Impersonation of financial services companies in phishing fraud is a growing threat to the financial sector and to the public’s confidence in the banking system. Behind apparently innocent messages lies a sophisticated and growing industry of cyber fraud that exploits human weaknesses to steal personal information and credit data.
Despite the efforts of financial services companies in protection and publicity, the number of attacks keeps rising, and the ability of consumers to distinguish between truth and forgery is eroding. The data indicate tens of thousands of malicious links, methodical impersonation of leading players in the sector, and regulatory challenges that make an effective response difficult. What is the extent of the phenomenon, and how should we guard against it?
Tens of thousands of messages
Although the phenomenon has been with us for many years, according to Israeli cybersecurity Check Point a rise of more than 340% has been identified in the use of malicious SMS messages directed to Israel since the beginning of March 2025. The Israel National Cyber Directorate says that so far this year it has dealt with 43,000 harmful links. Each such link is sent to as many as tens of thousands of people.
According to the Directorate’s figures, a considerable portion of the impersonations are of financial services companies, headed by Cal (Israel Credit Cards), followed by Bank Leumi, payments app Bit, credit card company Isracard, Bank Hapoalim, and PayPal.
"We work 24/7 to monitor and prevent phishing fraud using a variety of mean of detecting unusual activity that is out of character with the customer, and at the same time we undertake publicity campaigns," Efrat Agami, head of Fraud Monitoring and Prevention at Cal, told "Globes." "Nevertheless, it’s important to stress that it’s up to the mobile telephony companies to control and restrict the transmission of phishing messages, and we expect and demand that they should also take action to prevent fraud. We’re working on this with the Minister of Communications and the Bank of Israel."
According to figures from data security company Cyvore, the number of phishing attacks in Israel and globally is rising by the month. On average, 3,000-5,000 phishing messages are sent in Israel daily, and every Israeli receives 1-5 such messages a week - and sometimes phishing fraud is perpetrated through voice messages.
Cyvore CEO Ori Segal says that 27% of the attacks in Israel are in the financial sector. "That’s where the money is, and consumers are especially fearful and sensitive. We identify a rise of 20-25% annually in this kind of fraud, with the phenomenon growing by the month."
What are the attackers methods?
Segal: "The simplest methods in existence, and people fall for them. 66% of these attacks get through the protection systems today and aren’t blocked. Why? The weakest link is the human being, it’s in our nature. And the biggest problem is that it harms trust. People no longer know what’s genuine and what isn’t."
Figures from the Bank of Israel Banking Supervision Department also show that in recent years fraud attacks on customers of the financial system have risen substantially. The target groups are mostly old people, immigrants from the countries of the former Soviet Union, and in general people with low digital expertise. According to the Banking Supervision Department, customers have been compensated to the tune of some NIS 3.4 million in the past two years.
At the same time, an exercise conducted by the IDF a few months ago shows that even young soldiers, who generally have more awareness in this area, fall into the trap. In the exercise, carried out in conjunction with the National Cyber Directorate, about 200,000 soldiers received phishing messages dressed up as though coming from the IDF. 12% tapped on the link. That’s an improvement over the previous such exercise, in which 20% of the soldiers failed to spot the fraud.
"Genius psychology"
The attackers method is simple: they send a message that looks as though it comes from a known company and "warn" you. There’s a set format that appears in almost every message - a text with some incentive to act, such as the threat of a sanction ("your account will be closed") or the promise of a reward; and a link to a bogus site that tries to look like a legitimate one.
"We have identified suspicious activity on your card, and we have therefore temporarily suspended the use of it," a message purporting to come from Cal said. Another, impersonating Isracard, states, "We have identified suspicious activity on your card. Yesterday, for your safety, we halted use of the card. Unless you verify yourself soon, your card will be discontinued." (The messages are in egregiously bad Hebrew.)
Financial services companies in Israel are aware of the phenomenon, as mentioned, and have been taking action to warn consumers, among other things through SMS messages. For example, a message from Harel states: "A rise in attempted fraud and theft of personal information has recently been identified. Generally, this takes the form of approaches by impersonators, by telephone or text message."
