Phishing techniques, behaviors to adopt, new trends… As a preamble to the webinar dedicated to bank fraud on January 24, 2023, the Director of the Awareness Unit of Cybermalveillance.gouv.fr, Laurent Verdier, answered questions from Linternaute.com .
Director of the Awareness Unit of cybermalveillance.gouv.fr Laurent Verdier has a solid background in cybersecurity. In 2002, he decided to reconcile his interest in investigation and new technologies by joining the department specializing in computer hacking at the Prefecture of Police. Procedural, investigator, he then took the head of the assistance group of the Brigade for investigations into information technology fraud (BEFTI) before joining the former Directorate of Territorial Surveillance. Subsequently, he became a liaison officer between the Ministry of the Interior and the National Agency for Information Systems Security, before continuing with three additional years at the BEFTI as Chief of Staff. It is in 2020 that he will join the cybermalveillance.gouv.fr system to manage the awareness center, “made available by the Ministry of the Interior as a member of the system”.
Before the webinar dedicated to online banking fraud on January 24, 2023 at 6 p.m., of which he will be one of the speakers, Laurent Verdier has agreed to answer our questions. You can now register for the event below.
Register for the bank fraud webinar
Today, 21% of the population suffers from illiteracy. How can this worrying trend be explained? ?
LV: “In France, part of the population is in a phase of dropping out or of anxiety in the face of the progressive digitization of all State services. There is a problem of fragility and lack of culture, which makes its people who are more vulnerable when they are targeted by cyberattacks. For a year and a half now, we have been working closely with all the players in mediation and digital inclusion, especially since the ANCT (National Cohesion Agency and territories, editor’s note) joined the system cybermalveillance.gouv.fr in January 2022. Our main objective is to participate in their tools in terms of digital risk awareness in order to help the populations they support to be more autonomous and vigilant vis-à-vis cyber malicious acts”.
How to cure it ? What actions are implemented at Cybermalveillance.gouv.fr?
LV: “The platform was created with three main missions for three audiences. Individuals, VSEs-SMEs and local authorities. Based on a report by Marc Robert (General Prosecutor in Riom, editor’s note), in 2014, which was responsible for leading a working group intended to take stock of cybercrime in France and propose recommendations to improve its treatment, elements were included in the national strategy for digital security in France from 2015. Our authorities asked for the creation of a one-stop shop intended to provide these three audiences with immediate assistance if they are ever victims of cyber-maliciousness, in order to be able to send them recommendations, or even put them in contact with an IT professional to repair their system, first. Design and make freely available content on current threats, and awareness tools with appropriate recommendations are. Finally, observe the digital risk and be able to consolidate these elements, report them to our authorities to better guide public policies in this area”.
“The attackers, especially since the first confinement, have multiplied the volume of their attacks.”
Can you draw up a typical profile of the scammer ?
LV: “There is no typical profile. The attackers, especially since the first confinement, have increased the volume of their attacks. We like to say that they are more sophisticated, I prefer to say that they are more astute. is above all the behavioral and human elements, on which the attackers try to play. By sticking very closely to the national context, with fake sites of gel, gloves, travel certificates, or non-existent covid bonuses for example. goal being to get the target out of his usual reaction paths, either by stress, or by the lure of gain, or by fear or doubt.Today, we do not always take measures of vigilance and d attention needed. So we fall too easily into the trap.”
What are the remedies when you are a victim of bank fraud? ?
LV: “You have to take the time before responding and acting when you have a doubt. Above all, you must not be alone, talk to a trusted third party, then come to cybermalveillance.gouv.fr to find out if this operating mode is already known. What we also recommend, to allow the Gendarmerie or the Police to make connections, to investigate and to initiate proceedings against the perpetrators, is to file a complaint. We propose on the course of assistance from cybermalveillance.gouv.fr, a number of suggestions and referrals to the nearest Gendarmerie brigade or a police station. THESIS which was set up by the Ministry of the Interior and which makes it possible to file a complaint online for a certain number of offenses linked to cybercrime.
And if I have had my online account hacked, the first thing I have to do is notify my banker with my usual contact details, the bank adviser I know and report these elements indicating that I am the victim of hacking and potentially fraudulent financial transfers. Then, since my email account has been hacked, and the attacker potentially has access to all my contacts, I must warn my contacts and inform them of a risk of identity theft, “do not fall in the panel”. We must not remain in guilt and / or shame.
“Out of 10 victims of cyber-maliciousness, four to five maximum will file a complaint.”
What is the proportion of complaints compared to the number of cyber-malicious acts ?
LV: “This figure is not known, but from my experience, I think that out of 10 people who are victims of cyber-maliciousness, four to five maximum will file a complaint. I hope that the THESEE platform will encourage the filing of a complaint because it is a positive legal step, which will allow you to be officially referenced as a victim, first of all. Then, allow investigators to make connections if the investigation concerns many similar cases”.
What are the risks for cyberbullies ?
LV: “The vast majority of cybermalware has its transposition into criminal law. Phishing is going to be the attempted scam, or the scam. a company or a community, we are in an illegitimate access to an automated data processing system, and we can fall into the attempt of extortion. If the investigation makes it possible to trace the origin of the attack , identify machines, systems, and their respective users, you incur the penalties provided for by the offenses concerned, for example, five years in prison for a fraud.
“Thanks to the telephone, we are permanently connected to the web, and any verification operation is a little more complicated […]”
Does a scam trend seem to emerge for 2023 ?
LV: “The fundamental movement is phishing. It is the number one threat to the general public. In other words, the ability of attackers, by email, by sms, by telephone, to usurp the quality of an issuer, to deceive the target, in order to make him communicate an identifier, a password, or to make him click on a link. From this fundamental movement, we observe a multiplication of the forms taken by the campaigns The fake parcel delivery scam, the fake vital card update scam, the fake financial adviser… Fear, anxiety, or attraction, make it possible to get back something voluntarily.
Today, it is rather the form that the successive phishing campaigns will take that are changing and sticking to the news. The proposed fraudulent purchase of the Crit’Air sticker for example. Thanks to the telephone, we are permanently connected to the web, and any verification operation is a little more complicated to carry out, especially since we are often on the move. This transformation of our habits implies a change in our habits of vigilance. We have seen a strong growth in these SMS phishing campaigns, and that is the big problem. It really developed in the second half of 2021.”