Laurent Verdier: "Phishing is the number one threat to the general public"

Phishing techniques, behaviors to adopt, new trends.

Laurent Verdier: "Phishing is the number one threat to the general public"

Phishing techniques, behaviors to adopt, new trends... As a prelude to the webinar dedicated to bank fraud on January 24, 2023, the Director of the Awareness Unit of, Laurent Verdier, answered questions from .

Director of the Awareness Unit of Laurent Verdier has a solid background in cybersecurity. In 2002, he decided to reconcile his interest in investigation and new technologies by joining the department specializing in computer hacking at the Prefecture of Police. Procedural, investigator, he then took the head of the assistance group of the Brigade of investigations into information technology fraud (BEFTI) before joining the former Territorial Surveillance Department. Subsequently, he became a liaison officer between the Ministry of the Interior and the National Agency for Information Systems Security, before continuing with three additional years at BEFTI as Chief of Staff. It is in 2020 that he will join the system to manage the awareness center, "made available by the Ministry of the Interior as a member of the system".

Before the webinar dedicated to online banking fraud on January 24, 2023 at 6 p.m., of which he will be one of the speakers, Laurent Verdier has agreed to answer our questions. You can now register for the event below.

L.V. : "In France, part of the population is in a phase of dropping out or of anxiety in the face of the progressive digitization of all State services. There is a problem of fragility and lack of culture, which makes its people more vulnerable when they are targeted by cyberattacks.For a year and a half now, we have been working closely with all the actors of mediation and digital inclusion, in particular since the ANCT (National Agency for cohesion and territories, editor's note) joined the system in January 2022. Our main objective is to participate in their tools for raising awareness of digital risk in order to help the populations they support to be more autonomous. and vigilant vis-à-vis cybercriminals".

L.V. "The platform was created with three main missions for three audiences. Individuals, VSEs-SMEs and local authorities. Based on a report by Marc Robert (Procureur Général in Riom, editor's note), in 2014, which was responsible for leading a working group intended to take stock of cybercrime in France and propose recommendations to improve its treatment, elements were included in the national strategy for digital security in France from 2015. Our The authorities then requested the creation of a one-stop shop intended to provide these three audiences with immediate assistance if they were ever victims of cyber-maliciousness, in order to be able to send them recommendations, or even put them in contact with an IT professional to repair their system, first. Design and make freely available content on current threats, and awareness tools with appropriate recommendations. tees. Finally, observe the digital risk and be able to consolidate these elements, report them to our authorities to better guide public policies in this area".

L.V. : "There is no typical profile. The attackers, especially since the first confinement, have multiplied the volume of their attacks. We like to say that they are more sophisticated, I prefer to say that they are more astute. C Above all, it's the behavioral and human elements on which the attackers try to play. By sticking very closely to the national context, with fake gel sites, gloves, travel certificates, or non-existent covid bonuses, for example. The goal is to get the target out of his usual reaction paths, either by stress, or by the lure of gain, or by fear or doubt.Today, we do not always take measures of vigilance and necessary attention. So, we fall too easily into the trap."

L.V. : "You have to take the time before responding and acting when you have a doubt. Above all, you must not be alone, talk to a trusted third party, then come to to find out if this modus operandi is already known. What we also recommend, to allow the Gendarmerie or the Police to make connections, to investigate and to initiate proceedings against the perpetrators, is to file a complaint. We propose on the course of assistance from, a number of proposals and referrals to the nearest Gendarmerie brigade or a police station, or even to the THESEE platform which was set up by the Ministry of the Interior and which allows you to file a complaint online for a number of cybercrime offences.

And if I have had my account hacked online, the first thing I have to do is notify my banker with my usual contact details, the bank adviser I know and report these elements indicating that I am the victim of a hack and potentially fraudulent financial transfers. Then, since my email account has been hacked, and the attacker potentially has access to all my contacts, I must warn my contacts and inform them of a risk of identity theft, "do not fall in the panel". We must not remain in guilt and / or shame.

L.V. : "This figure is not known, but from my experience, I think that out of 10 victims of cyber-maliciousness, four to five maximum will file a complaint. I hope that the THESEE platform will encourage the filing of a complaint because it "It's a positive legal step, which will allow you to be officially referenced as a victim, first of all. Then, allow investigators to make connections if the investigation concerns many similar cases".

L.V. : “The vast majority of cyber-maliciousness has its transposition into criminal law. of a company or a community, we are in an illegitimate access to an automated data processing system, and we can fall into the attempt of extortion.If the investigation makes it possible to go back to the origin of the attack, identify machines, systems, and their respective users, you incur the penalties provided for by the offenses concerned, for example, five years in prison for a fraud.

L.V. : "The fundamental movement is phishing. It is the number one threat for the general public. In other words, the ability of attackers, by email, by sms, by telephone, to usurp the quality of a sender, to deceive the target, in order to make him communicate an identifier, a password, or to make him click on a link. From this fundamental movement, we observe a multiplication of the forms that the Phishing campaigns Fake package delivery scams, fake vital card update scams, fake financial advisors, etc. Fear, anxiety, or attraction can lead to hand something over voluntarily.

Today, it is rather the form that the successive phishing campaigns will take that are changing and sticking to the news. The proposed fraudulent purchase of the Crit'Air sticker for example. Thanks to the telephone, we are permanently connected to the web, and any verification operation is a little more complicated to carry out, especially since we are often on the move. This transformation of our habits implies a change in our habits of vigilance. We have seen a strong growth in these SMS phishing campaigns, and that is the big problem. It really developed in the second half of 2021."