Orange France Hacked Again; Bitdefender Sees Targeted Attacks Increase

The number of phishing attacks against Orange France has jumped since a recent cyber-attack on the company, the second to hit the telco this year. Personal data of more than 1.3 million victims is still at risk, according to media reports.

The Bitdefender Anti-Phishing Lab has seen a recent rise in phishing attacks targeting Orange France. While most phishing attacks are easy to notice due to their unrelated web address, the recent Orange imitators also include the company’s name in the URL, making it difficult for non-savvy users to spot.

“The attacks are more sophisticated than common phishing and some web sites even ask Orange clients for specific banking data such as card numbers, expiration dates and the CVV – private details that should never be given out in such a way,” Bitdefender Online Threats Researcher Alin Damian said.

“I expect this phishing wave to continue this week, as cyber-criminals find great potential in this data, which they could sell on the black market or use for identity theft.”

Orange acknowledged the 18 April breach and said hackers accessed data used for its email and SMS marketing campaigns. Cyber-criminals made off with subscriber names, dates of birth and phone numbers of about 4.9 percent of the company’s subscriber base. Clients expressed their anger on the company’s Facebook page and complained of receiving phishing emails relating to bounced invoice payments.

Here are some recent phishing attacks that Bitdefender caught and blocked:

The hacking attack came two months after hackers stole 800,000 customer details via the “My Account” page, where they managed to make away with names, email and street addresses, customer IDs and phone numbers.

Bitdefender advises French users to avoid opening e-mails you are not sure of, even if they seem to be sent by reputable companies. The antivirus software company also offers additional security advice:

“¢ Check for e-mail oddities: images of poor quality, grammar mistakes, words in a different language. Also, remember that an authentic company will never ask for your credentials or banking details via e-mail.

“¢ When in doubt, go to the official website of the service you`re subscribed at by typing the address directly in the browser without clicking on the text or links in the e-mail.

“¢ Do your research on the Internet to check if there`s a phishing alert taking advantage of that particular service or company.

“¢ You can always call the company allegedly sending you the e-mail to check if it is fake.

“¢ Finally, don`t trust the e-mail address of the sender, because scammers can also use a trick that may hide their real e-mail address.

Users can find more details about phishing baits hiding underneath e-mails in this made in France article: http://www.hotforsecurity.com/blog/underneath-e-mails-phishing-attacks-6388.html.