A phishing attempt that partially worked :-(

Where it all started: my real bank asked me to do it

It actually all started with my real bank, the Crédit Agricole which is currently sending emails/reminder that I must upgrade my account with their latest security procedure (called Securipass). This will become mandatory.

Where I was lured…

This morning I received another reminder via SMS. I thought yes… my bank is hassling me to do that these days, let’s fix it now because it seems it becomes urgent as something will be deactivated and I have time for once :-).

First SMS — redirecting to phishing server —
  • The name of the SMS sender “infoCA” pretty real
  • The URL is made up of “securipass” and “ca” (derived from the bank name).
  • It is registered as a .fr

The scam website

The website is a clone of the original website. It first requires that I enter the local agency I depend on (so it does not cut to the chase).

First Page of the website

The fake two factor authentication

This is where things become ugly and actually well-engineered. A strong authentication (mobile based) is enforced with the real phone number of the bank.

After

After the page requesting credit card information, I was super skeptical at this point, but still not 100% sure. Of course, things are obvious when reading afterwards — let’s say I was 95% sure and needed to reach 100% as an old-school engineer — .

What’s next

First, I will just never ever click on any link received by SMS anymore.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store