The Shin Bet (Israel Security Agency) uncovered operations by Iranian intelligence to lure Israeli businessmen and academics abroad in order to kidnap or harm them and to gather intelligence, according to an announcement on Thursday.
The Iranian operatives stole the identities of foreign and Israeli academics, journalists, reserve officers, businessmen and philanthropists and used the stolen identities and relevant cover stories in order to gather intelligence about Israelis and to lure them to locations abroad in order to kidnap or harm them.
The operatives would send an email from an address that was similar to the authentic address used by the person whose identity had been stolen, changing just a letter or symbol, before asking the target to switch to a WhatsApp conversation. The operatives used real information that could be verified by a check on the Internet.
The Israelis who were contacted did not respond and alerted security forces about the attempts.
In one case, an operative disguising himself as Swiss researcher Prof. Oliver Thränert, sent an invitation to an academic conference in Europe from the email address Oliver.thranert@sipo.gess.ethz.ch, which is similar to Thränert’s real email.
The operative pretending to be Thränert contacted a number of Israeli citizens and sent them files and links that were said to be related to the conference. The citizens who were contacted were suspicious and contacted the real Oliver Thränert, who denied the existence of the conference and expressed concern that his email had been hacked.
The Shin Bet said that a number of Israelis were already on the verge of traveling abroad in order to attend the fake “conference” and the exposure of the Iranian operations prevented this.
In another case, the operatives stole the identity of Daily Telegraph journalist Con Coughlin, who also writes for the Gatestone Institute, and offered Israelis the chance to write an article for the institute. The operatives used the email coughlin@gatestoneInstitute.org, which is similar to Coughlin’s real email.
In yet another attempt, the operatives impersonated a Russian man calling himself “Nikolai” who presented himself as an assistant to Russian billionaire Andrey Andreev. The operative offered to meet Israelis of Russian descent abroad while stressing that Andreev had connections with officials in Armenia.
The Shin Bet referenced another recent announcement it had made about Iranian operatives using fake social media profiles in an attempt to gather intelligence and harm Israels, warning that these attempts were continuing, with the fake profile “Sophia Walsh” recently being uncovered as one of these accounts.
The security agency called on Israelis to be cautious of suspicious emails that come from addresses that are similar to the authentic address and are accompanied by a request to switch to WhatsApp on an unfamiliar phone number. If the person avoids a video call or sharing a face photo, that’s another red flag.
Unusual invitations to unique or prestigious conferences accompanied by a showering of praise about the Israeli target in a way that does not necessarily match reality is another red flag, according to the Shin Bet.
The agency warned against sharing personal details or responding in any other way, and asked that anyone who receives such an email contact security officials.
“As part of the affair, many profiles were used by Iranian intelligence agencies, and a great deal of information was gathered about the factors behind their operation,” said a senior source in the Shin Bet. “Among other things, the vigilance of the citizens approached contributed to successfully thwarting serious incidents.”
The Shin Bet warned earlier this month that Iran and its proxies have increasingly focused on contacting Israelis through the Internet in order to recruit them to gather intelligence and conduct terrorist activity.
Terrorist groups, including Hamas, have often used fake Facebook accounts to target Israelis as they attempt to gather intelligence.
Last month, Cybereason reported tracking two Hamas-affiliated groups that were targeting Israeli individuals with sophisticated social engineering techniques, in an attempt to deliver spyware to extract sensitive information from Windows and Android devices.
The Hamas groups used fake Facebook profiles to trick targeted individuals into downloading direct message applications infected with malware for Android and PCs.