Even though Israel has concluded its military campaign against Iran, it’s clear that the war is far from over. It has simply shifted fronts. The missiles may have stopped falling, but in the background, a far more insidious, silent, and sophisticated assault continues: cyber warfare and phishing.
At just the moment when the public is trying to return to normal, to breathe – economically and emotionally – digital threats are intensifying. Critical infrastructure, businesses, and even ordinary citizens have all become easier targets of increasingly advanced attacks.
Windows of vulnerability
Scams do not disappear when the cannons fall silent. On the contrary, they escalate. Cybercriminals and hostile state actors recognize that post-crisis recovery periods are windows of vulnerability, times when it is easier to infiltrate systems, disrupt operations, and steal money or data.
We are still seeing impersonation attempts targeting banks, postal services, government agencies, and security organizations – not only for criminal profit, but to erode public trust and undermine social and economic stability.
“Official” SMS messages demanding small payments or identity confirmation are just the tip of the iceberg. An erroneous click by an employee or opening the wrong email can cost a business hundreds of thousands of dollars or lead to leakage of strategic information.
The lesson is clear: the digital war doesn’t end with a ceasefire. It demands vigilance, investment, and resilience, no less than does the military effort.
Where we once spoke of phishing as an “online trick,” today it is unmistakably a strategic tool of warfare. Even without sirens to warn us, it strikes exactly where we are most vulnerable – at the heart of the economy, our trust, and our sense of security.
Who is hit the hardest by scamming?
Who is hit hardest? Exactly those who most need protection in times of crisis: the elderly, discharged soldiers, and small business owners. People waiting for social security reimbursements or government aid fall into traps such as fake tax refunds. Their bank details, identity, and sometimes even their entire life savings are stolen.
There are different types of phishing to watch out for: email phishing (messages from seemingly legitimate organizations prompting link clicks or credentials entry); spear phishing (targeted messages using personal information); smishing (SMS messages with malicious links or requests); business email compromise or BEC (fraudulent emails sent from a hijacked executive account); fake websites (replicas of real websites to trick users); QR code phishing (QRs leading to malware or spoofed sites); and deepfake fraud (AI-generated voices or videos used for deception).
The following are real examples of fraud that have taken place in Israel: impersonation of the postal service via email, SMS, and fake websites requesting small payments and stealing credit card data; bank impersonation through spear phishing emails threatening account suspension; smishing texts from “National Insurance” offering fake tax refunds; executive fraud at an Israeli defense firm where a fake email nearly triggered a massive transfer; deepfake voice fraud mimicking a partner’s voice for fund transfers; impersonation of delivery services like Wolt, FedEx, and UPS with fraudulent links.
Combatting these attacks
To combat these attacks, the following measures must be implemented: accelerated digital literacy efforts during emergencies by the Defense Ministry, Finance Ministry, local authorities, and banks; stricter laws treating digital fraud during wartime as a severe crime; real-time blocking of fake websites, phone numbers, and servers; deployment of phishing detection technologies capable of intercepting threats before they reach users.
The enemy doesn’t always come bearing arms; sometimes it arrives bearing a link promising a package. The battle for our home is waged not only at the borders, but through the digital channels we use daily: email, video calls, SMS, WhatsApp, and beyond.
The bottom line is that we must treat phishing not as a trivial Internet nuisance, but as part of our national defense effort – so that we may prevail not just on the battlefield, but in the digital domain as well.
The writer is a co-founder and CEO of Cyvore.