Fake off This is “a classic phishing scenario that impacts customers of all banks”, says banking expert
Bank card, April 26, 2020, Gace, France. — RAPHAEL BLOCH/SIPA
- A very viral post on Facebook warns of a scam targeting Crédit Agricole account holders.
- The process implemented turns out to be “a classic phishing scenario that impacts customers of all banks”, indicates a banking expert.
- The information used to gain the victim's trust was usually recovered either by phishing, i.e. an email sent asking to “update” or “confirm [his] information following a technical incident” , including bank details, or by “stealer” malware, software that steals user data stored in the browser.
The tone is alarmist. A shared post more than 107,000 times on Facebook since October 3 warning of a scam targeting Crédit Agricole account holders. The process is explained in this way: the victim is contacted by telephone by a person presenting himself as his bank adviser. This person assures that they “will not ask for any number”.
Screenshot of the post alerting to a “Crédit Agricole scam”. – Screenshot/Facebook
It says call to update. day one “securicode”. And for proof of his good faith gives information such as “the account number, the exact balance of my three accounts”, specifies the publication. A new security code is sent by text message. “I tell myself that ç stinks, comments the internet user. If you enter this code, it adds a new beneficiary and empties your accounts!” Attention, alert the post, “the trick is really very well done”.
A banking expert, contacté per 20 Minutes, confirms the process. which “focuses on Crédit Agricole” in this post, but turns out to be “a classic phishing scenario that impacts customers of all banks” Thus, the fraudster has collected, upstream, a certain amount of information to put his victim in confidence and give credibility to his speech, he explains.
If the generalization of strong authentication has allowed the fall in the rate of fraud in payments on the Internet (- 20 %), the threats are evolving, notes the latest report from the Security Observatory ; means of payment. Fraud techniques by “ manipulation” customers and through impersonation campaigns. have developed in parallel and are increasingly sophisticated.
Increasing number of referrals
The number of reports of fraud, with identity theft; of the type calling fake bank advisers, has thus “very greatly increased; in recent months,”confirms the Authority” of Prudential Supervision and Resolution (ACPR). Other scenarios exist: the fraudster may claim to have to urgently block or cancel a fraud; credit card or transfer to the account, points out the Assurance, bank, savings info service site, a common platform set up by the ACPR, the Banque de France and the Autoré Financial Markets (AMF).
These calls are actually aimed at to bypass new security features payments. Frequently, the site also specifies, scammers use technology that allows them to show the phone number of the spoofed bank and hide their real number.< /p>
Information collected by phishing or malware
Initially, information was generally received. retrieved by phishing, i.e. an e-mail has been sent asking to “put to “ day” or to “confirm [his] information further to a technical incident”, in particular bank details, or by “stealer” type malware, software that steals user data stored in the browser.
A FAKE NEWS at; CHECK ? GO THROUGH WHATSAP
Once this information has been obtained, the fraudster then calls the customer with the aim of validating transactions protected by enhanced authentication measures. “In the present case, it’s obviously the addition of an external account number, which supposes that the fraudster already benefits from access to customer”s online banking,” emphasizes the banking expert.
Never communicate your data by e-mail or telephone
The fraudster asks to the victim to add an account, an action which will trigger the sending of a security code. temporary by SMS, and that he is trying to recover to finalize the addition of external accounts and make transfers in his favour.
Crédit Agricole indicates that it is mobilizing human and financial resources to fight cybercrime and recalls that he never asks to communicate data by e-mail or telephone. The bank's website also lists examples of fraud attempts and explains good practices to follow. implement. The Security Observatory means of payment also lists cautionary advice in the event of suspicious activity.