these channels. In March 2025, Dubai Police arrested a gang specifically impersonating Consumer Rights Protection Department representatives to extract Emirates ID details from residents.

8. Lock Down Your Social Media Privacy Settings

UAE-based scammers actively mine social media profiles — Instagram, Facebook, LinkedIn, TikTok — for personal details used in targeted phishing and social engineering attacks. Information like your employer, phone number, neighbourhood, daily schedule, and family relationships allows criminals to craft convincing impersonation attacks. Review your privacy settings on every platform and limit public visibility of personal details. The UAE Cybersecurity Council specifically advises disabling location sharing and auditing your follower lists.

9. Install a Reputable Antivirus and the RZAM Browser Extension

Free and paid antivirus solutions provide meaningful protection against malware, ransomware, and malicious downloads. On Windows, Microsoft Defender (built in, free) is strong and sufficient for most personal users. On Android, Google Play Protect provides baseline protection. Bitdefender and Kaspersky offer strong paid options available in UAE. Additionally, install the free RZAM browser extension from the Dubai Electronic Security Centre — it adds an extra layer of real-time website scanning specific to UAE threat intelligence.

10. Back Up Your Data Regularly — The 3-2-1 Rule

Ransomware attacks have no leverage if you have a recent, clean backup of your data. Follow the 3-2-1 backup rule: keep three copies of your data, on two different storage types, with one copy stored off-site or in the cloud. For personal users, enabling iCloud or Google Photos automatic backup ensures your photos and documents are always protected. For businesses, a structured backup policy covering all critical systems is a legal compliance requirement under the UAE’s 2025–2031 National Cybersecurity Strategy.

Cybersecurity for UAE Businesses — What the Law Now Requires

From 2026 onward, cybersecurity for UAE businesses is not optional — it is a legal compliance requirement under the UAE National Cybersecurity Strategy 2025–2031. The strategy mandates “security-by-design” across all businesses, with specific requirements varying by sector and size.

Business Type	Key Requirement	Regulator
All UAE businesses	PDPL compliance — consent, data protection, breach reporting	The Data Office
Telecom and cloud providers	TDRA Cybersecurity Framework — network security, data residency	TDRA
Dubai government suppliers	ISR (Information Security Regulation) certification required	DESC (Dubai Electronic Security Centre)
Financial institutions	DIFC / ADGM data protection laws + Central Bank cybersecurity guidelines	DFSA / FSRA / Central Bank
Healthcare providers	ADHICS (Abu Dhabi Healthcare Information and Cyber Security standard) + PDPL	DOH / DHA

How to Report a Cybercrime in the UAE

If you or your business has been a victim of online fraud, phishing, hacking, impersonation, or any other cybercrime in the UAE, report it immediately through these official channels:

Channel	What It Covers	How to Access
Dubai Police eCrime	Cybercrime, online fraud, hacking, harassment in Dubai	ecrime.police.gov.ae or Dubai Police app
MOI eCrime Portal	National cybercrime reporting — outside Dubai or multi-emirate incidents	moi.gov.ae → Services → eCrime Reporting · UAE Pass required
aeCERT	Technical incident reporting — businesses and infrastructure	aecert.ae
Your bank directly	Financial fraud, unauthorised transactions — contact immediately for fastest card block	Call the number on the back of your card — available 24/7 at all major UAE banks

Frequently Asked Questions — Cybersecurity UAE Residents

What are the biggest cyber threats to UAE residents in 2025?

The biggest threats are phishing and social engineering — fake SMS and emails impersonating DEWA, Etisalat, DHL, and government entities — which account for 55% of all UAE cyber incidents. Investment and crypto fraud targeting high-income expats, WhatsApp impersonation scams, and AI-generated deepfake attacks are also growing rapidly. The UAE is the second most targeted country for cyberattacks in the entire Middle East region.

Is using a VPN legal in the UAE?

Using a VPN for legitimate personal or business purposes is not explicitly banned in the UAE, but using a VPN to commit a crime — including accessing blocked content — is illegal under the cybercrime law and can carry significant penalties. This guide covers all recommended cybersecurity tools and practices that are fully legal and officially endorsed in the UAE — none of them require a VPN.

What is the UAE cybercrime law and what does it cover?

The primary UAE cybercrime law is Federal Decree-Law No. 34 of 2021 on Combatting Rumours and Cybercrimes. It criminalises hacking, unauthorised data access, online fraud, defamation, spreading false information, and privacy violations. Penalties range from fines up to AED 3 million to imprisonment up to 25 years for the most serious offences. Importantly, the law holds UAE residents responsible for all content posted or forwarded from their accounts — including reposts and WhatsApp messages — regardless of intent.

How do I report a scam or cybercrime in the UAE?

In Dubai, report through the Dubai Police eCrime portal at ecrime.police.gov.ae or via the Dubai Police app. For incidents outside Dubai or covering multiple emirates, use the MOI eCrime Reporting portal at moi.gov.ae using UAE Pass for verification. For financial fraud, contact your bank immediately — all major UAE banks have 24/7 fraud hotlines. Report suspected phishing websites using the free government tool at staysafe.csc.gov.ae.

What free cybersecurity tools does the UAE government provide?

The UAE government provides several excellent free tools: Stay Safe (staysafe.csc.gov.ae) lets you instantly check whether any website is a scam. The RZAM browser extension from the Dubai Electronic Security Centre automatically blocks malicious websites in real time. UAE Pass provides secure digital identity authentication across thousands of government services. aeCERT publishes ongoing threat advisories and cybersecurity guidance for individuals and organisations.

What cybersecurity is required for UAE businesses in 2025?

From 2026, UAE businesses are required to implement “security-by-design” under the National Cybersecurity Strategy 2025–2031. All businesses handling personal data must comply with the PDPL (Federal Law No. 45 of 2021), including data protection measures and breach reporting. Additional requirements apply by sector — financial institutions under DFSA/ADGM, healthcare providers under ADHICS, Dubai government suppliers under ISR, and telecom providers under TDRA frameworks. Penalties for PDPL violations range from AED 100,000 to AED 1,000,000.

Final Cybersecurity Checklist for UAE Residents 2025

Last updated: March 2026 | Based on UAE Cybersecurity Council guidance, Federal Decree-Law No. 34 of 2021, Acronis UAE Threat Report H2 2025, and CPX Cybersecurity Annual Report 2025. Always refer to official UAE government sources for the most current legal requirements.