5 million people have had their bank details stolen.
This is the great worry of the moment. 5 million Free customers have had their personal data stolen by a hacker: name, first name, email and postal addresses, telephone number, subscriber ID, IBAN and contractual data (type of offer subscribed, date of subscription, active or not subscription ) fell into the hands of the thug. A gold mine already resold and which wanders in the digital nature…
But what can hackers really do with an IBAN? We tried to put ourselves in their place by interviewing an expert in the field: Jean-Jacques Latour, director of cybersecurity expertise at Cybermalveillance.gouv.fr, the official body which fights against this type of scam. It deciphers the consequences of this act and confirms that those who have this data can carry out operations aimed at extracting money, without the consent of the account holder. The risk of having tens or hundreds of euros stolen is therefore very real.
Using an IBAN, the hacker can easily set up a fraudulent direct debit, explains our expert. This is also the primary purpose of having an IBAN. If “it’s not done like that”, “not all organizations are always attentive”, specifies Jean-Jacques Latour. The criminal simply needs to know a site on which the authorization of the direct debit mandate is done without validation by SMS or via the application of his bank and that’s it.
From then on, the victim will see debits appear on their account which they are not the originator of. But you have to be careful! The hacker will not necessarily withdraw 100, 200 or 500 euros at once. “These withdrawals can be small amounts: a few euros or tens of euros, which can become recurring,” warns Jean-Jacques Latour. Charges of €1, €5, €10, etc. are common. Be careful not to confuse them with the purchase of a wand or any subscription.
Especially since the labels are obviously not clear and the hackers knowingly play on the confusion: the name of a large company with a single letter of difference or an obscure title are usual. Subscriptions to “press” services or to benefit from “promotions” are among the fraudulent deductions regularly noticed by this official of the State body.
The “advantage” of these forms of collection is that they can be easily and quickly stopped. A simple opposition from your personal space or by calling your advisor is enough. You have 13 months to contest an undue deduction if it comes from the European Union, Iceland, Norway or Liechtenstein. The deadline is 70 days if it comes from another country in the Globe. In any case, the bank will reimburse you. From then on, the hacker is blocked… for this collection. But he can freely start again.
The other concern concerns the contraction of consumer credit. Can a hacker, amateur or professional, subscribe to one by stealing your banking identity? It is more difficult – if not impossible – for a hacker to do this only with an IBAN. “You must provide a RIB and proof of identity,” explains Jean-Jacques Latour. Above all, if the operation still manages to be successful, “you find yourself in a situation of withdrawal that you did not authorize and which can therefore be stopped immediately”, reassures this expert in the field. Especially since (very) few banks accept that consumer credit be paid into one account (that of the hacker) and reimbursed by another.
Be careful, however: vigilance must obviously be required, but you should not believe that if no fraudulent samples have arrived in the coming weeks, this means that you are out of danger. Since the IBAN is valid as long as your current account is open, the scammer can act at any time, even several months from now.