When your phone rings and the caller ID shows the Israeli military’s emergency command number, most people would listen — and that is precisely the point.
Israel’s National Cyber Directorate issued an urgent public advisory Tuesday, warning citizens about a wave of fraudulent automated phone calls impersonating the Israel Defense Forces’ Home Front Command, the military body responsible for issuing missile alerts and civil defense guidance. This is part of Iran’s emerging psychological cyber warfare playbook.
The advisory, published on the Israeli government’s official portal shows how Iran and its proxies weaponize civilian communications infrastructure against a population already under physical threat.
The Cyber Directorate said it received dozens of reports over a 24-hour period about calls appearing to originate from an official Home Front Command number. The automated messages instructed recipients to “prepare for an emergency” and, in some cases, directed them to visit a website for further instructions.
Also read: Israel Claims it ‘Struck’ Iran’s Cyber Warfare Headquarters
This is caller ID spoofing — a technique where attackers falsify the originating phone number to make a call appear as though it comes from a legitimate, trusted source. In a conflict environment where citizens have been conditioned to respond immediately to official emergency alerts, the damage does not require malware or a data breach. Panic is the payload.
Separately, fraudulent text messages circulated from a spoofed sender labeled “OREFAlert” — a name designed to mimic Israel’s official rocket alert system — falsely warning recipients of potential terrorist attacks inside bomb shelters and urging them to avoid shelters until further notice. A second fake message warned that fuel supplies would be suspended nationwide for 24 hours from midnight.
The strategic logic is coldly effective. If citizens hesitate to enter shelters during an actual missile strike because they distrust official alerts, the kinetic weapon becomes exponentially more lethal. Disinformation, deployed at the right moment, functions as a force multiplier.
Also read: Cyber-Kinetic Warfare Escalates as Iran, US, and Israel Clash Across Military and Digital Fronts
Israeli authorities attributed the campaign to Iranian or pro-Iranian groups operating as part of a broader psychological warfare effort during Israel’s military campaign against Iran, known as Operation Rising Lion.
These campaign patterns are part of a psychological cyber warfare playbook that Iran has long been using. In 2025, Check Point reported more than 2,000 threatening emails targeting Israeli universities, municipalities, and healthcare organizations, with messages containing explicit threats of violence.
Radware recorded a 700% surge in cyberattacks against Israel within the first two days of the conflict compared to the period before it. The firm’s VP of Cyber Threat Intelligence attributed the spike to coordinated retaliation by Iranian state actors and pro-Iranian hacker groups, spanning DDoS attacks, critical infrastructure infiltration attempts, data theft, and malware distribution.
The Cyber Directorate confirmed the fraudulent calls formed part of a coordinated misinformation effort and stressed that the Home Front Command does not contact citizens by phone with emergency instructions unless the individual initiates contact first. That clarification alone signals how effectively the adversary exploited an assumed behavioral norm.
Also read: Israel-Iran Conflict Sparks Wider Cyber Conflict, New Malware
The broader campaign fits a well-documented Iranian doctrine of combining kinetic operations with cognitive attacks on civilian populations. Earlier this year, the Shin Bet internal security agency and the Cyber Directorate reported a significant rise in phishing attempts linked to Iranian operatives, targeting senior defense officials, politicians, academics, journalists, and public sector figures, using fake mobile apps, spoofed websites, and malware disguised as legitimate documents.
Israel’s Cyber Directorate head Yossi Karadi had warned publicly that his agency handled more than 26,000 cyberattacks in 2025 — a 55% increase over 2024 — and framed the trajectory in stark terms: “Cyber is no longer supporting the battlefield. Cyber is the battlefield.”
For security practitioners and network defenders operating in any geopolitically sensitive environment, the Israeli case delivers a precise lesson. The most dangerous attack vector in a conflict may not target a firewall. It targets the split-second decision a civilian makes when an alarm sounds.
The Cyber Directorate urged the public to rely exclusively on the Home Front Command’s official website, mobile application, and verified social media channels, and to report suspicious calls immediately to authorities.
