In mid-December 2017, five young people living in the Drôme region, including two minors aged 13 and 15, were arrested. This occurred as part of an investigation into the theft of bank details from 500 CDiscount customers. The estimated financial loss amounts to approximately 350,000 euros.
The procedure
The small group of five appears to be nothing more than a group of operatives. They have been hired by sponsors to pick up packages ordered using the bank details of real customers but delivered to pickup points.
The team then had to reship the packages to the customers, for a fee of 60 euros per package.
How were these bank details stolen right under the nose of the internet giant?
As is often the case, the “hacking” of the 500 accounts was triggered by a massive phishing campaign sent by cybercriminals on behalf of CDiscount.
As a reminder, here is Wikipedia’s definition of phishing :
"Phishing is a technique used by fraudsters to obtain personal information for the purpose of committing identity theft."
There are now many different types of cyberattacks: phishing, ransomware, Trojan horses, and CEO fraud…
In the case of a phishing attack like the one CDiscount fell victim to, the technique involves tricking the victim into believing:
– that it is addressed to a trusted third party: a bank, government agency, etc.
– in order to extract personal information from them: password(s), credit card number, date of birth, etc.
CDiscount is filing a civil suit and emphasizes that it takes a proactive approach
In fact, the well-known French e-retailer will still have to answer to the CNIL regarding these 500 hacking incidents. It points out that its IT system was never compromised at any time.
CDiscount also noted that, as soon as it became aware of a phishing campaign being sent in its name, it promptly shut down the fraudulent websites—mirror sites of CDiscount.com. The sole purpose of a mirror site is to collect login credentials or banking information.
