Israel National Cyber Directorate Warns of Increase in Cyberattacks Ahead of Jewish “Holiday of Love”
During this period, attacks typically involve the multiplication of fake websites and messages, romantic phishing attempts, disruption of dating sites, leaking sensitive information, and social engineering attacks
Cybertech
| 27/07/2023
Photo: Oriental Image via Reuters Connect
The Israel National Cyber Directorate (INSD) and the Privacy Protection Authority have issued a warning regarding the potential exploitation of the upcoming Hebrew holiday of Tu B'Av (the “holiday of love”) for various cyber-attacks.
During this period, attacks typically involve the multiplication of fake websites and messages, romantic phishing attempts, disruption of dating sites, leaking sensitive information, and social engineering attacks that utilize artificial intelligence technologies to create deceptive presentations with the intent to scare.
The INSD has sent a severe warning letter today to website owners and hosting companies, providing them with guidelines to take protective measures for their websites and customers' personal information.
Hackers tend to exploit special commemorative days to carry out cyber-attacks. For instance, around Valentine's Day in February, there is usually an increase in fake websites impersonating shopping sites, attempting phishing, stealing financial and personal information, disrupting dating platforms, spreading fear, and deploying malware-laden files or links with Valentine-related names. For example, the cybercrime group GandCrab in the US exploited Valentine's Day to distribute a harmful file named "Love Letter."
In light of this, it is expected that hackers will attempt similar attacks in Israel during Tu B'Av (starting this year on the evening of August 1st and ending 24 hours later). The National Cyber Array and the Privacy Protection Authority recommend citizens to be cautious and actively approach hosting companies to strengthen their defenses and protect customers' data.
Additionally, they are working to reduce the impact of phishing messages that may try to exploit this day and are warning specific companies about potential vulnerabilities in their systems.
Recommendations from the National Cyber Array and the Privacy Protection Authority for citizens:
- Verify and identify fake websites - Ensure you are accessing reliable and known websites, check social media pages, look for contact information (address and phone number), and make sure the website URL starts with "https," displaying a closed padlock symbol and without spelling errors.
- Beware of phishing attempts - Be cautious of suspicious messages exploiting Valentine's Day to extract personal information or distribute malicious software. Avoid clicking on links or attachments and browse websites independently through a search engine.
- Update devices for online purchases - Keep your operating system, applications, and browser up-to-date, install reputable antivirus software and firewall.
- Add additional authentication to passwords - Use two-factor authentication when registering on websites or applications, such as receiving a code via text message.
- Limit sharing personal information - Minimize sharing sensitive information and intimate photos on various online platforms, especially dating websites, and be aware that such data might be exposed. Avoid using your work email for personal purposes.
- Protect credit card information - Make sure the website has a PCI DSS standard for handling payment details. Monitor charges, use credit card verification, or opt for digital payment platforms or prepaid cards.
- Be cautious of fear and disruption attempts on websites - If you encounter a website where the content has been replaced with threatening or fake content, refrain from clicking on links and close the browser. Also, be vigilant about fearmongering attempts on social media and avoid joining unclear groups.
- Be wary of sextortion attempts - As a general rule, avoid sharing intimate photos on any online platform. If you receive a message from a hacker claiming to have explicit images of you, report it to the authorities.
During this period, attacks typically involve the multiplication of fake websites and messages, romantic phishing attempts, disruption of dating sites, leaking sensitive information, and social engineering attacks
Photo: Oriental Image via Reuters Connect
The Israel National Cyber Directorate (INSD) and the Privacy Protection Authority have issued a warning regarding the potential exploitation of the upcoming Hebrew holiday of Tu B'Av (the “holiday of love”) for various cyber-attacks.
During this period, attacks typically involve the multiplication of fake websites and messages, romantic phishing attempts, disruption of dating sites, leaking sensitive information, and social engineering attacks that utilize artificial intelligence technologies to create deceptive presentations with the intent to scare.
The INSD has sent a severe warning letter today to website owners and hosting companies, providing them with guidelines to take protective measures for their websites and customers' personal information.
Hackers tend to exploit special commemorative days to carry out cyber-attacks. For instance, around Valentine's Day in February, there is usually an increase in fake websites impersonating shopping sites, attempting phishing, stealing financial and personal information, disrupting dating platforms, spreading fear, and deploying malware-laden files or links with Valentine-related names. For example, the cybercrime group GandCrab in the US exploited Valentine's Day to distribute a harmful file named "Love Letter."
In light of this, it is expected that hackers will attempt similar attacks in Israel during Tu B'Av (starting this year on the evening of August 1st and ending 24 hours later). The National Cyber Array and the Privacy Protection Authority recommend citizens to be cautious and actively approach hosting companies to strengthen their defenses and protect customers' data.
Additionally, they are working to reduce the impact of phishing messages that may try to exploit this day and are warning specific companies about potential vulnerabilities in their systems.
Recommendations from the National Cyber Array and the Privacy Protection Authority for citizens:
- Verify and identify fake websites - Ensure you are accessing reliable and known websites, check social media pages, look for contact information (address and phone number), and make sure the website URL starts with "https," displaying a closed padlock symbol and without spelling errors.
- Beware of phishing attempts - Be cautious of suspicious messages exploiting Valentine's Day to extract personal information or distribute malicious software. Avoid clicking on links or attachments and browse websites independently through a search engine.
- Update devices for online purchases - Keep your operating system, applications, and browser up-to-date, install reputable antivirus software and firewall.
- Add additional authentication to passwords - Use two-factor authentication when registering on websites or applications, such as receiving a code via text message.
- Limit sharing personal information - Minimize sharing sensitive information and intimate photos on various online platforms, especially dating websites, and be aware that such data might be exposed. Avoid using your work email for personal purposes.
- Protect credit card information - Make sure the website has a PCI DSS standard for handling payment details. Monitor charges, use credit card verification, or opt for digital payment platforms or prepaid cards.
- Be cautious of fear and disruption attempts on websites - If you encounter a website where the content has been replaced with threatening or fake content, refrain from clicking on links and close the browser. Also, be vigilant about fearmongering attempts on social media and avoid joining unclear groups.
- Be wary of sextortion attempts - As a general rule, avoid sharing intimate photos on any online platform. If you receive a message from a hacker claiming to have explicit images of you, report it to the authorities.
