In an e-mail with the alarmist title, the author of a phishing is made pass for a member of the police force. He asks to send him photos of identity documents, as well as screenshots of the health pass, which must not be done.
It is an incredible email that Maxime Haes received this Friday, September 10, entitled ” Inquiry Concerning You “. The mail is decorated with the logo of the national police, and explains in a sober and serious tone that ” health pass fraud suspicion investigation and use of health pass without owning it », Could be brought against him. The email specifies that the penalty incurred for ” for forgery or use of forgery can go up to three years in prison and a fine of € 45,000, according to article 441-1 of the penal code) (Which is true).
In order to prove that he has an authentic health pass, Maxime Haes must absolutely provide proof, specifies the author of the email, a certain ” Brigadier Laurant Casinier “. And for that, nothing could be simpler: all he has to do is send, by email, ” a screenshot (sic) of the health pass, a photo of the health pass in paper version, or a pdf version of your health pass, as well as the photo of the front and back of the identity card (sic) with the same name (sic) as the health pass and a selfie photo holding the identity card. “
If you have received a similar email, do not reply, and above all do not send any document: this is a phishing attempt.
A very convincing phishing
The phishing attempt is particularly well done. The police logo is at the top of the email, the color codes are respected, the tone is serious, and there are few spelling mistakes. An explanatory drawing concerning the selfie that should supposedly be sent is even attached to the email.
” It’s a bunch of phishing, but the way it uses police graphics and the same terms make the email look completely like a real one. », Says Maxime Haes, reached on the phone by Numerama. ” It really surprised me, I told myself that it was a real effort, that the person had gone quite far in the construction of the phishing “. Maximes Haes was however alerted by the email address, whose domain name is ” police-national.fr (sic) “. This is not the right one: apart from the major spelling error, police officers use “interieur.gouv.fr” e-mail addresses, and this is what put the chip in his ear. It also seemed strange to him that the police would contact a person who was under investigation by email, instead of contacting them by phone.
Maxime Haes did not respond to the email. On the other hand, he immediately shared it on his twitter account, in order to warn as many people as possible of the dangerousness of this phishing. ” We’re not going to lie to each other: this is the most realistic phishing attempt ever sent to me. Up to “police-national[point]fr ”in the mail. Pay attention. Notify your parents / grandparents », He writes in another tweet. He also warned his relatives, who fortunately had not received emails of this kind.
Mdr it starts. It adapts quickly say so. And it takes people really for idiots that smokes me. pic.twitter.com/uFH2qIW4vq
– Max. (@MaximeHaes) September 10, 2021
“Sup your tweet”
However, his prevention post on social media did not please the hacker apprentice, who saw his tweet. While Maxime Haes had not responded to the first email, the person posing as the ” Brigadier Laurant Casinier Sent him another email. Entitled this time ” sup your tweet », The false policeman writes “Hello big suprime (sic) your tweet c not cool “. He will also receive another email from him, in which the hacker believes he ” shame », After Maxime shared his first message on twitter.
” The way he sends e-mails reminds me of a teenager », Analyzes Maxime Haes. A conclusion shared by Numerama, because we were also able to exchange by email with the hacker. A surreal conversation to say the least.
The apprentice hacker told us that he was not part of the police, but that he was an agent of the ” FBI “, And that he had a” IQ [de] 1337 Before admitting that each health pass saved him money. He also told us that he had managed to recover one ” insane amount Thanks to this phishing. When we asked him if he knew that attempts to phishing, collecting personal data by fraudulent means, and impersonating a public service official were punishable by heavy penalties, he did not answer us. .
We can of course absolutely not trust the words of this apprentice hacker. It remains very difficult at this stage to know how much phishing is circulating, if the person we spoke to is indeed the originator of the phishing, and if he or she was indeed successful in retrieving health passes and photos of identity cards. However, phishing has already been reported, as indicated by the Signal Arnaque site, where it has been the subject of a page since this morning. It would therefore seem that the email is circulating quite widely.
The first reflex to have: check
The first instinct to have if you receive this kind of email is to carefully check certain points, such as the origin of the email, or any spelling errors. In case of doubt, do not hesitate to contact the company or organization concerned directly, as explained by the government’s dedicated cyber-surveillance service. It’s also important to remember that if someone asks you to send official documents, such as photos of your ID documents, this should only be done if you have absolute confidence in the sender of the message and have confirmed their identity. It is also strongly advised not to share your health pass online.
This phishing is reminiscent of another, which also concerns the police. Apprentice pirates had passed themselves off as a service of the ” central directorate of the national judicial police “. Without malware and not very credible with its many spelling mistakes, this phishing was fortunately quite harmless.
But the one sent by the ” Brigadier Laurant Casinier Is unfortunately much more realistic, especially since it plays on the victims’ fear of being fined heavily. In the context of a health crisis, and where fraud attempts to obtain fake health passes are very real, such an email can be very dangerous.