Not only through SMS: in recent times there have been increasing reports of new-old fraud centered on a similar pattern of operation - attackers call communities of expatriates from the Commonwealth of Nations (in Russian) and pretend to be representatives of bank officials, credit card companies or Israeli police officers.
In the conversation, they try to put pressure on the victim, allegedly updating that they detected fraud on the bank account or credit card and asking to provide a code sent to the user's phone - in order to gain access to the bank account.
In addition, this method of operation has now been reinforced - sending a fake police ID.
"Someone called my mother in Russian and introduced himself as a police officer who had come to check that money had not been stolen from a bank account, and at the last minute I stopped her from giving him the code," says C in a conversation
"It turned on red lights for me because he also sent a police ID on WhatsApp. When we checked the number on True Caller, it said 'Nazareth Station', and another number he dialed from said '
So how does this scam work?
Actually, quite simply
"What we see here is a combination of existing capabilities in the applications (registering yourself in True Caller however you want) with the utilization of prior information that the attacker had about the victim. Such information can come from databases that were leaked in previous attacks and are offered for sale on the dark web," the company explains Israeli cyber security Check Point.
"This combination gives the attacker a kind of credibility in the hands of the victim, even though there is no reason for a police officer to mess with bank accounts and passwords in a
Forgery at a reasonable level: the certificate sent on WhatsApp (photo: screenshot)
Check Point also added: "We live in an era where our information is in the hands of many parties, and it is enough that one of them does not protect it properly, and the information ends up in the wrong hands who use it for more targeted attacks. The best solution for our dealings as a broad public is awareness of this situation , not to share personal information with any unauthorized party, suspect and share only after we have received unequivocal proof from a reliable source that the case presented to us is authentic."
"This is a well-known sting from around the world, and not a particularly sophisticated one (a poorly forged police ID), which mainly targets the Russian audience and especially its older generation," explains Tom Malka, a cyber threat intelligence researcher, in a conversation with Walla!
"It is important to note that you should always check with your bank and Moked 100 for any suspicions that may cost you, the attackers will try as much as possible to exert pressure in order to influence your judgment."
According to May Brooks-Kempler, a cyber expert and founder of the "Safe Online" community on Facebook, "Spoofing an ID number as done in this case is essentially similar to the familiar attack that includes spoofing the origin of SMS messages, as we have seen in the past in messages impersonating the Israel Post, the various banks, etc."
Fraud: the number is stored in True Caller as the Nazareth police station (photo: screenshot)
How to beware of cases like this?
In the past, the National Cyber System referred to similar cases, and published a series of recommendations that should be well remembered:
Do not give the username and password to the bank or credit card company to any party.
If you did not initiate the call, do not give the verification code sent to you from the bank or credit card company to anyone - this is access to your account!
Don't make transfers from your bank account or through payment apps to parties you don't know - even if they sound very reliable!
A request to withdraw funds from the account and transfer them via Change to accounts abroad is a suspicious request!
Pay attention to calls from alleged representatives of the bank, credit card company or the police who speak only Russian.
Ask the representative to speak in Hebrew or hang up and call the bank, the credit company or the police independently according to the numbers published on their website.
Trying to stress and claim that there is a police investigation is a warning sign - even if the representative sends a photo that supposedly confirms his identity.
Please note that this may be a fake certificate.
Hang up and contact the police by dialing 100.
Be alert to attempts to get personal details from you - the bank's representatives will not try to extract these details from you, even if they called from the bank's legitimate number.
In case of any suspicion - hang up and contact your bank or credit card company directly to report the incident.
privacy and security