Crédit Agricole: beware, hackers have stolen 1,700 bank cards!
Hackers are currently carrying out a phishing attack against Crédit Agricole customers. Using a phishing kit, they managed to fool 1,700 of them and get their bank cards back. In addition, this same kit was also used against many Israelis, this time via a parcel scam. The two groups, obviously amateurs, did not bother to effectively hide their identity.
A phishing attack against Crédit Agricole customers is underway. Discovered by the vpnMentor teams, it uses a phishing kit, that is to say a set of tools aimed at amateur hackers to set up an effective campaign quickly, to scam its victims. It is in 2020 that the group of criminals begins their operation. To do this, they hacked a site unrelated to the bank and modified it to make it a mirror site. They then inserted the phishing code there to trap unsuspecting internet users.
Once fallen into the trap, the hackers then retrieve the customer’s contact details such as his name, age and address, but also and above all their bank card numbers and account identifiers at Crédit Agricole. All this data is then sent back to a Telegram account to notify the hackers. vpnMentor believes that to date, at least 1,700 customers had their bank details stolen. It is likely that the group sought to sell this data. On some black markets, these can be redeemed for around € 55.
The same phishing kit used in a second phishing attack
The involvement of this phishing kit used against Crédit Agricole customers does not stop there. Indeed, a second group of hackers this time attacked Israeli users. To do this, they used the famous, but ineffective, parcel phishing technique, which has already proven itself over and over again. Pretending to be UPS, the latter sends an SMS to his victims telling them that their package has been delivered to a relay point. By clicking on the link, they are redirected to a payment page.
Again, the pirates were able to retrieve users’ bank details. This campaign would also be much more effective than the first, since it would have trapped around 4400 victims. Mostly Israeli, they are also found in the United States, Brazil, Saudi Arabia and Europe. In addition to using the same phishing kit, the two attacks have in common that they were carried out by hobbyist hackers, which is strongly felt in the technical limitations of these.
Hackers barely concealed their identities
Whether it’s one group or the other, every attack has its share of signals that can alert users. First, the written sentences regularly include grammatical and spelling errors. Secondly, we find in the fake SMS of UPS this sense of urgency often used by hackers to trick their victims into acting without thinking. At last, reduced links with the bit.ly tool are also sent in order to hide the real URL of the phishing site.
On the same subject: PayPal – new phishing attack in progress, watch out for this email!
What’s more, the two groups haven’t really bothered to cover their tracks. It didn’t take long for vpnMentor to track down the people behind the Crédit Agricole scam. They quickly had access to their location, phone number and WhatsApp profile picture. The same goes for the UPS scam. By digging a little, the experts easily came across the register of victims who clicked on the payment link, as well as on the list of recovered data.
On the other hand, the use of these phishing kits and their apparent effectiveness are worrying. Obtaining this software is obviously easy, which suggests that other malicious individuals got their hands on it. Especially since the gains are rapid. With a minimum of technical knowledge and efforts to set up the operation, it is easy to trap the first victims.