Online activity and shortened work hours collide during the holy month, experts urge businesses and consumers to remain vigilant against a rise in cyber threats.
Dubai — Ramadan brings shorter work hours and a shift in routines, but cybercriminals don’t take a break. As consumers embrace digital transactions and businesses operate on leaner schedules, cybersecurity must evolve to meet the moment.
From embracing automation and AI to fostering continuous employee awareness, resilience is key. Whether you’re a tech leader or an online shopper, staying informed and vigilant ensures that your spirit of giving and celebration remains secure—digitally and otherwise.
Tahawultech spoke to some leading cybersecurity experts, who shared their insights on how consumers need ro remain on guard.
Avinash Gujje, Practice Head, Cloud Box Technologies
During Ramadan, shortened working hours and increased online activity heighten cybersecurity risks for both companies and consumers. For businesses, reduced vigilance can leave systems vulnerable, making it crucial to deploy automated 24/7 security monitoring tools and managed security services. Regular employee training, incident response plans, and phishing simulations help maintain strong defenses.
For consumers, cybercriminals exploit the Ramadan shopping surge through fake sales, phishing websites, and deceptive ads to steal personal and financial data. Shoppers should verify URLs, ensure sites use HTTPS, and be wary of suspicious promotions. Common Ramadan-specific cyber threats include phishing, credential stuffing, and fraudulent e-commerce. Multi-factor authentication, real-time threat detection, and continuous awareness efforts are key to staying protected during the holy month.
Ned Baltagi, Managing Director – Middle East, Turkey and Africa at SANS Institute
Cybercriminals take advantage of festive shopping trends by launching fake Ramadan sales to lure consumers into scams. Shoppers should watch for red flags such as offers that seem too good to be true, unfamiliar online retailers, and websites with poor design or missing contact information and a sense of urgency. Before making a purchase, consumers should verify website legitimacy, check for secure payment methods (HTTPS encryption), and avoid clicking on promotional links in unsolicited emails or messages. Enabling multi-factor authentication (MFA) on accounts and monitoring bank statements for unauthorised transactions can further enhance security.
Ramadan often sees a rise in phishing attacks, credential theft, and financial fraud, particularly through fake donation campaigns and shopping scams. Cybercriminals exploit the increased online activity during this time, targeting both businesses and individuals. Organisations should enforce stricter access controls, implement email filtering to detect phishing attempts, and conduct targeted cybersecurity awareness campaigns. Individuals should be cautious when donating online, ensuring they only contribute through official charity websites. Both businesses and consumers should also remain vigilant against social engineering attacks, particularly those leveraging a sense of urgency or emotional appeal.
Meriam ElOuazzani, Senior Regional Director, META, SentinelOne
Cybercriminals often exploit festive or seasonal sales to launch scams, preying on eager shoppers. Consumers should watch out for red flags such as heavily discounted prices, unfamiliar e-commerce sites, urgent “limited-time” offers, and requests for unusual payment methods like wire transfers or gift cards. Fake social media ads and phishing emails mimicking well-known retailers are also common.
To stay safe, verify websites before purchasing – check for HTTPS encryption and read customer reviews. Avoid clicking on suspicious links in emails or messages, and instead, visit official retailer websites directly. Enabling multi-factor authentication (MFA) on shopping accounts adds an extra layer of security. Generative AI-powered fraud detection tools can also help identify fake websites and suspicious transactions, while AI-driven security assistants provide real-time scam alerts.
Businesses should prepare by leveraging Generative AI and Hyperautomation to enhance security monitoring and automate threat detection. AI-driven analytics can identify unusual patterns in network traffic, while automated response systems ensure rapid containment of threats, even outside peak hours. Implementing multi-factor authentication (MFA), zero-trust security models, and continuous employee awareness training can further strengthen defenses. Individuals should be cautious of fake Ramadan sales, suspicious links, and urgent payment requests. AI-powered fraud detection tools and real-time scam alerts can help identify risks.
Harish Chib, Vice President Emerging Markets, Middle East & Africa, Sophos.
Harish Chib, Vice President Emerging Markets, Middle East & Africa, Sophos
Cybercriminal activity spikes during holiday periods, with phishing attacks, financial fraud, and credential theft becoming more common. Attackers prey on distracted users and altered work schedules. To counter these risks:
– Businesses should implement real-time threat detection, employee security training, and strict access controls. Regular patching and system updates are crucial to preventing exploits.
– Individuals should be mindful of fraudulent Ramadan offers, fake charities, and phishing attempts disguised as holiday promotions. As cyber threats evolve, businesses and consumers alike must remain vigilant and proactive in safeguarding their digital assets. A secure Ramadan is a prosperous Ramadan.
Bassel Kachfeh, Digital Solutions Manager at Omnix
Scammers often use fake Ramadan sales to trick shoppers. Red flags include unbelievable discounts, poorly designed websites, and requests for unusual payment methods like gift cards. To stay safe, consumers should verify website authenticity, use strong passwords, and enable MFA on accounts. They should avoid clicking on links in emails or social media ads and instead visit official retailer websites directly. Using secure payment methods like virtual credit cards or PayPal adds extra protection against fraud.
Bassel Kachfeh, Digital Solutions Manager at Omnix.
Cyber threats rise during Ramadan due to reduced workforce availability, increased online shopping, and phishing scams. Businesses should strengthen endpoint security, data backups, and access controls to prevent breaches. Individuals should be cautious of fake charity campaigns, fraudulent e-wallet promotions, and phishing emails. Companies can reduce risks by training employees, increasing security monitoring, and implementing strict authentication measures. Proactive steps can help both businesses and individuals stay safe during this period.
Subhalakshmi Ganapathy (Chief IT Security Evangelist, ManageEngine)
During Ramadan, UAE experiences a significant growth in online shopping, with digital payment transactions increasing by 8.5% across various sectors. Notably, transactions in online marketplaces surged by 143%, apparel by 78%, and travel agencies by 42%. However, this surge in online activity attracts cybercriminals who exploit the festive season to target consumers.
Common scams include fake charity donation requests, fraudulent job offers requiring upfront payments, and phishing scams impersonating logistics providers like Aramex, SMSA Express, and Zajil Express. These scams often involve fake notifications about pending deliveries with unpaid fees, tricking consumers into revealing personal and financial details.
To protect themselves, consumers should verify website authenticity by ensuring URLs start with “https” and avoiding unfamiliar sites. They should also be cautious with unsolicited emails or messages, refraining from clicking suspicious links. Using secure payment methods, such as credit cards or trusted digital wallets, adds an extra layer of protection. Additionally, regularly monitoring financial statements for unauthorized transactions can help detect fraud early.
Coinciding with Ramadan season, UAE sees a surge in cyberattacks. Last year, over 200 powerful cyberattacks were detected during this period, evidently. Phishing and smishing attacks have surged, with cybercriminals impersonating government entities, telecom providers, and delivery companies, tricking victims into revealing sensitive information. Business email compromise (BEC) attacks have also increased, targeting companies with fraudulent invoices or urgent fund transfer requests.
Cybercriminals use fake charity and social engineering to exploit the charitable spirit of Ramadan. Businesses and individuals must be vigilant and take precautions like enhanced email security and phishing awareness to avoid falling victim to cyberthreats.
