Thanks to the work of Threat Intelligence Team Of D3Lab it was possible to identify and catalog one campagna phishing to the detriment of Iliad and its customers.
The well-known telecommunications operator has more than 10 million customers in Europe: such a large number that it attracted the unwanted attention of cybercriminali.
According to what was revealed by D3Lab experts, the cyber criminals’ operations started from 20 domini created specifically, through which users are redirected to malicious sites.
The ultimate goal of cybercriminals is to obtain the data of credit cards o debt of customers, proposing a form for top-up of the telephone number fictitious. The sites used, as it is easy to imagine, were specifically created to disorientate potential victims, recreating the graphics of the official platform proposed by Iliad to the public.
After an analysis by the researchers, the modus operandi of cyber criminals was identified who, once data has been entered, collect the same and send it to phisher through Telegram. Here, a special group was created to collect the stolen information.
Phishing against Iliad: the attackers of Russian origin?
The identification of the group also made it possible to identify the five participants in it. The group administrator, such Mister Xseems to use Telegram in Russian language. This, combined with the name of another participant in the group, suggests that the cybercriminals may be part of a country where this language is used.
As for potential victims, it is best to remain vigilant. Before carrying out any type of top-up for services such as Iliad or similar, it is always a good idea to check that the site from which you are making the transaction is not only safe, but also corresponds to the operator’s official platform.
In a more general context, it is always important to guard sensitive information with great care, whether it is username, password, email addresses and, even more, data regarding debit/credit cards.