By COLlive reporter
A security alert issued by Chabad World Assistance (CWA) has highlighted a trend of “social engineering” attacks in which hackers pose as individuals in need to gain access to sensitive community networks.
The warning comes amid heightened concerns regarding state-sponsored cyber activity originating from the Islamic Republic of Iran, currently in a war against the United States, Israel, and neighboring Gulf States.
The tactical approach used by these actors involves a high degree of personalization. In a typical scenario, a hacker—often using translation software—reaches out via messaging apps or email, identifying as a Jewish traveler or a group of “brothers” stranded in a city. The messages specifically request details regarding Shabbos meals, davening times, and shul entry points.
By mimicking the language of communal belonging and religious obligation, the attackers aim to exploit Shluchim’s traditional hospitality to bypass standard digital security filters.
Security analysts note that once rapport is established, attackers deploy one of two primary methods: malicious links or direct information gathering. By sending a “registration form” or “location map” that, when clicked, installs spyware or credential-harvesting malware, the actors gain a foothold in the target’s device. Alternatively, they use the dialogue to map out the physical security protocols and internal schedules of Jewish centers.
The CWA alert stated that the objective is to turn the desire to help into a weapon against the community, noting that information obtained through these interactions can be used to hack broader systems or compromise the community’s safety.
Security and Prevention Guidance
In response to the evolving threat landscape, security experts are advising Jewish organizations to implement a “Verify First” policy. The following measures have been recommended for immediate adoption by all staff and volunteers:
* Source Verification: Carefully checking the metadata or profile history of any unknown individual requesting sensitive logistical information.
* Credential Hygiene: Replacing all administrative passwords with high-entropy, unique strings that are resistant to “brute-force” cracking.
* Link Neutrality: Refraining from clicking on any external links or downloading attachments from unverified sources, regardless of how harmless the context appears.
* Two-Factor Authentication (2FA): Implementing 2FA across all communal databases and communication platforms to provide an additional layer of defense against hijacked accounts.
The Israel-based CWA, which provides 24/7 support to the global Chabad network, has indicated it will continue to monitor these efforts. As digital threats become increasingly nuanced, the emphasis for community leaders has shifted from purely physical security to a comprehensive model of cyber-vigilance.
VIDEO:
We should always go stronger and be more proud! Not hide our faces!
In all attacks the Rebbe MHM went straight at it, sending Shluchim to strengthen the community and go straight to face the threat!
Let’s not hide our faces at this time and hide our name!
Not for Tucker, not for Iran, not for anything!
Let’s continue till Moshiach is revealed!
You really don’t get it. We are living in deadly serious times and Chabad Houses could become targeted by savy terrorists pretending to be interested Jews Gd Forbid !! This has absolutely NOTHING to do with “pride” – this is vital & practical information on how to save the lives of Yidden – which is certainly also a very important mitzvah. Did you not hear about Bondi ?? I am proud and relieved that Chabad has such a program in place to protect Jewish lives around the world.
Is your cup half empty or half full?
Do you trust in Hashem?
Fear enables tyrannical control.
Don’t let anybody use a crisis to scare you into surrendering your life to them.
They won’t relinquish control willingly.
Seems like lately theres an uptick on many levels of Natural disasters. Fires. Wars. Theft threats etc.
Knowing we are doing our work of Shlichos, the mission set forth by our Holy Rebbe. Which will no doubt through this will bring about the Geulah Shleima.
Seems like the
Soton-Sitra Achra-Yetzer Horah or what ever else you choose to call him, is REALLY pissed off these days.
A Silver Lining, knowing we are doing our job well !!!!!
A Kosherin Freilichin Pesach.
Moshiach Now.
Just to add, be very cearfull with using built in ai (like in a browser or email) as hackers can hide text that the ai can still see.
the issue with this is that they can add a malicious prompt that can cause your AI to either delete files or send files to them, as well as downloading malicious software.
In addition, AI is known not to be very secure and is not encrypted 99% of the time.
I am not saying not to use AI; I am just saying to be cautious.