Internet and banking security |

Scams and fraud on the Internet

Phishing

The fraudsters want to log on to your accounts and use your money. To do this, they try to retrieve your personal data by imitating e-mails from your bank (or other organisations). They then redirect you to a false site which imitates the real site in order to retrieve your identifiers.

How do you spot a phishing e-mail?

The logos and signatures are easily copied, so direct your attention more to the content of the message. To get you to act on the spur of the moment and without thinking, the fraudsters give major reasons requiring you to take urgent action: an alert on your account, a notification in your inbox, your card being blocked, new regulations.

Example of phishing e-mail

Capture d’un e-mail frauduleux

Remember: the URL of your BECM site always starts with https://www.becm.fr! To check you are definitely on a Crédit Mutuel-CIC site, install the CMCIC confidence bar.

Vishing and SMShing

There are variants of phishing using the telephone (known as « Vishing » for « Voice Phishing ») or SMS (known as « SMShing »). You should therefore be wary of any unexpected contact which asks you to do something unusual.

What do I do if I receive a phishing e-mail?

  1. Do not click on any links in the e-mail or on any attachments.
  2. Transfer the suspect e-mail to our department dealing with fraudulent e-mails: phishing@creditmutuel.fr.
  3. Lastly, delete it.

You think you have responded to a phishing e-mail

  1. Change the password you use to access your accounts straight away.
  2. Contact your advisor as soon as possible.

For any attempt at fraud not directly involving la BECM

You can notify the competent organisations (in french):

Your identifier and password are secret. Do not divulge them to anyone!

Ransomware

Ransomware is malicious software which takes your personal data hostage by encrypting it. To retrieve it, you have to pay a ransom. This software is often contained in attachments to unusual and unexpected e-mails.

Its variant, « extorsionware », blocks an on-line service account and threatens to expose your personal software if you do not pay the ransom.

Romance scams

The scammers create false profiles on meeting sites and social networks by using photos of men and women retrieved from the Internet. They are very proficient in their use of computer tools, touching up pictures and using video bit streams pre-recorded on their webcams.

They then hold conversations, sometimes over months, to put their victim at ease. Once confidence is established, they invent a reason to extort money from their victim. Some examples: request for help to buy an airline ticket to meet their victim, for a member of their family who has fallen ill or has been the victim of an accident.

The scammers may also ask you to cash a cheque (stolen) in exchange for a money transfer or prepaid cards. As the cheque is stolen, cashing it is at the costs and responsibility of the victim.

Remain vigilant:

  • Do not send money to anyone whose identity you cannot verify;
  • do not divulge your bank details to individuals met on the Internet.

Sometimes, exchanges take place during a video conversation and are more « intimate ». The pictures collected are then used by the scammers to carry out webcam blackmail, to extort money in exchange for them being withdrawn.

A dummy call from someone you know

If you receive an e-mail from one of your contacts asking you to send them money, this could mean that their e-mail address has been hacked. The fraudsters try to gain your sympathy by mentioning an attack or theft requiring your financial support.

The only way to ensure that your contact really is in this situation is to call them, even if the message asks you to respond by e-mail only.

Sales scams between individuals

  • If you are a seller, beware of buyers in a hurry who want to buy what you’re selling from a distance without having tried it. This is often a technique for gaining your confidence and obtaining your bank details.
  • If you are a buyer, beware of offers which are too enticing. Scammers put up for sale or hire goods for which they only have a photo. Any bank transfer carried out is irrevocable and final.

Windfall swindle

Have you received an announcement about an unexpected inheritance, income or source of revenue? Such news rarely arrives by e-mail. Beware of documents presented or sent to you. Moreover, any request for proof of identity or residency, RIB/IBAN or money for payment of expenses is suspect and fraudulent in this context.

Within a company: scam involving the Chairman or a supplier

Armed with a good knowledge of the company, some scammers don’t hesitate to masquerade as absolutely anyone during a telephone call, or in a letter or e-mail.

  • spoofing the chairman or an executive of the company: the aim of the scam is to incite an employee to make a payment outside of any procedure by raising imperatives of discretion and confidentiality;
  • spoofing a supplier or lessor: here, the scammer masquerades as one of the usual suppliers and claims to have changed their bank.

It is essential to establish and comply with strict procedures for any payment under all circumstances. Check the information given to you and get in touch with your usual contact without using the contact methods shown in the suspect message.

For more information, see the guide to bank transfer orders for companies [PDF in french – 279kb] issued by the Fédération Bancaire Française (French Banking Federation).

Within a company: bank transfer fraud following a software update or false computer test

This fraud was created with the implementation of the SEPA standard but is still around: after having studied the workings of the company, the scammer usurps the identity of a bank employee and contacts the company accountant. They ask the accountant to carry out « test » operations which are in fact actual transfers.

There again, compliance with established procedures make it possible to foil these frauds and scams.