Information Cybersecurity Awareness

Phishing Attacks
Know the Threat.
Protect the Operation.

In the energy sector, a single click can compromise critical infrastructure. Learn how attackers exploit trust — and how to stay ahead.

Begin Training
Scroll
0%
of cyberattacks begin with a phishing email
0x
more targeted: energy sector vs. average industry
$0M
average cost of a data breach in energy (2024)
0%
of employees click phishing links in simulations
Understanding The Threat

What Is Phishing?

Phishing is a cyberattack where criminals impersonate trusted sources to steal sensitive information — passwords, operational data, or access credentials. In oil & gas, the stakes are critical infrastructure.

Email Phishing

Fraudulent emails disguised as internal memos, vendor invoices, or SCADA system alerts requesting urgent action.

SMS / WhatsApp

Text messages with links claiming to be from HR, IT support, or management — targeting personal and corporate devices.

Voice Phishing (Vishing)

Phone calls impersonating IT helpdesk, bank officials, or government authorities requesting verification codes.

QR Code Attacks

Malicious QR codes in emails, printouts, or on-site locations redirecting to credential harvesting pages.

Fake Websites

Cloned corporate portals, banking platforms, and government services designed to capture login credentials and OTPs.

Attack Surface

Where Attacks Target Energy Operations

Click on different zones of the offshore platform to see how attackers target each area.

SCADA Control Room
Critical
Server & Network Room
Critical
Communications
Medium
Offshore
Platform
Admin Office
High
Supply Chain
High
Click a zone above to explore its attack vectors
Attack Chain Analysis

How a Phishing Attack Unfolds

Click each stage to see how attackers move through the kill chain — from initial contact to data exfiltration.

Stage 01 — Delivery

A Fake Message Arrives

The attacker sends a crafted email, SMS, or message that appears to come from a trusted source — an internal department, a contractor, or a government entity.

Energy sector example: An email from "HSE Department": "URGENT: Updated safety protocols for offshore operations. Review and acknowledge within 24 hours." The attachment contains malware targeting industrial control systems.
Stage 02 — Exploitation

Urgency Triggers Action

The message creates pressure — a security alert, payment deadline, or compliance requirement — designed to bypass your critical thinking.

Energy sector example: "Your VPN access will be revoked in 2 hours due to a security audit. Click here to re-verify your credentials." Attackers know that losing remote access to SCADA systems feels critical.
Stage 03 — Collection

Credentials Are Harvested

You're directed to a convincing fake portal where your login, OTP, or personal data is captured and sent to the attacker.

Energy sector example: A cloned single sign-on page at "adnoc-portal-verify.com" — identical in appearance but controlled by the attacker. Once credentials are entered, they gain access to internal systems and operational technology networks.
Interactive Analysis

X-Ray a Phishing Email

Click on the highlighted elements to reveal what makes this email dangerous. Find all 5 red flags.

Inbox — 1 new message
From: ADNOC IT Security <security@adnoc-itsupport.net> 1
Fake domain! The real ADNOC domain is @adnoc.ae — "adnoc-itsupport.net" is registered by the attacker. Always check the full email address, not just the display name.
To: all-employees@adnoc.ae
CRITICAL: Your account will be suspended in 2 hours 2
Urgency pressure! Creating a tight deadline ("2 hours") is a manipulation tactic. Real IT teams don't threaten account suspension via email with a countdown.
Dear Employee,

Our security system has detected unusual login activity on your corporate account from an unrecognized device in Dubai Marina3
False specificity! Adding a real location ("Dubai Marina") makes the lie feel credible. Attackers use familiar local details to trigger alarm and bypass rational thinking.
.

To prevent account suspension, you must verify your identity immediately by clicking the secure link below:

4
Phishing URL! "adnoc-secure-verify.com" is NOT an official ADNOC domain. The attacker registered a convincing-sounding domain. Official portals are on adnoc.ae only.


Failure to verify within 2 hours will result in permanent account deactivation and loss of access to all ADNOC systems including email, VPN, and SAP.5
Escalating threats! "Permanent deactivation" + listing specific systems (email, VPN, SAP) amplifies fear. No legitimate IT process permanently deletes accounts without multiple warnings through official channels.


Best regards,
ADNOC Information Security Team
Red flags found: 0 / 5 — click the suspicious elements above
Threat Detection

Red Flags to Watch For

Train your instincts. These indicators help you identify a phishing attempt before it compromises security.

Urgency & Threats

"Act now", "account suspended", "immediate action required" — pressure designed to override caution.

Credential Requests

Asking for passwords, OTPs, or access codes. Legitimate teams never request these via email.

Suspicious Links

URLs with misspellings, extra characters, or unfamiliar domains — hover before you click.

Unexpected Attachments

Files you didn't request, especially .exe, .zip, or macro-enabled documents from unknown senders.

Impersonation

Messages that "feel off" — unusual tone, formatting errors, or requests outside normal procedures.

Unknown QR Codes

QR codes in unexpected places — emails, printouts, or shared areas without clear origin.

Spot The Difference

Fake vs. Real Login Page

Drag the slider to compare a phishing login page with the real one. Can you spot the differences?

⚠ Fake ✅ Real

⚠ Fake Page Red Flags

• Wrong domain: adnoc-portal-login.com
• No HTTPS lock icon
• Spelling errors ("Employe", "Adress", "Pasword")
• Asks for OTP on login page
• Urgency in button text

✅ Real Page Indicators

• Official domain: adnoc.ae
• HTTPS with lock icon
• Correct spelling throughout
• No OTP field on login
• Clean, professional button text

Defense Protocols

How to Protect Yourself

Six essential practices that form your personal security perimeter — as critical as any firewall protecting our infrastructure.

01

Verify the Sender

Always confirm the sender's identity through a separate, trusted channel before responding to unusual requests.

02

Inspect Before You Click

Hover over links to preview the actual URL. Check for misspellings, extra characters, or unfamiliar domains.

03

Never Share Credentials

Passwords, OTPs, and access codes must never be shared via email, message, or phone — no exceptions.

04

Verify URLs Carefully

Before entering credentials, check the website address. Use official apps and bookmarked links instead of email links.

05

Use Official Channels

Access corporate systems through approved applications and bookmarks — never through links in messages.

06

Question Urgency

If it feels urgent or unusual — pause. Real emergencies are handled through established protocols, not email links.

Security Assessment

Test Your Awareness

Can you spot the phishing attempts? Analyze each email scenario and decide — is it real or fake?

Outlook — Inbox
Inbox 5
Sent
Trash
0/5

Enter your name to generate your certificate:

If something feels urgent or unusual —
stop and verify before you act.
Report Suspicious Activity
Contact your IT or Security team immediately — even if you're unsure.