impots.gouv

Impots.gouv: a clone of the official site steals your banking data

Remember it was already two years ago, a group of hackers had put online a clone of the official site of impots.gouv.fr, a fraud which did not go unnoticed because thousands of people have their banking details stolen. A look back at an episode that is unfortunately not isolated.

The scam was short-lived but before the alert was given by the general directorate of public finances, on October 10, 2019, hackers had time to exploit a clone of the official website impots.gouv.fr for a vast phishing attack via, in particular, a large fraudulent mailing campaign.

Impots.gouv: A vast phishing campaign under the cover of tax refund offers

Presented in the form of a page similar to that presented on the official website, the user thus trapped had to indicate their username and password to access a hypothetical reimbursement. Suffice to say that it did not bode well to indicate your personal data in the form, otherwise, they would have ended up straight away, in the hands of unscrupulous hackers.

With this data in their possession, all they had to do was connect to your personal space, official this time, and retrieve their victim’s personal data as well as the banking data linked to the account dedicated to paying taxes.

There is only one way to determine if you are on the official tax website, and that is to simply check the URL, by which I mean the address of the website you are on. The latter is simply found in the address bar of your internet browser. However, some will have seen nothing but fire, in fact, very clever, the hackers have pushed the vice to the point of using an address similar to the official site https://www.impots.gouv.fr/, “http://impots.gouv.app”, the official extension “.gouv.fr” being replaced here by a simple “.app”. Although it has been around for a while now, hackers continue to use the same technique to extort various connection details and other personal or banking data from their victims. So be careful before clicking on a link from your emails, whether they are dubious or appear official.

A lire également  Alibaba victim of colossal data leak