Quite a few Israelis received a frightening message this morning (Tuesday) which read: “Important: You must enter, there is suspicious activity.” The wording is not satisfied with a neutral SMS, but is worded as a call for an immediate response: take action – and click on the malicious link attached. The Israeli information security company ESET estimates that a significant percentage of the population received this message.
This is, of course, a scam and the right move would be easy to ignore. “From an initial check we did, as soon as the recipient clicked on the link, it came to a landing page that includes the Paypal logo, where it was asked to enter its email address, and then the password,” ESET said.
According to them, the link is currently inactive. In addition, the information security company emphasizes that this is a popular way of collecting user account information which can be used both to cause damage to the account and to try to gain access to additional services in which users are attacked with the same login information.
“Intimidation is the most common and effective phishing tactic. The general public tends to act quickly when it comes to security alerts, whether when browsing websites that pop up such alerts, or whether so-called alerts are sent in text messages or emails,” says Lotem Finkelstein, director of cyber intelligence. At Check Point.
“These phishing messages will usually be laconic, and will use an abbreviated link (in this case cutt[.]ly) which does not disclose the identity of the site to which the victim will be directed. “In order to find out more details about the security alert, the regular user will browse and then provide identifying details as needed,” Finkelstein added.