Be careful if you are a customer of Crédit Mutuel or Société Générale! Hackers are currently sending fraudulent emails with the aim of recovering your banking details. Don’t fall for it!
It didn’t take long before, following the historic hack of Free which resulted in the theft of the personal data of 19 million people and more than 5 million IBANs, a new phishing campaign emerged. nose. Indeed, cybercriminals are taking advantage of this tense climate to pretend to be a bank and try to steal victims’ banking credentials, so that they can then quietly take their savings. For the moment, only Crédit Mutuel and Société Générale are affected by this campaign. On the other hand, fake emails from Crédit Agricole are sent at the same time from a university in Palestine hijacked by pirates – but the deception is cruder. It is possible that other organizations will soon follow.
Bank phishing: the identity of large banks stolen
The fake emails use the official logos and graphic charter of the two banks in order to pass themselves off as a legitimate message. For example, one of them states that a new regulation has come into force and that it is mandatory to adhere to it, which the client would not have done despite a previous warning, otherwise he will have to face a “interruption of [ses] operations”. To avoid this, he is asked to click on a button. Another fraudulent email claims that the victim has received a message from their bank and again invites them to click on a button to consult it. This is all the more vicious as some banks actually send an email to notify their customers that they have received a message.
The link goes to a site “mutuel-support-demandes.net” imitating the real connection page of the banking organization. The victim is asked to enter their username and password, then validate their phone number. In short, all the information cybercriminals need to connect to their bank account and begin emptying it!
By looking carefully, several clues come to mind. Indeed, the sender’s email address ends with @mxtoolbox.comwhich is more than suspicious. Likewise, the URL of the fake login site ends with .net. However, normally, French bank sites end with .fr. It’s more than enough to scare us away!
Bank scam: what to do in the event of a phishing attempt?
If in doubt, contact your bank before taking any action. An advisor will be able to tell you if the email is legitimate or not. But, generally speaking, it is always better to go through your bank’s website or mobile application to consult your customer area, whatever the reason. Note that some establishments actually send an email to notify of the arrival of a message – this is particularly the case with La Banque Postale and CIC. Here again, it is better to make the habit of logging into your customer area yourself.
If you are ever the target of an online or SMS scam, forward the message to Signal Spam immediately, Pharosor directly to 33,700the platform specializing in reporting scams. You can also report these fraudulent messages to the site internet-signalement.gouv.fr. Then block the sender’s number or email address to no longer be bothered and delete the message in question.
Above all, if you are one of the victims of the Free hack, monitor your banking transactions to spot any fraudulent withdrawals, given that the crooks have stolen the IBANs. If an unusual debit is detected, you can dispute the fraudulent debit within thirteen months following it. Your bank is required to reimburse you for the stolen money (see our article).