A new fraud campaign is trying to exploit what Israelis are most sensitive to these days — personal security. Many people reported Thursday morning receiving SMS messages impersonating official alerts from the Home Front Command, the Israeli military body responsible for civilian emergency preparedness. The messages appear credible, use formal language and sometimes even arrive within existing message threads, making the scam harder to detect. In practice, they include a malicious link to download what is presented as an app for “staying in shelters.”
Israel’s National Cyber Directorate said the messages are not part of any official initiative but rather a classic phishing attempt aimed at getting users to click the link and download a malicious file. Clicking could lead to the theft of personal information, login credentials or even full control of the device.
2 View gallery
Cyber Directorate warns of malicious message
(Photo: National Cyber Directorate warning, screenshot)
And it does not stop at the link. According to cybersecurity firm Check Point, this is a relatively sophisticated campaign, featuring imitation of official language and, in some cases, forged “verification certificates” or packaging that appears legitimate. In certain instances, attackers have also hijacked existing systems, such as mailing or SMS services, to send messages from real databases, including sender names that appear familiar.
It is important to stress: the Home Front Command does not distribute app download links via SMS. Any such message should be considered suspicious by default.
The bottom line: the guidance remains simple — do not click on links in messages, do not share personal information and download apps only from official stores. When in doubt, do not proceed.
At the same time, many people reported receiving SMS messages purportedly sent directly from Iran’s Islamic Revolutionary Guard Corps, or IRGC, a powerful branch of Iran’s military. The messages read: “Netanyahu is dead. Death is approaching you and soon the gates of hell will open before you. Before the fire of Iranian missiles destroys you, leave Palestine.”
2 View gallery
The malicious message sent to Israelis: 'Netanyahu is dead'
(Photo: National Cyber Directorate warning, screenshot)
A review by ynet with the National Cyber Directorate found this follows a well-known pattern of intimidation messages that repeatedly resurfaces. Attackers manage to breach customer messaging interfaces, especially those protected only by a password without two-factor authentication. From there, they use existing contact databases, change the sender name and distribute impersonation messages on a large scale.