Protesters shout slogans against the United States and Israel as they hold posters with the image of top Iranian commander Qasem Soleimani, who was killed in a US airstrike in Iraq, and Iranian President Hassan Rouhani during a demonstration in the Kashmiri town of Magam on January 3, 2020. Tauseef Mustafa | AFP | Bloomberg

Iranian hackers are likely planning social engineering and phishing efforts as retaliation for the U.S. military's killing of Iranian military chief Qasem Soleimani, according to security experts in government and the private sector. But the flurry of website defacements and social media rancor over the weekend are unlikely to be important, and might not have originated from Iran at all. On Saturday and Sunday, several websites across the globe were hit with cyberattacks that defaced them with images and slogans supportive of Soleimani. The hacked websites displayed images of a fist-punching Trump among other anti-American rhetoric. Victims included the U.S. Federal Depository Library Program and the Commercial Bank of Sierra Leone. Through a statement, the Department of Homeland Security expressed doubt these attacks were state-sponsored. One intelligence official from the Treasury Department, who wished to remain anonymous because he is not authorized to speak to media, said the organization was not concerned with scattered online defacements, which cause little real damage and are difficult to attribute On the contrary, he said, Treasury and other government agencies are more concerned about a heightened risk of social engineering attacks from across the Shiite world, well beyond Iran, and the possibility that other hostile nations -- like Russia or China -- may take advantage of the chaos to launch their own attacks. Along those lines, sources from federal, state and local agencies -- including the cities of New York, Los Angeles and Houston; power authorities PSE&G in New Jersey and ConEd in New York; and the U.S. Treasury Department -- told CNBC they are warning employees to be particularly wary of unexpected or suspicious emails, phone calls, text messages or other digital contacts that may serve as an entry point for attacks, more typical of the Iranian strategy.

Emotional outpouring could draw attackers

Experts are particularly concerned with the enormous emotional outpouring from across the Shiite Islam world, which could drive a variety of hacker collectives into action. These could include groups sponsored by Hezbollah in Lebanon and pro-government forces in Syria, as well as other sympathizers with Iran's plight. Russia has also assisted Iran in hacking efforts, and used the country as a cover to conduct its own espionage operations. "We watched the funeral march closely, in the sense that that's a lot of emotion, that when harnessed alongside a pretty substantial cyber capability, is going to represent longer term fallout than just a few small site takedowns," the Treasury official said. He said that experts are more concerned about a possible flurry of social engineering attempts, aimed at compromising the credentials of employees in these agencies. Social engineering typically involves gathering information about a target -- such as what he does for a living, or who her employees are -- and using that information against the individual. Often this takes the form of a phishing email, which uses the personal details to convince the recipient to click on a malicious link, thus giving the sender access to the victim's files or other information.