Did you receive an SMS from the electricity company with a request to “settle the debt in their account”? You should be careful: A., a resident of the center of the country, received the threatening message – hurried to pay, and was charged with the credit card for 15,000 shekels from an unknown source.
This is a scam from which IEC alerted last week, when the malicious link attached to the SMS leads to a site identical to the official IEC official website, where customers are asked to provide an ID number and credit card information.
“On Saturday, I received the message that I had to settle a debt,” A. says in a conversation with Walla! technology. “I clicked on the link to pay, filled in all the personal details including a credit card number, and after I paid I remembered that I had a standing order for the electricity bill.”
This morning (Sunday), A. turned to the IEC to find out if it really was a debt she was required to pay, and in a conversation with customer service, she learned that the message she received was a known fraud. Then, when she checked the credit card – she found that she was charged an astronomical amount. “I saw charges of NIS 15,000 and called the credit company to block the card.”
“For several months now, the IEC has been receiving alerts from customers who report fraud attempts that include receiving a demand, via e-mail or mobile message, to update details, while threatening to suspend an account if they are not answered immediately,” the IEC said.
“The IEC reiterates that text messages on behalf of the IEC contain the customer’s contract number, and the only current link is the IEC’s official website. It should not be referred to or replied to,” they stressed.
Nadav Avital, head of the research group at Imperva: “An investigation we conducted found that the latest phishing messages to IEC customers were sent by an attacker who operated several sites in recent months that most likely impersonate various Israeli infrastructure providers such as IEC, Hot, Bezeq.”
“Phishing messages of this type usually direct customers to debt payment pages that look visually identical to the service providers and rely on design and images taken from the original sites,” Avital added. “Payment details are sent to the site under the control of the attacker. In an inspection, we found evidence of a site related to the latest campaign, which contains a number of files detailing usernames and payment details.”