The National Insurance Institute (Photo: Reuven Castro)
Did you receive a notification about a problem with the means of payment in your National Insurance account?
Do not click on the link!
Thousands of Israelis have received SMS messages in recent days that allegedly warn that the means of payment is not valid.
This is a phishing campaign, designed to steal money from your credit card, under the guise of updating details.
The National Insurance reported the sites to the National Cyber System and clarified that there is an immediate need to address the issue and take down the impersonating sites.
"We have detected that one of your payment methods is not valid. The payment method must be updated on our website to avoid execution procedures, and interest arrears," the message reads (errors in the source).
As you can see in the message, the attached address is bituhleumi.com, while the real address is btl.gov.il.
Want to get technology updates before everyone else?
The message impersonating the National Insurance (photo: screenshot)
Ofir Ben Avi, Deputy Director of Information Systems of the National Insurance: "When entering the National Insurance websites and our service channels, you should make sure that the web address ends with gov.il and not with any other suffix. Our cyber system discovered the impersonation and we activated the relevant agencies to deal with the issue."
"The so-called website is partly copied from the real website of the National Insurance, but it is not the official website and its purpose is to steal credit card information. This is done by requesting entry using a one-time code.
or stealing login information to the official National Insurance website," says Lotem Finkelstein, head of the Intelligence and Research Department at Check Point. Finkelstein added. "Usually the messages are worded with a high sense of urgency, and this is in order to confuse the victim before handing over credit card information or any Another personal detail".
More in Walla!
Shachel's TripleSafe - 3 devices that save lives, and now - one as a gift
Served on behalf of Shachel
Two iron rules from the cyber security company Check Point:
1. Private companies and certainly government organizations do not ask to update credit card details in text messages and even more so will not ask for full credit card details including CVV digits.
2. It is better not to click on links sent in suspicious messages, and instead to browse the website you know and identify with the content of the message, if the content of the message is legitimate, the official website will provide a satisfactory explanation.
May Brooks-Kempler, cyber expert and founder of the "Safe Online" community on Facebook: "On a basic level, the recommendation is to never click on a link received in an SMS. Since it is possible with simple means to produce a message that looks reliable, including one that came from a known sender, the chances of falling victim to fraud are high if you received A message that requires an action, it is recommended to open a browser, search for the address of the provider in question and from there enter the personal area. If an action needs to be taken on the account, it will appear there."