As the State of Israel finds itself at war with Iran, public attention is rightly focused on headlines about strikes, interceptions, and political declarations. Yet there is another arena operating in parallel, quieter, but no less dangerous. It is a battlefield without sirens, without Iron Dome, without smoke. It arrives as an innocent-looking text message.
Let me state this clearly: the war with Iran is also unfolding inside your smartphone.
In recent weeks, we have witnessed a sharp increase in phishing attacks targeting Israeli civilians. This is not random spam. These are coordinated, highly targeted campaigns designed to exploit the current security situation and the heightened state of alert among the public. The messages appear entirely legitimate: an urgent security update, a notice from your bank regarding “unusual activity”, a link from a delivery company requesting verification, or a text impersonating an official government body.
The wording is professional. The Hebrew is flawless. Logos are replicated with precision. Sometimes even the sender’s name appears familiar. Everything is engineered to prompt you to do one thing: click. And that is all the attacker needs.
A single click can lead to a fraudulent website that perfectly imitates a legitimate one, where you are asked to enter login credentials, an ID number, credit card details, or a verification code sent to your phone. From that moment, the attacker may gain control over accounts, reset passwords, access email systems, and in some cases even penetrate organizational networks through an employee who simply wanted to “check a message.”
In conventional warfare, the objective is to damage infrastructure. In cyber warfare, the objective is to erode trust, to make the public feel exposed, uncertain, destabilized. This is psychological warfare no less than it is technological warfare.
The Israel National Cyber Directorate has repeatedly warned of a surge in phishing and social engineering attempts during periods of heightened security tension. This is no coincidence. When people are anxious, searching for information, and expecting urgent updates, they are less likely to pause and verify.
The safest approach is simple: do not click on links in unsolicited messages, even if they appear entirely credible. Do not enter personal information simply because a message “looks official.” In today’s digital reality, the human eye alone can no longer reliably distinguish between authentic and malicious content.
It was precisely out of this understanding that SCANMYSMS was established, a platform that allows any citizen to forward a suspicious message and receive a rapid assessment as to whether it is phishing or legitimate. Instead of guessing, instead of gambling, users can submit the message and receive a clear response. The platform also offers a dedicated bot for WhatsApp and Telegram, enabling simple and accessible verification. SCANMYSMS operates in cooperation with national cyber authorities as part of a broader effort to protect the public from evolving cyber threats.
Every day, I encounter intelligent, responsible, law-abiding individuals who have fallen victim, not because they lack technological knowledge, but because the message reached them at a vulnerable moment. In the middle of a workday. After a siren. Between one news alert and the next. That human moment is precisely what adversaries exploit.
When a citizen submits a message to SCANMYSMS and it is identified as phishing, CYVORE responds immediately on several fronts. First, the system verifies and classifies the threat, identifying the nature of the malicious link or social engineering tactic. Second, users receive immediate guidance on how to protect their device and accounts if exposure has occurred. Third, anonymized threat intelligence contributes to ongoing system improvements, enabling the identification of emerging attack patterns and strengthening public defenses against future campaigns.
Ori SegalPhoto: CyvoreIt is important to clarify: scanned data is not stored. Cyvore’s systems do not identify or retain the sender’s phone number or personal details. The platform analyzes only the content of the message itself.
Israel’s strength has always been rooted in mutual responsibility. Today, that responsibility must extend into cyberspace. If you receive a suspicious message, do not ignore it verify it, report it, warn others. Awareness protects not only bank accounts, but national resilience.
The war with Iran is not fought solely in the skies or along the borders. It is fought in the pockets of every citizen. The messages may appear harmless, even polite. But behind them may stand a hostile actor searching for an open door.
Ori Segal is the CEO of Cyvore