5 million people had their bank details stolen.
This is the big concern of the moment. There are 5 million Free customers whose personal data was stolen by a hacker: name, email and postal addresses, telephone number, subscriber ID, IBAN and contract data (type of offer subscribed, subscription date, active subscription or less) have fallen into the hands of the criminal. A gold mine already resold and wandering in digital nature…
But what can hackers actually do with an IBAN? We tried to put ourselves in their shoes by interviewing an expert in the sector: Jean-Jacques Latour, director of cybersecurity expertise at Cybermalveillance.gouv.fr, the official body that fights against this type of scam. Decipher the consequences of this act and confirm that those who have this data can carry out operations aimed at extracting money, without the consent of the account holder. The risk of tens or hundreds of euros being stolen is therefore very real.
Using an IBAN the hacker can easily set up a fraudulent direct debit, explains our expert. This is also the main purpose of having an IBAN. If “this is not done”, “not all organizations are always attentive”, points out Jean-Jacques Latour. The criminal simply needs to know a site on which the authorization of the direct debit mandate is carried out without validation via SMS or via his bank’s application and that’s it.
From that moment on, the victim will see charges appear on their account for which they are not the originator. But you have to be careful! The hacker will not necessarily withdraw 100, 200 or 500 euros at once. “These withdrawals can be of small amounts: a few euros or tens of euros, which can become recurring,” warns Jean-Jacques Latour. Charges of €1, €5, €10, etc. are common. Be careful not to confuse them with the purchase of a wand or a possible subscription.
Especially since the labels are obviously not clear and hackers consciously play on the confusion: they are usually the name of a large company with only one letter of difference or an obscure title. Subscriptions to “press” services or to take advantage of “promotions” are among the fraudulent deductions regularly noted by this state agency official.
The “advantage” of these forms of collection is that they can be stopped easily and quickly. A simple objection from your personal space or by calling your advisor is sufficient. You have 13 months to dispute an improper withdrawal if it comes from the European Union, Iceland, Norway or Liechtenstein. The deadline is 70 days if it comes from another country on the globe. In any case the bank will reimburse you. From then on, the hacker will be blocked… for this collection. But he can start again freely.
The other concern concerns the contraction of consumer credit. Can a hacker, amateur or professional, subscribe to one by stealing your banking identity? It is more difficult, if not impossible, for a hacker to do this with just an IBAN. “You need to provide a RIB and an identity document,” explains Jean-Jacques Latour. Above all, if the operation still manages to be successful, “you find yourself in a withdrawal situation that you did not authorize and which therefore can be stopped immediately”, reassures this industry expert. Especially since (very) few banks accept that consumer credit is paid into one account (that of the hacker) and reimbursed into another.
Be careful though: you obviously need to be vigilant, but you shouldn’t believe that if fraudulent samples don’t arrive in the next few weeks it means you’re out of danger. Since the IBAN is valid as long as your bank account is open, the scammer can act at any time, even several months later.
Time.News Interview: Understanding the Risks of Stolen IBANs
Interviewer: Mark Johnson, Editor of Time.News
Expert: Jean-Jacques Latour, Director of Cybersecurity Expertise at Cybermalveillance.gouv.fr
Mark Johnson (MJ): Welcome, Jean-Jacques, and thank you for joining us today. There’s a significant concern among Free customers right now, with reports indicating that five million individuals have had their banking details compromised. Can you explain the implications of this data breach?
Jean-Jacques Latour (JJL): Thank you for having me, Mark. The breach indeed poses severe risks. When hackers gain access to sensitive information like names, addresses, and particularly bank details such as IBANs, they hold the potential to exploit that data for financial gain. This can lead to unauthorized transactions, putting victims’ finances at serious risk.
MJ: You mentioned that hackers could use an IBAN to set up fraudulent direct debits. Can you elaborate on how this process works?
JJL: Certainly. Using an IBAN, a hacker can initiate direct debits from a victim’s account without their consent. The process is alarmingly simple. If they find a service that allows them to authorize a direct debit without additional verification—like SMS confirmations or app approvals—they can begin withdrawing funds.
MJ: That sounds incredibly concerning. Are there specific tactics that hackers employ to make these withdrawals less noticeable?
JJL: Yes, and that’s where it gets particularly insidious. Instead of withdrawing large sums in one go, which would raise immediate alarms, hackers often opt for smaller amounts—just a few euros at a time. This allows them to fly under the radar, making it easier for these charges to go unnoticed.
MJ: This is truly alarming. What advice do you have for individuals who might find unexplained charges on their accounts?
JJL: The most important thing is to monitor your bank statements closely. If you see unfamiliar charges, especially those that are small and poorly labeled, investigate them immediately. Hackers tend to use vague descriptions that can easily lead to confusion, often mimicking legitimate services or subscriptions.
MJ: In terms of prevention, what steps can individuals take to protect themselves from becoming victims of such scams?
JJL: There are several critical steps individuals can take. First, ensure your banking setup includes two-factor authentication wherever possible. Next, be cautious when sharing your bank details or signing up for new services—always verify their legitimacy. And report any suspicious transactions to your bank without delay.
MJ: Thank you for these insights, Jean-Jacques. as we navigate an increasingly digital world, what role does Cybermalveillance.gouv.fr play in helping citizens avoid such cyber threats?
JJL: Our primary goal is to educate and support the public in recognizing and combating cyber threats. We provide resources for individuals and organizations, such as guidance on safe online practices and assistance when they encounter scams. Collaboration with law enforcement and financial institutions also plays a crucial role in tackling these issues collectively.
MJ: Thank you, Jean-Jacques, for shedding light on this important topic. As we see more technological advancements, your advice is invaluable for safeguarding personal financial information.
JJL: Thank you, Mark. It’s essential for everyone to stay informed and proactive in protecting their data.
As the interview concludes, it is clear that the issue of stolen banking information is a pressing concern demanding vigilance and proactive measures from individuals. In a world where technology can both empower and exploit, staying informed is more crucial than ever.