"Phishing tries to play to the human element, to do human engineering," says Aner Ben-Yosef, fraud prevention officer at Isracard. "The psychology behind it is genius. Let’s say you send a message to someone saying that he recently drove on the Road 6 toll road. Who remembers? And if it’s a small debt of a few shekels, it’s easy to pay up. Of course, in practice, more money will be taken."
Apart from the classic attack, there’s the method whereby the consumer’s telephone is taken over. "In the past year, we have seen an unremitting attack the aim of which is to switch the victim’s telephone to another mobile telephony company and thus to take control of it. The consumer provides the verification code he receives in the phishing deal, without reading that it’s a notification of a switch of provider. As soon as the attacker has the line, and after cross-checking with other information that the consumer provides, he can empty the consumer’s bank account, or take control of other services," Ben-Yosef explains.
"Phishing comes in endless forms. It can be through SMS messages, email, TikTok, Instagram, and other channels," Boaz Dolev, founder and CEO of cybersecurity company ClearSky, told "Globes." The company warns that, every day, dozens of websites are built to which customers are referred in order to obtain their personal details. When the criminals want to do a "campaign" on a particular company, they build dozens of routings with different addresses, in the hope that something will stick.
How to avoid the trap
Dolev says that one of the problems that fuels the phishing phenomenon is the use of SMS messages. "The banks and insurance companies use regular messages to verify identity, but SMS can be counterfeited, so we are putting our faith in a hackable tool that can be impersonated," he says. "The cyber and state authorities have to make this a main subject to deal with."
Ben-Yosef of Isracard agrees that the state should be more active, and chiefly should create a uniform standard for regulation. "For example, to stipulate that verification codes sent to customers must be valid for ten minutes only. Today, in the case of some services, they are valid for 24 hours, and that’s an opening that attackers are liable to exploit," he explains.
Sources in the finance industry say the state is not doing enough, and complain that there is no official body that produces a uniform standard for all players in the market with the aim of protecting the consumer. The Israel Privacy Protection Authority deals with databases and not cyber incidents, and the National Cyber Directorate monitors the situation and tries to deal with problematic links, but its main concern is critical infrastructure and public bodies. The Banking Supervision Department also points to the big problem - the absence of any entity responsible for national strategy to counter fraud.
The Banking Supervision Department itself has issued several directives to the entities that it supervises. Every banking corporation must formulate a strategy and policies for dealing with fraud, monitor unusual transactions on customer accounts (and even suspend an account until confirmation is received from the customer), monitor developments in fraud methods in order to prevent future incidents, warn customers of unusual activity, and take action to raise their awareness of the phenomenon.
The Banking Supervision Department also has recommendations for bank customers, chiefly to understand the importance of personal information, and, for example, not to forward a verification code to anyone. The Banking Supervision Department also makes clear that banks or credit card companies will not approach you on their own initiative to obtain confidential details, and if you make a mistake and hand over such details, you should report this quickly to the bank or credit card company, as a delay in notification could entail having to participate in the damage.
The National Cyber Directorate says that the easiest way of avoiding phishing fraud is not to tap on links in messages. If you receive a message that you have a large debt at the bank or that your credit card has been blocked, go directly to the website or app of the company that ostensibly sent the message, and check the truthfulness of the information in your personal zone.
Secondly, be cautious about handing over personal details through links or to people approaching you on WhatsApp, even if they are close family, because their own accounts may have been hacked. The National Cyber Directorate particularly stresses that you should not disclose credit card details, your ID number, or bank account details, or verification codes sent to you. You should also be alert to spelling and grammatical errors in messages, and check that the address in the link is not suspicious, and matches the real website. Suspicious incidents can be reported to the National Cyber Directorate helpdesk at 119.
For enterprises, the National Cyber Directorate’s recommendation is to train employees, using simulations of phishing events to identify vulnerable points in the workplace. It is also recommended to define permissions for each employee and not to give all employees access to the entire system, and of course to use security systems and systems for monitoring employees’ actions.
Published by Globes, Israel business news - en.globes.co.il - on June 12, 2025.
© Copyright of Globes Publisher Itonut (1983) Ltd., 2025.