14 DAY TRIAL // Following the data breaches suffered by French telecommunications giant Orange, the company’s customers are increasingly targeted in phishing attacks, experts warn.
Bitdefender’s Anti-Phishing Lab has spotted some cleverly designed phishing pages. Experts highlight the fact that, unlike many phishing sites which are easy to recognize because they’re hosted on domains that have nothing to do with the targeted company, in this case, the cybercriminals are using more legitimate-looking URLs.
“The attacks are more sophisticated than common phishing and some web sites even ask Orange clients for specific banking data such as card numbers, expiration dates and the CVV – private details that should never be given out in such a way,” Bitdefender Online Threats Researcher Alin Damian says.
“I expect this phishing wave to continue this week, as cyber-criminals find great potential in this data, which they could sell on the black market or use for identity theft,” he adds.
The phishing pages seen by Bitdefender closely mimic the legitimate site to trick users into handing over their personal and financial details.
The rise in phishing attacks appears to be triggered by the two data breaches suffered by Orange this year. The first was announced in February, when the telecoms company revealed that hackers had managed to access the details of 800,000 users of the orange.fr website after breaching the My Account section.
Then, earlier this week, Orange announced a second breach, this time impacting 1.3 million people. In the second incident, the cybercriminals gained unauthorized access to the platform used to send out promotional messages to customers.
Passwords and financial information were not exposed in either of the incidents. However, the names, email addresses and phone numbers stolen by the attackers are more than enough for phishing scams.
On both occasions, the company rushed to warn customers about such cybercriminal schemes.
Since both data breaches made numerous headlines, it’s not surprising that phishers are leveraging the incidents to trick people. Now that many Orange customers are probably aware of the hack attacks, bogus emails that inform recipients of security or account updates might be regarded as being genuine by many.
Internauts are advised to check suspicious emails before clicking on the links or attachments they contain. If they contain grammar mistakes, poor quality images, or if they request sensitive information like passwords and bank account information, they’re likely part of a malicious scheme.
If you’re already a victim of such a phishing scam, change your Orange password immediately. If you’re using the same password for multiple services, change it there as well. In case you’ve handed over financial information, contact your bank.