The Jerusalem Post
IEC warns customers about phishing messages
Israel Electric (IEC) warned customers Wednesday that scammers were sending SMS messages instructing people to “settle the debts in their accounts” with the nation’s largest electricity supplier.
People clicking the link in the message would be taken to a page where they would be asked for their identification number and credit card details.
“For several months, IEC has been receiving alerts from customers about fraud attempts with a demand to update their details and a threat to suspend their account if it is not done immediately,” IEC said. “Text messages sent on behalf of IEC contain the customer’s contract number, and the only viable link is to our official website. You should not act on these messages or respond to them.”
“An investigation we conducted on the messages found that the latest phishing messages to IEC customers were sent by an attacker who operates several sites that also impersonate other infrastructure providers like Hot and Bezeq,” said Nadav Avital, head of the research group at Tel Aviv cybersecurity company Imperva. “Phishing messages of this type usually direct customers to debt payment pages that look visually identical to the service provider’s and rely on design and images taken from the original sites. Payment details are sent directly to the attacker. Suspicious sites we found, and that should be avoided, include my-bez.com, bintcd. com, iinfoiec.net, lirhotit. com, beuld.net, btclysc.net and iinfoiec.com.”
“SMS phishing has become a more popular form of attack lately,” noted Reuben Braham, VP of Marketing at Petah Tikva-based CyberInt. He suggested taking several steps to keep safe in such cases.
1. Do not click on links in an SMS and enter credit card and personal details, even in the case that it seems reasonable.
2. Do not rush to enter personal details and phone numbers on websites. Hackers can attack such sites and sell the personal details of consumers.
3. Call the organization’s customer service and settle the matter with the organization directly.
4. Use filtering services to block numbers known for malicious attacks.