October 30, 2017
In early October, 145.000 employees from the French Ministry of Economy and finances as well as independent agencies personnel received emails containing an offer to win Theater tickets. The emails were signed by Jean Baptiste Poquelin, Emma Bovary, Therese Desqueyroux or. [Side Note for our foreign friends: the above are famous names of French Literature: respectively the real name of the playwright “Molière”, the main character from “Madame Bovary” and the title of a novel by François Mauriac]. Not noticing anything amiss with the sender’s names, more than 30.000 recipients clicked on the link contained in the email.
Fortunately, the email originated from the IT security service of the French Ministry of Economy and Finance, who performed the operation for educational purposes. The proposed link redirected toward a webpage raising awareness about cybersecurity. Fortunately, no harm was done as it was not a real phishing attempt.
More than 150 computers from the same Ministry had been infected between December 2010 and March 2011. Six and a half years later, the above-mentioned initiative had a beneficial effect as it raised questions in a context where cyberattacks are increasing.
It is easy, for an ill-intentioned person, to send a convincing email, pretending to be a trustworthy contact. Fraudsters are creative and use various techniques. Some of these techniques, such as the Email Spoofing, can be countered by dedicated technical measures (antispam servers, SPF, DKIM, DMARC …).
However, some emails will fall between the cracks and the vigilance of the recipient will be the last line of defense. The following details however should raise alarm bells and incite the recipient not to engage in any interaction with the sender but to transfer the mail to the relevant services for advice:
Our monitoring tools allow the detection of domain names susceptible to be used by ill-intentioned persons for impersonation purposes.
Our teams are at your disposal for any query regarding our services.