Phishing
The fraudsters want to log on to your accounts and use your money. To do this, they try to retrieve your personal data by imitating e-mails from your bank (or other organisations). They then redirect you to a false site which imitates the real site in order to retrieve your identifiers.
How do you spot a phishing e-mail?
The logos and signatures are easily copied, so direct your attention more to the content of the message. To get you to act on the spur of the moment and without thinking, the fraudsters give major reasons requiring you to take urgent action: an alert on your account, a notification in your inbox, your card being blocked, new regulations.
Remember: the URL of your Banque Transatlantique site always starts with https://www.banquetransatlantique.com! To check you are definitely on a Crédit Mutuel-CIC site, install the CM–CIC confidence bar.
Vishing and SMShing
There are variants of phishing using the telephone (known as « Vishing » for « Voice Phishing ») or SMS (known as « SMShing »). You should therefore be wary of any unexpected contact which asks you to do something unusual.
What do I do if I receive a phishing e-mail?
- Do not click on any links in the e-mail or on any attachments.
- Transfer the suspect e-mail to our department dealing with fraudulent e-mails: phishing@cic.fr.
- Lastly, delete it.
You think you have responded to a phishing e-mail
- Change the password you use to access your accounts straight away.
- Contact your advisor as soon as possible.
For any attempt at fraud not directly involving {{perso.dico.banque-le}}
You can notify the competent organisations (in french):
- to report illegal Internet contact, go to www.internet-signalement.gouv.fr ;
- to report a spam SMS or an unwanted call, go to www.33700.fr ;
- to report a spam e-mail, go to www.signal-spam.fr.
Your identifier and password are secret. Do not divulge them to anyone!
Ransomware
Ransomware is malicious software which takes your personal data hostage by encrypting it. To retrieve it, you have to pay a ransom. This software is often contained in attachments to unusual and unexpected e-mails.
Its variant, « extorsionware », blocks an on-line service account and threatens to expose your personal software if you do not pay the ransom.
Romance scams
The scammers create false profiles on meeting sites and social networks by using photos of men and women retrieved from the Internet. They are very proficient in their use of computer tools, touching up pictures and using video bit streams pre-recorded on their webcams.
They then hold conversations, sometimes over months, to put their victim at ease. Once confidence is established, they invent a reason to extort money from their victim. Some examples: request for help to buy an airline ticket to meet their victim, for a member of their family who has fallen ill or has been the victim of an accident.
The scammers may also ask you to cash a cheque (stolen) in exchange for a money transfer or prepaid cards. As the cheque is stolen, cashing it is at the costs and responsibility of the victim.
Remain vigilant:
- Do not send money to anyone whose identity you cannot verify;
- do not divulge your bank details to individuals met on the Internet.
Sometimes, exchanges take place during a video conversation and are more « intimate ». The pictures collected are then used by the scammers to carry out webcam blackmail, to extort money in exchange for them being withdrawn.
Sales scams between individuals
- If you are a seller, beware of buyers in a hurry who want to buy what you’re selling from a distance without having tried it. This is often a technique for gaining your confidence and obtaining your bank details.
- If you are a buyer, beware of offers which are too enticing. Scammers put up for sale or hire goods for which they only have a photo. Any bank transfer carried out is irrevocable and final.
Windfall swindle
Have you received an announcement about an unexpected inheritance, income or source of revenue? Such news rarely arrives by e-mail. Beware of documents presented or sent to you. Moreover, any request for proof of identity or residency, RIB/IBAN or money for payment of expenses is suspect and fraudulent in this context.
Within a company: scam involving the Chairman or a supplier
Armed with a good knowledge of the company, some scammers don’t hesitate to masquerade as absolutely anyone during a telephone call, or in a letter or e-mail.
- spoofing the chairman or an executive of the company: the aim of the scam is to incite an employee to make a payment outside of any procedure by raising imperatives of discretion and confidentiality;
- spoofing a supplier or lessor: here, the scammer masquerades as one of the usual suppliers and claims to have changed their bank.
It is essential to establish and comply with strict procedures for any payment under all circumstances. Check the information given to you and get in touch with your usual contact without using the contact methods shown in the suspect message.
For more information, see the guide to bank transfer orders for companies [PDF in french – 279kb] issued by the Fédération Bancaire Française (French Banking Federation).
Within a company: bank transfer fraud following a software update or false computer test
This fraud was created with the implementation of the SEPA standard but is still around: after having studied the workings of the company, the scammer usurps the identity of a bank employee and contacts the company accountant. They ask the accountant to carry out « test » operations which are in fact actual transfers.
There again, compliance with established procedures make it possible to foil these frauds and scams.