Tax Authority Phishing Campaign Targets Israelis with Fake Grants

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW israel
Tax Authority Phishing Campaign Targets Israelis with Fake Grants

Cyber News - Erez Dasa reports a widespread phishing campaign targeting Israelis, impersonating the Tax Authority. Attackers are sending SMS messages claiming “grants” or “investigations on behalf of the Authority,” leveraging social engineering to trick recipients.

The initial vector appears to be compromised Israeli companies. Cyber News - Erez Dasa indicates that the phishing emails are being sent from an Israeli company whose systems the attackers have somehow accessed. This suggests a potential supply chain angle or a broader compromise within the local ecosystem, making this more than just a simple spam run.

This isn’t opportunistic; it’s targeted. The use of an Israeli company’s infrastructure adds a layer of legitimacy to the phishing attempts, increasing the likelihood of success. Defenders need to recognize that attackers are increasingly leveraging local context and compromised legitimate infrastructure to bypass typical email security controls.

What This Means For You

  • If your organization operates in Israel or interacts with Israeli entities, immediately warn your employees about this specific phishing campaign. Emphasize vigilance against unsolicited SMS and emails from the Tax Authority, especially those promising grants or threatening investigations. Verify all such communications through official channels, not by clicking links. Review your email security logs for any outbound phishing attempts originating from your domain, as attackers may have compromised your systems as well.

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1566.001 Initial Access

Phishing Campaign Impersonating Israeli Tax Authority via SMS

Sigma YAML — free preview
✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Export via Bot →

Written by SCW Threat Desk

Take action on this incident
📡 Monitor taxes.gov.il Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on Israeli Tax Authority All breaches, IOCs & vendor exposure

Related Posts

AI Unearths Hundreds of Firefox Vulnerabilities, Prompting Critical Patch

Cyber Updates - Asher Tamam reports that Mozilla has released a critical update for Firefox, patching 359 security issues. Significantly, a large portion of these...

israelvulnerability
/SCW Vulnerability Desk /MEDIUM /⚙ 3 Sigma

Israel's Cyber Power: A Look at Its Strengths and Challenges

Cyber News - Erez Dasa highlights the significant advancements and capabilities of Israel's cybersecurity sector. The analysis points to a robust ecosystem driven by a...

israel
/SCW Threat Desk /MEDIUM

Seiko USA Hit by Suspected Shopify Breach and Extortion

Cyber Updates - Asher Tamam reports that Seiko USA's website experienced a defacement on its 'Press Lounge' page, which displayed an extortion message. The attackers...

israeldata-breach
/SCW Threat Desk /MEDIUM