Since the beginning of the year, a pest has infested the heart of French homes: Cyber attack on FranceConnect accounts. Using different strategies, web hackers recover your professional and personal data in order to use it against you. What are these technologies, what are their dangers, and above all, how do we prevent them?
Islands of France
Last February, we already mentioned a topic related to cybersecurity and Billions of passwords and usernames leaked, ranging from Netflix to LinkedIn, including Gmail accounts. Today, These attacks target accounts associated with the service that secures the identity of 21 million usersAnd those who wish to connect to more than 700 services: Axis FranceConnect. The worm is already in the fruit. News about the victims of these hackers is increasingly distorting the pages of French daily newspapers and specialized sites. 20 minutesAnd launchAnd France informationAnd NomiramaSince the beginning of the year, it rains victims, users, as well as health organizations.
How do they do it? Cybercriminals are trying to recover victims’ credentials by forging a fraudulent communication notification on FranceConnect or Amelie. the user He receives an email with the FranceConnect logo, then the said message informs that the connection has just occurred in its name on the service. To determine that it is not him, the user must Click the link in the messageBy doing this, the identifiers are filtered.
Double-headed hook
In its March 10 article, Cyberguerre.numerama.com takes as an example Isabelle, who received a strange connection notification, stating that someone had just connected to a CPF using her Ameli credentials. Double Hit Hacker which retrieves both the victim’s account identifiers, but also switches to their own personal training account (CPF). This is the whole problem of centralization that FranceConnect has to offer and its boon to hackers.
This technique is called fishing (or phishing), which, as the Ministry of Economy, Finance and Recovery calls it ” Consists of Making the victim believe they are communicating with a trusted third party In order to extract personal information such as his credit card number or password The goal is usually to recover payment data or passwords for Access to billions of confidential filesEspecially medical at the time of the epidemic.
How do you cope?
How do you stay alert in the face of this kind of attack? First, if you receive the fraudulent email, you must Check the sender’s address, in order to determine its abnormality. Sign in to check that no operation has been performed. It is necessary behind it Notify the relevant departments, and report the scam on the Cybermalveillance.gouv.fr platform. Network of investigators and digital actors for digital prevention and protection of the National Gendarmerie It posted a tweet earlier this year calling on its members to be vigilant. Finally, and obviously, change your password.
ud83d uded1 campaign d # phishing In progress by email regarding #FranceConnect
If you have any doubts about an email, consult https://t.co/fbDnvBdasJ for more information. pic.twitter.com/ZT29RmEXQE
in the last days , fishing It takes the form of an expulsion attack, where Internet users are required to pay a few euros to unlock fake package delivery directed at them. This time, the logos of companies such as La Poste, UPS or Colissimo are copied.