The operator announced that it had been the victim of a hack which exposed the personal data of its customers. The risks of phishing, or phishing, are significant for the targeted people.
SFR announced on Thursday September 19 that it had been the victim of a hack which resulted in a leak of the personal data of its users. The intrusion resulted in unauthorized access to personal data, the nature and volume of which should encourage victims to be extremely vigilant. According to the operator, the compromised data covers “name, first name, contact details provided at the time of the order (telephone number, email and postal address, delivery address if applicable), contractual data (subscribed offer, content of the order) as well as the identification number of the terminal and of the SIM card (for mobile terminal commands“.
More problematic, for some customers, this data leak also concerned IBANs, the number which allows a bank account to be identified. The operator ensures that passwords, call details and the content of messages sent are not affected. The incident was notified to the CNIL and is the subject of a complaint being filed with the public prosecutor.
Thousands of potential phishing victims
This data leak left thousands of people vulnerable to cyberattacks. phishinga technique used by cybercriminals to harvest personal information for malicious purposes. Scammers could therefore use emails, SMS or directly by telephone to obtain your credit card data, which allows them, for example, to make purchases on the Internet or resell the stolen information.
4 million bank cards hacked and sold on the Dark Web: how to protect yourself?
Maud Lepetit, France manager at Surfshark and specialist in cybersecurity, recommends check sender email address and typos in the body of the email. If you think the sender is not legitimate, contact the organization they claim to be from and ask if the email is legitimate. Another advice, if you are prompted to click on a link, hover over it before clicking. “If you’re using Chrome, when you hover over a link, the link address appears in the lower left corner. Make sure the link starts with “HTTPS» (and not “HTTP”) and that the name of the website matches that of the organization the sender claims to be», recommends the specialist. The HTTP protocol transmits data unencrypted, which means that information sent from a browser can be intercepted and read by third parties.
Pay attention to the “unsubscribe” button
Maud Lepetit also advises be wary of the “unsubscribe” link/button. “If you are receiving an email for the first time from a sender with whom you have never had contact before, the rule of not clicking on any links includes the “unsubscribe” link. Threat actors often exploit this feature to trick you into following the malicious link“, she says.
Finally, always be wary of requests for personal information. If the sender asks you to disclose sensitive information such as your name, password, or even worse, your banking details, this is a clear sign of a phishing email and a hacking attempt.
Receive our latest news
Every week, the key articles to accompany your personal finance.