Monday, April 28, 2014

Multi-Brand French Phisher uses EDF Group for ID Theft

At the end of January last year, French power company EDF advised the public that they were seeing a significant rise in the number of phishing complaints they were receiving from their customers. An example story in English from The Connexion: EDF customers hit in 'phishing' scam, says that an EDF spokesperson said beginning in August of 2012 they were seeing 20,000 customers per month complaining about the phish and that in January 2013 it had risen to as many as 40,000 customers per month. As many as 200 to 300 new phishing sites per month were being created at that time.

This week Malcovery is noticing that the EDF phish are back, with a twist! The current EDF phish are asking for documents with an enormous value for identity theft and are targeting many different French banks with the information. Here's what a currently live phishing site looks like:

Zooming in on the data being requested, we see typical information.

Email, Password, Title, Name, Address, City, Postal Code, and Date of Birth.

While EDF has world-wide operations, a large number of their tens of millions of utility customers are in France.

The email they receive is likely to be the same one seen in France last year that advises:

Votre paîement a été refusée par votre établissement bancaire. […] Pour éviter la pénalités de retard, nous vous donnant la possibilité de payer en ligne en utilisant votre carte bancaire.

(or in English: "Your payment was declined by your bank ... To avoid late fees, we give you the option to pay online using your credit card.

After providing the basic information, they are prompted to choose which bank issued the credit card they will be using to pay their bill:

Choices are:

Axa Banque
Banque populaire
Caisse d’epargne
Credit agricole
Credit mutual
Credit du nord
Societe generale
La banque postale

and then enter their Credit Card information:

The most interesting part of the phish, however, is what comes next! The Phishers then tell them that in order to prove they are really in charge of this account, they must upload at least two forms of proof of identity!

  • Identity Card
  • Credit Card
  • A copy of a Bank statement
  • An invoice proving the address
Whichever documents I attempted to upload, it kept insisting that I needed to upload additional documents.

Although this case is most accurately described as an EDF phish, there are actually thirteen targeted banks, and an unlimited number of forms of identity theft that could occur if some victim were to provide all of the requested information. Just another example of how the phishers use FEAR (an unpaid Utility bill that could result in Termination of Service) to steal our credit card information!


  1. Anonymous12:05 AM

    Fortunately, the web page is written in very bad French. I know it won't stop people filling the forms, but at least it can help identifying that something weird is going on...

  2. Serious case of identity theft.


Trying a new setting. After turning on comments, I got about 20-30 comments per day that were all link spam. Sorry to require login, but the spam was too much.