Phishing, fake sites, identity theft... how to thwart increasingly sophisticated online scams?

Phishing, fake sites, identity theft… how to thwart increasingly sophisticated online scams?

One phone call and everything happened. When Anna (1) recounts the scam she was the victim of, tears come to her eyes. This Friday evening, as she quietly goes to the gym, an unknown number appears on her cell phone. His interlocutor introduces himself: he works as an advisor in his bank, attached to the cybersecurity department. A suspicious transaction of 1,200 euros was identified on his account. The 23-year-old young woman panics: she has no job and limits her spending as much as possible; how could it be the origin of this flow?

The man on the line, who has all the information about “his client” – bank card and identity card number, RIB – convinces her to file a pre-complaint online, which she does. Then he asks him to validate the security steps he is implementing remotely. Everything will return to normal, he assures, but she must act quickly. She is scared and her mind is totally confused.

At the bottom of his building, a “courier” on a scooter waits for him to collect his credit card. Once back home, the young woman realizes that she has been cheated. In total, the fake bank advisor will have extorted 2,000 euros from him. Stéphanie, too, was trapped: “I really believed that a guardian angel was coming to my aid,” confides this sixty-year-old. His seriousness and the knowledge he had of my file gave me confidence. What a mistake! » This faithful reader of Pilgrim ultimately lost 580 euros.

Credible interlocutors

This type of mishap has become a great classic in recent months. According to the French Banking Federation, 57% of French people indicate that they have already been victims of an attempted banking data scam in 2023, regardless of the means used: Internet, telephone or SMS. In 13% of cases, the theft materialized.

The aigrefins no longer resort only to the manipulation of confidential data via pirate software, but also to that of spirits when they act on the telephone. With a calm voice, they give themselves an appearance of credibility by providing confidential data, then play on urgency, numbing the critical mind of their target. They take their time: the maneuver can last an hour, two hours… The explosion of online commerce, the dematerialization of administrative procedures and the interconnection of information systems give them wider access to personal data. Their operating methods for defying security procedures appear increasingly structured. In 2023, check, transfer, direct debit and bank card fraud represented 1.195 billion euros in damage in France.

In this type of crime, the “grazer” (the name given to scammers operating on the Internet) collects personal information through a data leak from a website or via the phishing technique – these unwanted messages received on our cell phones. or our mailboxes. A false communication from the government indicating a fine to pay, a Vitale card to renew, a package that could not be delivered… All accompanied by a link to a site that is exactly similar to the official one. Once collected, our data is shared or resold in exchange loops of the “Dark Web” or “Clandestine Web”.

Secondly, a person, the “allotor”, poses as a trusted third party – spouse, child, administrative agent. Until October 1, she could even legally use the number of the third party concerned (2) to contact her target by telephone. From now on, operators are required to block calls from unauthenticated numbers. However, with artificial intelligence (AI), the thief can simulate the voice of your son or mother if he has retrieved a video posted on the Web.

Among the wide range of scams, we also find the “romance scam”. You come into contact with a stranger via a dating site or a local network. Day after day, week after week, a bond of friendship or love is created. Trusted, you end up agreeing to give money. Other traps: fake commercial sites offering very attractive discounts or bogus profiles on social networks. “I put two items of clothing up for sale on Marketplace, Facebook’s sales platform,” Stéphanie continues. A woman was interested, but asked me to update my Paypal (secure financial transaction site, Editor’s note) to be able to settle down. She convinced me to go to the local tobacconist to deposit money into this account via another application. » The money obviously never landed where it was supposed to go. “I have completely lost my free will!” Under the pressure, I lost my footing. And 750 euros,” sighs Stéphanie.

The criminals have understood this well: “On the Internet, the weak link is the user,” recalls Julien Lasalle, secretary of the Observatory for the security of means of payment at the Banque de France. And everyone can be fooled. Contrary to popular belief, 25-34 year olds are the most likely to file complaints. While this age group represents 11% of the population, it accounts for 17% of victims. “I am ashamed of having been fooled because I thought that only people who were far from digital, the oldest or the most naive could be victims,” admits Anna before concluding, bitterly: “The scammer was too strong , hats off to him. » All the people interviewed for this investigation requested anonymity, ashamed of having fallen “into the trap”.

Exercise caution

Faced with the ingenuity of cybercriminals, all those involved in the fight against online scams agree: prevention and awareness are the most effective tools. “Delinquents take advantage of the credulity of victims, particularly with AI which sows confusion between truth and falsehood,” insists gendarmerie officer César Lizurey in charge of policy to combat cybercrime for the Gironde department. Public and private establishments organize training for the general public. On the Internet, specialized influencers like Micode or Sandoz track the networks; campaigns are launched by the government. “On the Web, every link, photo, message is likely to be a hidden threat. Caution must be a first reflex,” adds César Lizurey.

Banks are also on the front line. Since 2021, thanks to the transposition of a European directive, banks have been required to implement strong authentication. All online payments over 30 euros must be validated using two factors: a password and confirmation on a trusted device… In branches, bankers are informed of suspicious transactions detected by AI. “If a client carries out a transaction from Korea even though he has never set foot there, we ensure that he is the originator,” explains Sébastien Reyes, director of the Champagne-Bourgogne regional fund of Credit Agricole. Banks repeat it: an advisor will never ask a client for their banking information over the phone. Only the countercall technique (read box at end of article) – hang up and call back the official number – ensures that the person on the other end of the line is indeed a professional. “No advisor will criticize you for wanting to be too careful, while a scammer will do everything to keep you in line,” insists Sébastien Reyes.

International collaboration

Within the police, tracking teams are strengthening. Nationally, 8,700 cyber police track criminals on a daily basis. Two years ago, faced with growing training needs, the Ministry of the Interior opened the National Cyber ​​Training Center in Lille (North). Learn how to constitute an offense, investigate to trace the source while respecting legal procedures… “It’s constantly a game of cat and mouse,” slips Julien Lasalle. But is it enough? “Scammers are very agile. We wear lead shoes while they wear sneakers. Obviously, we respect the law unlike them,” recognizes César Lizurey. As fraudulent sites are often hosted abroad, collaboration between States is essential. Interpol, the international criminal police organization, announced last June that it had arrested 3,950 people and identified 14,643 other possible suspects. This operation, called “First Light”, carried out in 61 countries, notably targeted phishing, fake e-commerce sites, identity theft, etc. A historic step in a fight which is only just beginning. his beginnings.

  1. The first names have been changed.
  2. New provisions of the so-called “Naegelen” law (of July 24, 2020), which aims to regulate telephone canvassing and fight against fraudulent calls…

Similar Posts