Dh100-200 scams in UAE: Why more residents fall victim to 'micro frauds'

Micro frauds on social media are becoming more common as scammers move away from large-scale frauds to smaller scams. Many are increasingly using generative AI to make these scams look more realistic and appear linked to trusted brands.

Cybersecurity experts say that micro fraud became very effective because small amounts may not feel risky to consumers in the UAE.

Some UAE residents shared their experiences, saying that they were targeted through social media, where they were approached to click and pay for goods and services that were of a small amount, in some cases, less than Dh100 or Dh200. Upon verification, it was found that the links for payments were fake.

Stay up to date with the latest news. Follow KT on WhatsApp Channels.

“To my surprise, I got a transaction alert of Dh770 on my credit card, which I didn’t initiate. I didn’t buy anything worth that much. Since my parents and I share the account (of a big e-commerce platform), I thought it might be them buying something! But when I checked, they didn’t either. I blocked my card immediately,” said K Mahesh, a long-time Dubai resident.

“What used to be large, high-value phishing or payment scams has fragmented into smaller, faster, and more opportunistic schemes, often involving minimal amounts. With generative AI becoming more accessible, it’s natural that threat actors are using automation to localise language, mimic trusted brands, and experiment with low-value lures that don’t immediately raise suspicion,” said Haifa Ketiti, senior systems engineer at Proofpoint.

“While these scams typically target individuals on social media, they mirror the same behavioural manipulation techniques we see at work in organisations,” she said.

Haifa Ketiti

According to Proofpoint’s Data Loss Landscape report, nearly all – 94 per cent – UAE organisations experienced some form of data loss last year, with 75 per cent of respondents citing careless user actions as the main cause. The common thread is human behaviour; attackers are testing how small interactions can open bigger doors.

The UAE Cyber Security Council has revealed that cyberattacks targeting strategic sectors in the country now exceed 200,000 daily.

Small financial losses

Maher Yamout, lead security researcher at Global Research & Analysis Team at Kaspersky, said more people are falling victim to these micro scams because smaller amounts may go unnoticed, but also people may be less likely to question small financial losses, assuming it’s not worth the effort to report or dispute them.

“Smaller sums reduce suspicion and encourage faster payments. As a result, criminals can target thousands of people and still profit significantly from the collective total,” he said.

Maher Yamout

Ketiti added that when the amount is small, people tend to dismiss it and move on, assuming it’s a harmless mistake or not worth reporting. “A quick click or a small transfer may not feel risky, but these small, repeated interactions give criminals the perfect opportunity to test what works, refine their methods, and repeat the scam at scale,” she added.

Ketiti elaborated that fradusters rely on curiosity, urgency, or the illusion of legitimacy. “Each successful small transaction gives cybercriminals both financial return and behavioural insight, which can later be applied to more targeted or coordinated attacks.”

How are people targeted?

The senior systems engineer at Proofpoint added that attackers are not necessarily targeting people of any specific age.

“Attackers adapt their approach to different digital habits rather than age itself. The real pattern is behavioural, not demographic. Attackers study how people engage online and tailor their tactics accordingly. They know what looks familiar to each audience and use that to build credibility,” he said.

Proofpoint’s global research shows that the majority of phishing and social engineering campaigns now rely on text-based messages and URLs rather than attachments, extending beyond email into SMS, chat, and social platforms.

Maher Yamout said scammers target all age groups, but their tactics differ. “Younger users are often targeted through social media trends, fake giveaways, ‘easy money’ schemes, or cheap online shopping offers. Older users may be targeted through more personal or emotional appeals, such as charity scams orimpersonation of friends and relatives. Essentially, scammers adapt their language and methods to the habits of each demographic, but the unifying theme is low-value fraud designed to fly under the radar,” added Yamout.

How to protect  yourself?

In order to protect yourself against micro scams, Yamout suggested social media users not respond to suspicious messages, not click on unknown links, and never share personal or financial information.

“Be careful when paying online, even if the amount is not substantial, because cyber criminals might be after your credit card details. It's crucial to verify websites, requests from friends or family through a separate, trusted channel, and to use strong, unique passwords with two-factor authentication. Using reliable security software is also a crucial step in staying protected,” he added.

According to Proofpoint, the most effective step is to pause before reacting.

“Most scams rely on speed and trust, especially when the amount or request seems harmless. AI tools now make these scams harder to spot by generating fluent, localised messages that sound legitimate, even in Arabic. Taking a moment to verify the sender, link, or request can prevent both small and large losses,” concluded Ketiti.

'50% off' ticket scams: Cloned sites, OTP traps trick UAE concert fans UAE steps up fight against online scams, cybercrime with nationwide awareness campaign UAE: No more OTPs? 7 new ways banks may authenticate users, fight scams