SECURITY
MADEIN.LU
»»Damage: €4.991,-

Damage: €4.991,-

By on - Last modified: August 8, 2016 Private User

Charlotte P, president of the charity “hand in hand” was a victim of a phishing attack. Damage: 4.991.- €

What happened?

Charlotte P. fails to pay her fuel with her credit card. The credit limit has been exceeded. It sounds strange and impossible to Charlotte P., since she has not yet used the company’s credit card this month and the bill amounted to only €63,-
She goes immediately to the bank to clarify the situation. She then finds out that various hotels, restaurants and other bills have been paid abroad with her credit card in the past two weeks.

How was it possible?

Indeed, four weeks ago, Charlotte P. received by email an invitation to the next Congress “Welthungerhilfe”, organized by the UN in New York to participate as a speaker. Charlotte P. could not have refused this. She thus immediately confirmed her participation by clicking on the embedded link in the email invitation and by completing the registration form. In addition, she paid the 300 US Dollars registration fee by credit card via her PayPal account.
This is a classic phishing method regularly used by cybercriminals. They try, through deceptive emails from official institutions, to obtain passwords and other sensitive data from their victims.

What should Charlotte P. do now?

She must report the fraud to the national operator in charge of credit cards transactions, in this case CETREL (491010) and immediately block the card. She must also change her Paypal password.

If she uses the Paypal password for other applications, she must also replace it.

How could Charlotte P. have detected the fraud?

The falsified email Charlotte P. received seemed official and the event will actually truly take place. Nevertheless, she should have asked herself why the UN asked her to speak at this conference. A phone call to the organizers would have easily unveiled the deception.
She could also have checked the link noted in the e-mail: Copy the link and paste it on
https://www.circl.lu/urlabuse/
The URLABUSE verifies the reliability of websites.

European-Cyber-Security-Month-logo_quadri

 

This campaign is part of the Luxembourg participation in the “European Cyber Security Month” (ECSM)

THINK.STOP.CONNECT.  www.cybersecuritymonth.eu