Free and its subscribers continue to measure the consequences of the cyberattack that hit the company a little over a year ago. The operator launched an information campaign intended to warn its subscribers that a particularly pernicious phishing campaign, because it was based on 100% authentic documents, was taking place.
This story began in the fall of 2024, when a hacker launched a major social engineering operation which consisted of contacting Free employees by telephone pretending to be an IT department agent. The deception proved very effective; he apparently managed to convince several employees to give him their professional identifiers, those which allowed them to access the company’s internal tools.
With these keys in hand, he moved on to the second stage of his plan: freely rummaging through the company’s servers to extract valuable data, starting with the databases that list customers, their information and their documents. In total, he was able to recover the names, first names, addresses, or even telephone numbers associated with approximately 19 million accounts…but not only; he also left with several million IBANsthese unique identifiers associated with bank accounts.
The sequence of events is a little more vague; It is difficult to know if the author of this cyber-heist resold all this information on the dark web, or if he kept it warm with the intention of using it later, once the dust had settled. What is certain, however, is that the person who currently owns these IBANs recently decided to take action.
A sophisticated phishing campaign
On the support page of its site, Free published a post concerning an “ongoing phishing wave”. This attack is particularly sophisticated; unlike the fake emails riddled with mistakes and inconsistencies that some amateur scammers tend to send, this criminal managed to imitate Free’s communication methods with a remarkable level of fidelity. “This message uses our visual identity and contains no errors, which makes it particularly credible and difficult to spot.“, explains the company.
The only inconsistency in these messages is that they contain a personal IBAN of the recipient. These are not randomly generated sequences of characters, but ratherIBAN everything that is most real – the very ones who were exfiltrated during last year’s hack.
For users who aren’t particularly familiar with these scam attempts (or may have forgotten about the 2024 attack), this is a particularly compelling detail. After all, this is confidential data that only the user, their bank and the Free operator are supposed to know. Its presence therefore gives the message an appearance of technical and administrative authenticity, and reinforces the illusion that the message comes from a legitimate source.
In addition, the IBAN spontaneously evokes official procedures such as direct debits or refunds – an effect that the crooks behind this phishing campaign have handled with great mastery, since the message mentions a “new European regulations” which asks for a “urgent check of subscriber’s banking information before a deadline“.
How to react?
In its alert, Free however insists that the company “will never display your banking details in plain text in its emails and SMS (name of your bank, IBAN number and BIC code)“If you receive an e-mail apparently sent by the operator which contains these elements, you can be sure that it is a scam. If so, Free reminds you of the importance of not responding to the message, and of reporting it on the SignalSPAM platform before deleting it.
🟣 To not miss any news on the WorldOfSoftware, subscribe on Google News and on our WhatsApp. And if you love us, .
