Legal Aspects of Email and Online Scams

Email and online scams are among the fastest-growing forms of digital crime in the UAE, targeting individuals, businesses, and financial institutions through deceptive messages, fraudulent links, impersonation tactics, and sophisticated social engineering methods. These offences fall under multiple provisions of the UAE Cybercrime Law and other federal regulations aimed at protecting electronic systems, financial transactions, and personal data. Through our dedicated Cyber Law practice, Al Kabban & Associates provides strategic legal assistance to victims of online fraud, defends clients facing allegations, and advises organisations on prevention, compliance, and reporting requirements.

Understanding the legal framework governing email and online scams

Email fraud and online scams are primarily regulated under Federal Decree-Law No. 34 of 2021 on Combating Rumours and Cybercrimes. This law criminalises unauthorised access, impersonation, electronic fraud, phishing, and misuse of digital platforms. Additional provisions under financial, telecommunications, and data protection regulations may also apply depending on the nature of the offence.

The UAE takes a zero-tolerance approach to online fraud, and penalties can be severe, particularly when scams cause financial harm, misuse identity information, or involve organised criminal activity.

1. Common types of email and online scams under UAE law

Phishing and credential theft

• Fraudulent emails impersonating banks, government bodies, or service providers
• Links directing victims to fake websites to capture login credentials
• Requests for OTPs, passwords, or financial information

Business Email Compromise (BEC)

• Impersonation of senior executives or suppliers
• Fraudulent bank transfer requests
• Invoice manipulation scams

Advance-fee and lottery scams

• Emails promising rewards, prizes, or financial returns
• Requests for upfront payments or personal data

Online marketplace and e-commerce scams

• Fake listings, fraudulent sellers, or counterfeit goods
• Payment diversion or non-delivery scams

Romance and social media scams

• Emotional manipulation to obtain money or personal information
• False identities or stolen photos

Any attempt to deceive or obtain assets electronically falls within cybercrime jurisdiction.

2. Criminal penalties for email and cyber fraud

The UAE Cybercrime Law imposes strict penalties for digital deception, including:

• Imprisonment for fraudulent online activities
• High fines for using electronic means to obtain money unlawfully
• Harsher penalties for targeting financial institutions, government entities, or vulnerable individuals
• Confiscation of devices used to commit the crime
• Deportation for expatriates convicted of serious offences

Penalties increase significantly when scammers operate through organised groups or cause substantial economic losses.

3. Impersonation and identity misuse

Impersonating another person online—including using their name, email, or social media account—is a criminal offence. This includes:

• Fake account creation
• Email spoofing
• Use of stolen digital identities
• Misrepresentation to obtain money or sensitive information

Identity misuse often forms the basis for additional charges such as fraud, extortion, or defamation.

4. Fraudulent use of bank and financial information

Using email or digital tools to obtain or alter financial information is treated with exceptional seriousness, including:

• Accessing bank statements without permission
• Interfering with online payment systems
• Manipulating invoices or transactions
• Unlawfully requesting transfers or OTP codes

These offences may also violate Central Bank cybersecurity directives and anti-money laundering laws.

5. Legal responsibilities of businesses in preventing email fraud

Organisations may face liability if poor cybersecurity practices contribute to fraud. Businesses are expected to:

• Implement secure email authentication protocols
• Train employees on phishing and social engineering risks
• Use MFA, encryption, and secure gateways
• Verify payment changes and supplier communications
• Maintain incident response plans

Failure to take reasonable preventive measures may expose companies to contractual or civil claims.

6. Reporting email and online scams in the UAE

Victims can report incidents to:

• Local police cybercrime units
• Dubai Police eCrime platform
• Abu Dhabi Police Aman service
• Telecommunications and Digital Government Regulatory Authority (TDRA)
• Banks and financial institutions for payment-related scams

Timely reporting increases the likelihood of asset recovery and identification of offenders.

7. Digital evidence in scam investigations

Authorities rely heavily on digital evidence, including:

• Email headers and metadata
• IP logs and access records
• Banking transaction trails
• Server logs from platforms involved
• Device forensics and recovered files

Preserving emails, screenshots, and transaction records is essential for successful prosecution.

8. Civil remedies for victims

Victims of online scams may pursue:

• Compensation claims for financial losses
• Civil suits against negligent third parties
• Asset recovery mechanisms
• Freezing orders against accounts used in fraud

Parallel civil and criminal action is often necessary to maximise recovery.

9. Defences in email scam allegations

Defence strategies may include:

• Lack of intent to defraud
• Compromised account or unauthorised use of the defendant’s device
• Insufficient evidence of deception
• Procedural flaws in digital evidence collection
• Good-faith involvement without knowledge of the fraudulent scheme

Forensic analysis and legal scrutiny of evidence play a critical role in defence.

10. Preventative compliance measures

To avoid liability and reduce risk, businesses and individuals should implement:

• Multi-factor authentication on all accounts
• Verification procedures for financial requests
• Spam filtering and advanced email protection tools
• Regular cybersecurity training
• Strict password and access management policies
• Secure backup and recovery systems

Prevention remains the most effective defence against online fraud.

Conclusion

Email and online scams pose serious legal and financial risks in the UAE, with strict penalties for offenders and significant responsibilities for businesses and individuals. From phishing attacks and identity fraud to financial manipulation and impersonation schemes, these offences fall under robust cybercrime laws designed to protect digital security and public trust. Whether pursuing justice as a victim, defending against allegations, or developing organisational compliance frameworks, Al Kabban & Associates offers authoritative, strategic legal support across all aspects of email and online scam cases within the UAE’s rapidly evolving digital landscape.