iPhone 17 launch sparks wave of AI-driven phishing scams across UAE and Saudi

Researchers say the United Arab Emirates and Saudi Arabia are prime targets because of their strong spending power and early-adopter culture. Fraudsters are exploiting the excitement around Apple’s newest handset to dupe residents into handing over credit-card details, login credentials and even national-ID documents.

“Everything we see in our threat telemetry and regional reports suggests that hype launches trigger opportunistic fraud, and such scams only increase in popularity,” said Ilia Dafchev, senior security researcher at Acronis TRU.

“Our data for 2024 showed URL-based threats in the UAE were increasing by 36.9 per cent, and a surge tied to the iPhone 17 would not be unexpected.”

AI turbo-charges the fraud

Unlike the crude phishing emails of previous years, this year’s scams are powered by generative AI tools that can build lifelike websites, write flawless marketing copy and even bypass security controls.

“GenAI is allowing scammers to automate scams and scale up to new levels that weren’t possible with manual efforts,” said James Maude, field chief technology officer at BeyondTrust.

“They no longer need to speak the language or be online in the right time zone; it can all be automated. Documents, photos, voice and even video can be faked, making it harder than ever to spot a scam.”

Maude warned that fraudsters are deploying so-called “real-time phishing proxies” to capture multi-factor authentication (MFA) codes. When an unsuspecting user enters a one-time password into a fake login page, the code is relayed instantly to the genuine site, allowing attackers to generate a session token and gain full access.

“With access to one or more of your accounts, the attackers can do far more than scam you out of a few dirhams,” he said.

“They might be able to access your finances, private information or impersonate you in order to scam others.”

Ivan Milenkovic, Vice President for cyber risk technology, EMEA at Qualys, said AI removes traditional barriers for criminals.

“Fraudsters have always followed the hype,” he said. “The difference today is that social media makes it easier than ever to see where and how to strike. AI tools are only amplifying this by removing language barriers, generating fake domains in seconds and extending reach across social platforms.”

How the scams work

The tactics range from fake pre-order sites to bogus giveaways and “tester” programmes, all designed to harvest personal data or trick victims into paying for non-existent products.

Security company Kaspersky said it had already detected a global spike in iPhone 17-related fraud as pre-orders opened.

Some counterfeit sites closely mimic Apple’s official store and display enticing “Book Now” buttons that lead to payment pages harvesting bank-card details. Others advertise free iPhone lotteries, requiring entrants to complete surveys, provide email addresses and phone numbers and pay a delivery fee for prizes that never arrive.

Another common ploy targets technology enthusiasts with offers to become “product testers”, collecting contact details and small “shipping” payments while bombarding victims with spam or follow-up phishing attacks.

Dafchev said such schemes are attractive to criminals because Gulf buyers “expect newness, exclusivity, early access – all of which create fertile ground for offers that seem tempting but are unverified.”

While one-off payment fraud remains common, experts warn that identity hijacking poses a greater long-term threat.

“The more concerning trend is the rise in identity hijacking threats,” Maude said. “These scams can last a lot longer and have a far bigger cost to the victims as the criminals are able to take over your digital life.”

With stolen login credentials and session tokens, attackers can access cloud storage, banking apps and email accounts, leading them to impersonate victims to defraud their contacts or drain savings over time.

“Cybercriminals thrive on the excitement of major product launches, turning consumer enthusiasm into a gateway for data breaches. We’ve seen these tactics evolve from crude phishing to highly polished sites that can look authentic. Users must prioritise verification over impulse to stay safe and avoid falling victim to these opportunistic threats,” Tatyana Shcherbakova, Web Content Analyst at Kaspersky, said.

How consumers can protect themselves

Specialists urge consumers to slow down and verify before clicking. Recommended precautions include:

• Buy only from authorised retailers and verify sellers’ credentials.
• Check domain names carefully. Official Apple partners will use clear, secure HTTPS addresses.
• Use payment methods with buyer protection and avoid direct transfers.
• Ignore unsolicited links in emails, text messages or social-media promotions.
• Guard personal documents such as passport scans or Emirates ID cards.
• Enable strong security tools, including anti-phishing filters and phishing-resistant MFA such as FIDO2 keys.

“Purchase exclusively from official sources and avoid unsolicited offers. Legitimate contests rarely require sensitive information upfront. Treat any request for your name, card details or addresses as a red flag,” Kaspersky’s Shcherbakova added.

Milenkovic added that basic DNS hygiene – blocking suspicious or newly registered domains – can stop many attacks “before they reach you”.

Despite the rising sophistication of scams, experts insist consumers can stay safe with awareness and sound cyber-hygiene.

“Raising awareness is one of the most effective protections against fraud,” Dafchev said.

“Scammers are getting more polished, sometimes aided by AI, but so are defence tools. With informed decision-making, careful buying and appropriate protections, the risks can be managed.”

The iPhone 17 frenzy shows no signs of slowing, and neither do the criminals seeking to exploit it, experts believe.

“The attackers only need you to slip once. Staying sceptical and double-checking every link is your best defence,” said Maude.