Fake shelter alerts and death threats: phishing attack targets Israelis
Thousands of Israelis received false SMS messages on Thursday in a phishing attempt widely believed to have been by Iran.
Fake phishing messages saying “Emergency alert: Please enter a shelter” with a misspelling, and another one saying “To say goodbye to your loved ones; but don’t worry, you’ll hug them in hell in a few hours,” also grammatically incorrect, that were sent to thousands of Israelis at night on Sept. 19, 2024. Screengrab by TPS-IL
The messages followed a two-day wave of explosions targeting Hezbollah’s communication devices across Lebanon and in Syria.
Some of the messages falsely warned Israelis to immediately seek shelter, but others were more threatening. Some people were told to, “say goodbye to your loved ones,” with whom they “will reunite in hell shortly.”
All included a link for users to click, although there were no specific instructions to do so.
“When I woke up and saw a new message, I thought it might have been mistakenly filtered as spam, so I opened it,” Daniella, a resident of northern Israel, told The Press Service of Israel. “It was asking me to enter a shelter, but something felt off because Home Front Command usually sends alerts via their official app or through SMS with specific language. When I checked the news, I saw it was fake.”
Daniella then noticed similar reports circulating on social media. “I saw posts in a group I follow, and others were reporting getting the same message. Some even received direct death threats.”
She added that her partner quickly spotted a spelling in error in the message.
“The spelling mistake in Hebrew was a big clue — it wasn’t written by someone fluent in the language. Usually, messages with errors like this are phishing scams,” Daniella noted.
Every message saying, “Emergency alert: Please enter a shelter,” misspelled the Hebrew word for shelter.
Cybersecurity expert Eyal Shimoni explained to TPS-IL that phishing attempts like this are more common during times of heightened tension. Shimoni is the CEO Yazamco Pro, a Petah Tikva-based company that provides IT and cybersecurity services.
“These messages, which pretend to be from Home Front Command or other official entities, are rare but not unheard of, especially when people are on edge, like during the current situation in the north. They even may achieve significant ‘success’ among those attempting to harm Israeli civilians with scams of this kind, especially given the real concern that hostile actors from Iran or elsewhere are involved,” Shimoni said.
“The goal of these phishing attacks is to steal personal information or perhaps infect the user’s device with malware. The content of the message usually has nothing to do with what the attackers are actually trying to achieve—it’s all about getting people to click the link,” he explained.
Shimoni noted that despite efforts to raise awareness, many people still fall for these scams.
“Unfortunately, too many people panic and click on links in these messages. My advice is simple: never click on any link if you’re unsure of its source, especially during such tense times.”
Following the phishing wave, the Israeli Internet Union released a set of guidelines to help citizens avoid falling victim to such scams. Users who clicked on the phishing links were instructed to change their passwords and enable two-step authentication on important accounts.
“What is really infuriating is that cellular companies and other organizations allow citizens’ personal information to leak out, or even sell our details,” Daniela said with frustration. “But in this case, whoever sold the personal phone numbers of citizens, sold them to the devil.”
