This week Malcovery is noticing that the EDF phish are back, with a twist! The current EDF phish are asking for documents with an enormous value for identity theft and are targeting many different French banks with the information. Here's what a currently live phishing site looks like:
Zooming in on the data being requested, we see typical information.
Email, Password, Title, Name, Address, City, Postal Code, and Date of Birth.
While EDF has world-wide operations, a large number of their tens of millions of utility customers are in France.
The email they receive is likely to be the same one seen in France last year that advises:
Votre paîement a été refusée par votre établissement bancaire. […] Pour éviter la pénalités de retard, nous vous donnant la possibilité de payer en ligne en utilisant votre carte bancaire.
(or in English: "Your payment was declined by your bank ... To avoid late fees, we give you the option to pay online using your credit card.
After providing the basic information, they are prompted to choose which bank issued the credit card they will be using to pay their bill:
Axa Banque Banque populaire BNP Bred Caisse d’epargne Credit agricole Credit mutual Credit du nord CIC HSBC Societe generale La banque postale LCL Autres
and then enter their Credit Card information:
The most interesting part of the phish, however, is what comes next! The Phishers then tell them that in order to prove they are really in charge of this account, they must upload at least two forms of proof of identity!
- Identity Card
- Credit Card
- A copy of a Bank statement
- An invoice proving the address
Although this case is most accurately described as an EDF phish, there are actually thirteen targeted banks, and an unlimited number of forms of identity theft that could occur if some victim were to provide all of the requested information. Just another example of how the phishers use FEAR (an unpaid Utility bill that could result in Termination of Service) to steal our credit card information!