• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

APT42 impersonates cyber professionals to phish Israeli academics and journalists

 | 

Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

 | 

Cisco fixed critical ISE flaws allowing Root-level remote code execution

 | 

U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

 | 

CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

 | 

Hackers deploy fake SonicWall VPN App to steal corporate credentials

 | 

Mainline Health Systems data breach impacted over 100,000 individuals

 | 

Disrupting the operations of cryptocurrency mining botnets

 | 

Prometei botnet activity has surged since March 2025

 | 

The U.S. House banned WhatsApp on government devices due to security concerns

 | 

Russia-linked APT28 use Signal chats to target Ukraine official with malware

 | 

China-linked APT Salt Typhoon targets Canadian Telecom companies

 | 

U.S. warns of incoming cyber threats following Iran airstrikes

 | 

McLaren Health Care data breach impacted over 743,000 people

 | 

American steel giant Nucor confirms data breach in May attack

 | 

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

 | 

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes' Data from Saudi Games

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 50

 | 

Security Affairs newsletter Round 529 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Iran confirmed it shut down internet to protect the country against cyberattacks

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber Crime
  • Sophisticated Phishing is targeting French-Speaking banking users

Sophisticated Phishing is targeting French-Speaking banking users

Pierluigi Paganini August 03, 2014

A very sophisticated phishing campaign has been discovered by Malcovery Security, it targets French-speaking computer users to steal banking credentials.

Phishing is a very prolific business for cybercrime, bad actors are adopting even more sophisticated techniques like the one discovered recently which hit French-speaking computer users, in an attempt to steal their online banking credentials.

The discovery was made by experts at Malcovery Security, this new attack scheme is not a classic direct phishing, which is based on malicious emails which contain links or attacked malware used to deceive victims, instead, the emails purport to be from an entity that isn’t the targeted bank and informs victims that due a billing mistake they have to be refunded to their account.

The fraudsters refer limited quantity of money, as much as €95 or $127, and request victims to provide information on their bank account that will receive the transfer of refunded sums.

A this point victims are redirected to a page where is asking them to provide the above information, the cyber criminals implemented a mechanism to verify the credentials to the third party before allowing the victim to proceed.

Gary Warner from Malcovery Security explained that the third party entity used in this sophisticated phishing attack is SFR, a French telecommunications company that provides phone services (mobile and landline), along with Internet and IP TV products.

“While there are several versions of the SFR phish, the most sophisticated that we have encountered so far can be seen on a British horse enthusiasts website (obviously hacked). What makes this one particularly compelling is that it begins by requiring the victim to be using their true SFR userid and password. On the originating screen, the user is told to “Connectez-vous” by entering his userid (Identifiant) and password (Mot de passe).” is reported in the blog post.

The attack scheme is not new, its improvement is related to the SFR login verification process that is being performed.

According to the researcher the Malcovery’s PhishIQ service has detected more than 1,000 SFR phish on more than 330 hacked servers so far this year, which demonstrate that the technique is largely used by fraudsters.

 

phishing Scheme SFR

The SFR provided by the victims are passed to the legitimate SFR to verify if they are valid, in case of incorrect credentials a message is returned to the victims which are allowed no more of 5 attempts before their account would be blocked.

This is pure social engineering to trick users into believe that the company which want to provide the refund is legitimate such as the entire process.

When victims provide valid credentials it is requested them to select from a list of French banks which is their financial institutions, depending on the chosen bank the attackers request the appropriate additional verification information used by the specific bank.  

“Depending on which bank they choose, they will be prompted for appropriate additional verification details used by that bank,” states the post.

With this scheme the cyber criminals are collecting all the data required to access the bank account, as explained by the research this is one of the most complex schema seen since now because it involves different technologies and tricks.

“one of the most sophisticated phish we’ve seen to date, employing ‘man-in-the-middle’ logins where SFR credentials are tested before the victim is allowed to proceed, and nearly a dozen customized bank security procedure questions being processed.”  Warner said.

Pierluigi Paganini

Security Affairs – (Phishing, cybercrime)


facebook linkedin twitter

Cybercrime fraud Hacking man-in-the-middle online-banking phishing SFR

you might also like

Pierluigi Paganini June 26, 2025
Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages
Read more
Pierluigi Paganini June 25, 2025
Hackers deploy fake SonicWall VPN App to steal corporate credentials
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    APT42 impersonates cyber professionals to phish Israeli academics and journalists

    APT / June 27, 2025

    Kai West, aka IntelBroker, indicted for cyberattacks causing $25M in damages

    Cyber Crime / June 26, 2025

    Cisco fixed critical ISE flaws allowing Root-level remote code execution

    Security / June 26, 2025

    U.S. CISA adds AMI MegaRAC SPx, D-Link DIR-859 routers, and Fortinet FortiOS flaws to its Known Exploited Vulnerabilities catalog

    Security / June 26, 2025

    CitrixBleed 2: The nightmare that echoes the 'CitrixBleed' flaw in Citrix NetScaler devices

    Hacking / June 26, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT