Jean-Jacques Latour, cybersecurity expertise director at Cybermalveillance.gouv.fr, provides his analysis of a phenomenon that is not decreasing.
It is a scourge that affects many French people every year. Over the past year, more than one in two people have been victims of at least one act of cybercrime. Fake parcel or vital card SMS, fake call from a bank advisor, account hacking… There are numerous methods and many still continue to fall into the trap. To the point of sometimes losing several hundred or thousand euros.
These problems continue to develop with 100% digital. A real threat that is difficult to combat as it constantly regenerates, in various forms. Jean-Jacques Latour, director of cybersecurity expertise at Cybermalveillance.gouv.fr, a government organization fighting against acts of cybermaliciousness, is following this phenomenon closely. As part of Cybermoi/s, he explains the scams that are currently rampant and warns of the need for public information regarding this scourge.
What are the main figures to know about cyber malicious acts?
According to an Ipsos survey carried out among 3,100 French people, 61% of those questioned declared having been victims of at least one act of cybercrime during the year, that is to say an account hacking, a purchase on a fraudulent site… This excludes unsuccessful attempts and therefore remains a significant figure.
Then, 73% of French people were victims of phishing, that is to say they received a fraudulent SMS or email, or, for example, a call from a fake bank advisor during the ‘year. This is scam number one.
Concerning cybermalveillance.gouv.fr, we had 3.5 million visitors to our site in 2023, 85% of whom were people looking for information, even if we cannot know if they were really victims or not. of a malicious act.
As for our online helpline, last year we had 280,000 people come to ask questions and seek advice. This figure is far below the truth, but it allows us to give a typology of the population who are victims of these acts. 93% of them are individuals.
Do you think that the French are more alert than a few years ago when it comes to online scams?
It’s hard to say. We help them as best we can. Last year, our article on phishing with false SMS fines received 280,000 views. All the people who were in clearing doubts came across this article. So at that level, we will help them. Furthermore, the number of calls we receive is increasing because our system is young. This year, we will again significantly exceed all our figures.
Is the increase in vigilance on cybercrime good news or bad news?
This is good because it shows that we are developing our notoriety, but it is a sign that acts of cybercrime are not decreasing because cybercriminals are looking for renewal and improvement.
What is the most common online scam today?
Phishing (fake message aimed at recovering your personal data, editor’s note)from afar. It affects all audiences! This is the first threat to individuals. In 2023, 38% of cyber malicious acts were phishing. It will be the same for 2024.
Among these scams, the first concerns fines. We also see the re-emergence of the vital card renewal: the vital card does not expire, does not have to be renewed and is free!
Also, the scam involving packages that have not been delivered or that do not fit in the mailbox is in vogue, as are fake banking messages that ask you to click on a fake link to log into your account in order to recover your username and password.
What other scams are going on right now?
Account hacking. Email accounts and social networks are a real object of predation. It is the second main threat with 17% of malicious acts of this type. In your email, there are a whole bunch of treasures: copies of identity cards, pay slips or others because, at some point, you had to send these documents to someone.
Furthermore, your email address is the backbone of all your accounts. If I have access to messaging, I can reset the password for all your accounts, particularly on social networks (Facebook, Instagram, TikTok, etc.) and take control of them.
“There have always been deepfakes. Every evening, on TF1, you have the show “C’est Canteloup” for example… (laughs).”
Tell us about the bank advisor scam: more and more stories of this type are being reported in the media…
It exploded in 2023 and the trend is still on the rise in 2024 since we have, for the moment, recorded 15% more acts of this type compared to last year, at the same time. Between 2022 and 2023, the increase was already 80%!
We see with this scam what use can be made of phishing: I have recovered your banking password, I call you reporting false transactions and I ask you for a validation code to block the operation… which is actually used to empty the accounts.
This is a phenomenon captured by petty crime because it does not require technical skills. It just takes some bullshit. There is a team making a fake bank site, a carbon copy of yours, a team doing phishing, a team responsible for calling the person, pretending to be an advisor from the anti-fraud service to obtain a code validating an operation. People fall for this because the person has access to your accounts, so he knows the status of them by heart, and he is a different person from your advisor since he works for a different department.
What about artificial intelligence?
Cybercriminals did not wait for artificial intelligence (AI) to produce error-free messages or create fake sites. What’s changing with AI? So far, nothing. We have not seen any new threats emerge. AI is seen by cybercriminals as a tool that can allow them to do things better, faster, and therefore at lower cost. Of course they’re going to use it. But today, we do not see any new threats arriving.
There have always been deepfakes. Every evening, on TF1, you have the show “C’est Canteloup” for example… (laughs). What’s new is that it comes more easily to cybercriminals. Recently, there was a fake video of Alain Delon that was filmed: it’s much more poorly done than in the show.
For citizens, it is becoming increasingly difficult to differentiate between truth and falsehood. AI is not going to fix this. We expect an acceleration which will allow cybercriminals to develop new technologies.
“Those aged 18-34 are more likely to be victims than their elders.”
Who are the most likely to be victims of an online scam? Who falls into the trap?
There isn’t really a typical profile. What emerges from our study is that there is no notable difference in victims between people who live in cities and those in the countryside. Another preconceived idea: it’s not at all the elderly who are being fooled. Those aged 18-34 are more likely to be victims than their elders. One of the explanations is that it is a more connected population which will be less suspicious, just like the CSP+, who are more affected. And boys get fooled more than girls. Overall, the more connected we are, the more we are at risk.
Does receiving a fake phishing SMS or email mean that at some point, I must have made a mistake so that the criminals have my contact details?
No. A phishing campaign is not just used once. The person who collected the data will resell it. Furthermore, cybercriminals are also able to obtain marketing files, because they can be purchased. So either you were the victim of prior phishing, or you entered your phone and/or email on a file obtained by a criminal. When data is in nature, it is in nature.
What do you think is the best way to protect yourself against malicious acts?
There are good rules to respect. But is it enough because I’m doing everything right? The best way to avoid this is to be informed, to know that scams involving fake packages, fines, fake delivery people, fake bank advisors exist. From the moment you know that the risk exists, you will know how to react.