An SMS allegedly sent by EDF was still circulating on August 25. Using the pretext of a refund, this phishing aims to steal personal data, bank card information and… photocopies of identity documents.
It is neither the most complex nor the best done phishing. But this phishing by SMS in the colors of EDF, which was still circulating on August 25, is particularly dangerous for the people it would manage to reach.
Not only do hackers hope to extort personal data and bank card information from their targets, they go so far as to request photocopies of identity documents. What fuel in part an identity theft, which could have catastrophic consequences for the victim. If a copy of an identity card is not sufficient to carry out identity theft, it can support the process of applying for credit on behalf of the victim, for example. The victim would then find himself in debt without having received a loan.
To achieve their ends, the criminals behind this phishing campaign do not bother with a complex scenario: each step of their scam is as direct as possible. The initial SMS is satisfied with a “Complete the EDF reimbursement request form: http: // group-edf[.]com ”sent from a short number, which displays“ EDF ”as the suggested identity of the sender.
A person used to checking the scam signals will quickly discover the deception: the redirection address does not correspond to the official address of EDF, edf[.]Fr. Worse, with the anglicism “group” instead of “group”, phishing loses even more realism. But in a rush, with fatigue, some people might bite the hook.
The fake EDF carries out a progressive information theft
This is our case: we clicked despite the warning signs. A form is displayed immediately, without further explanation, with the EDF logo at the top of the page. Three lines follow one another, in an almost telegraphic style. : “EDF reimbursement request form”; “You will receive a reimbursement receipt by SMS”; “Please enter a valid credit card”.
At the very bottom of the page, we have some details about the alleged situation: “”.
The string of false reimbursement is very popular at the moment among criminals, who are surfing the economic crisis linked to Covid-19. After all, who would refuse an unexpected cash flow?
Never give out your bank details for a refund
But you have to be careful when the situation is too good to be true, like here. If you are in doubt, check your account that you have been debited twice. Either way, a business should never ask you for your credit card information for a refund. Especially since in this case, EDF must already have sufficient information to send you a transfer if any reimbursement is necessary.
The first form displays “bank details”, but asks for personal data: name, address, city, postal code, date of birth. If the victim clicks on “continue”, a new form is displayed “”. As usual, the criminals took care to put the Mastercard, credit card or Visa logos to reassure their targets about the legitimacy of their approach.
This two-step information request allows hackers to secure personal data theft, as victims will be less reluctant to share this information in relation to their credit card information.
An additional step compared to classic phishings
Once the bank card is validated, the criminals go even further. They ask for a “clear copy of your bank card (front / back)”, and offer to download the photos requested on their site. Then, they require a photo of your ID as the so-called “supporting document” for reimbursement.
Once these two documents have been registered, they content themselves with a sober conclusion page: “your request has been taken into account. The refund will be processed as soon as possible ”(sic). If the hackers adopted a very short message style to avoid grammatical errors, it is a failure.
Identity card theft can be very serious, but luckily the number of steps to validate and the little effort put into the layout of the scam could have discouraged the majority of potential victims.
What if I gave my information?
- If you have given your credit card information, oppose it as soon as possible. Prefer a call to the dedicated telephone service of your bank, the number of which you can easily find on Google. The vast majority of banks offer this service, available 7 days a week and 24 hours a day.
- If you have given your identity card, you can, as a precaution, declare it at a police station. This will allow you to have a written record in the event that malicious use is made of the document. In any case, you can go to the town hall to redo one, even if you do not go through the police station.
- If you have given your personal information, it will probably be sold to other people who want to phish. Be extra vigilant about any suspicious emails, messages and calls you receive, as they may be fueled by the information you have shared.
- Send the phishing SMS to EDF at 33700 so that they can fight this campaign more effectively.
CyberGhost, Cyberwarre’s exclusive advertiser, is a premium VPN provider at affordable prices. It has thousands of secure servers spread across the world, allowing it to relocate its IP address and bypass geoblocks. CyberGhost does not keep any record of user activity. Its VPN application is available on all operating systems and connected devices and is the easiest to access on the market. Learn more about CyberGhost’s VPN solution