A phishing campaign masquerades as Boulanger. Under the pretext of canceling an expensive order, she tries to steal your personal data.
What would the holiday season be without a wonderful phishing campaign? The message that received Alain Michel thus passed itself off as the confirmation of a so-called expensive order (nearly € 1,000) from the Boulanger store. The email, which Numerama was able to consult, is more than plausible. Far from some hasty scams.
Bad luck for the pirates, Alain Michel is a trainer in the digital education sector, and immediately spots the scam. Apart from his email address, the other information contained in the message (name, first name and postal address) is not his. The sending email address is “[email protected]”, with a domain name that should at least raise suspicion (even if companies sometimes use different domain names for their customer services). But an uninformed user could easily think of an authentic email and click on the link in red which suggests ” to cancel [sa] ordered “.
A copy of the realistic Boulanger website
The link referred to a copy of Boulanger’s site that Cyberguerre was unable to consult. Indeed, the link has since been deactivated, possibly thanks to the Pharos report that Alain Michel explains having made. ” I realized this late afternoon yesterday so it was taken offline in the afternoon [du 30 décembre 2021, ndlr] “, He explains to Cyberwar. The latter nevertheless made screenshots, shared on Twitter.
The URL of the site obviously copied the (legitimate) Boulanger URL which is “www.boulanger.com”, by adding complements at the end of the domain name. If in doubt, it is better to check the official address of the site in question using a quick Google search.
The cancellation form visibly requested personal information, claiming that it was necessary to cancel the order. Last name, first name, email and postal addresses, all data that a hacker can then reuse for other more personalized phishing campaigns.
23,000 lines of personal data
And for good reason, Alain Michel discovered in an HTML tree structure of the site two databases, filled with thousands of personal data. ” There were more than 23,000 lines, each time with first name, last name, postal address, email address and telephone number (s) (landline and mobile) », He specifies. A second list, less consistent and more muddled, was also present.
What is this database? Difficult to say with precision. It happens regularly that not very picky hackers leave the stolen databases that they constitute lying around, as in the last phishing campaign which targeted Swile users.
Faced with the questions raised by this database, Boulanger at reacted quickly on Twitter : ” this fraud attempt is not linked to a security problem with our databases, it does not only affect Boulanger customers […] These are hackers who set up databases and subsequently usurp Boulanger’s identity.. “
A phishing already observed
This format of phishing in the colors of Boulanger is not in fact recent. Data leak specialist Damien Bancal revealed in Zataz’s Cyber Show in July 2021 that hackers were using a similar format for a very sharp scam. The data of the targeted people was pre-filled in the form. But in this one, the file with the data of the victims contained more than 600,000 entries, according to Zataz. The brand had finally reacted a little later in August, by alerting to a similar phishing campaign.
Is the campaign spotted by Alain Michel the same as that detected by Zataz? Hard to say. A less technical hacker was able to use the same tools using less technical procedures. But the form is certainly the same.
What if I have taken a phishing bite?
You just clicked on the link
No need to worry.
You have completed the registration form
Beware of emails and calls you will receive in the future. Highly personalized phishing campaigns might try to target you using the information you entered. So stay tuned and respect some IT hygiene measures (checking the URL, email addresses, etc.).
You have given your banking information
In the phishing campaign spotted by Alain Michel, the unknown remains the presence or absence of bank data. The latter did not venture further than the form, and did not observe this type of information in the files he found.
If ever you have actually entered your bank details, file a opposition on your bank card as soon as possible. Your bank surely has a telephone number reachable at all hours to do so. If you notice a fraudulent transaction on the account, report it on Perceval, the public platform dedicated to reporting bank fraud.
CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market.
Learn more about CyberGhost’s VPN solution