Health Insurance – Vitale Card Renewal Scam Wreaks havoc – News

For the past few months, malicious text messages inviting their recipients to renew their Vitale card have been popping up on smartphones. Calls from fake bank advisers end the scam. Be wary of this formidable trap.

He is agitated in a classic phishing technique, such as hundreds that are constantly nestled in e-mail boxes or smartphones. But the magnitude of this Vitale card fraud is not uncommon. “She is in the top 3 of the phishings since December 2021. She did not dethrone him fraudulent email on child pornographybut she’s not far behind. “, notes Jean-Jacques Latour, cybersecurity expert at the government’s Cybermalveillance platform. A worrying record, given that the portal currently has 1,000 consultations a day regarding this scam at the miners’ brigade.

Many testimonies reviewed by our local services or associations also attest to a prolific phenomenon.

Example of a fraudulent SMS prompting you to click on a link to renew your Vitale card.

Procedure

How does this yet another trap work to get you not only personal information but also money? You will receive a message on your smartphone stating that the new Vitale card is available. In order to retrieve it, a link takes you back to a first page, then a second, a third page where you are asked to enter your details (name, address, date of birth, Social Security number, etc.). These pages usurp the visual identity of health insurance, and have URLs more or less close to the original (aide-ameli.fr, publicvitalev3.com…). After this stage, the scenarios differ.

The first possibility: Internet browsing stops there, you are the victim of a volume of personal information, intended to be resold.

Deuxième subterfuge: a pseudo-bank advisor, after collecting this first loot, calls you to the closing hours of the agency, to indicate that your bank card has been hacked and what you need to send the codes you have. receive via SMS to block ongoing payments. The communication of the codes causes the reversal, in order to know the validation of the fraudulent line purchases, because the crook is on the train.

Third attack we were able to spot: you land on a last page of payment request, under the cost of delivery of the Vitale card. After giving up your bank details, you entered a code sent via SMS to your bank… and realized too late that you were coming to make a waiver in large sums, to know their knowledge (Boulanger, Darty, Leroy Merlin …). This ploy works by looting real-time data online.

Picture
A fake Ameli page intended to collect the personal data of victims at the renewal of the Vitale card.

Banks do not want to repay

This three-way operation was further raging the current wave, with bait in the form of e-mail, also under the pretext of renewing the Vitale card. Mr. C. was the victim, he was robbed of € 1,518.99 (purchase of a smartphone from Darty). Today in contact with the UFC-Que Choisir de Clermont-Ferrand to resolve his dispute, he continues to face the refusal of reimbursement from his Crédit agricole branch. When he realized the scam, the day after the scam, he contacted his banker and then Darty to block the buying process; he made a report on the Perceval platform and filed a complaint with the police. No solution was provided, the purchase was validated and Mr. C. was not credited with the amount lost. “Despite 35 years of loyalty, [ma banque] can do nothing for me, no compensation […]while they are part of the actors in this transaction and at the time of the facts, they had more information than me about the beneficiary and the references of the banking movement “points out this man in the file filed with the local association auvergnate. “I objected in 10 minutes but 4 days later, the sum was taken under the name of Leroy Merlin! The bank doesn’t want to refund me because I sent the code via SMS “testifies another abused consumer in the same way.

Institutions, to justify the refusal to return the stolen money, general indicating to the victims that they have shown negligence, opposing them, in particular for having transmitted their personal data. Sau, the scam in question is very fine, and the fraudulent content very similar to that of the agencies cited. In addition, the legislation obliges banks to reimburse unauthorized payments once they have not been validated by double authentication (in these examples, this is a 3D Secure system).

Le SMS plebiscité for the scams

Today, the process of appealing a fake bank advisor dominates. The scam starts with a malicious SMS, which includes a link to a fake health insurance site. This message is being sent en masse to thousands of people. “Since the end of December 2021, we have seen a real resurgence that does not stop. Several dozen faux sites are reported every day, for us or for health insurance. In fact, 90% of the messages [frauduleux] come from SMS », detail Jean-Jacques Latour. This expert points out that SMS is preferred by scammers because the information concerning the sites from which the victims go is more difficult to identify on a smartphone on a computer. In addition, receiving an SMS is safer for consumers than the cell of an email. Furthermore, a hacker can access a phone number with an e-mail address.

Let’s also mention one of the centerpieces of this formidable trap: spoofing (the caller’s number that appears on your screen is not true). When a fake advisor calls you by posting your agency number, it becomes very difficult to spot the scam. Yet again, consumers are often faced with a denial of reimbursement from their banks.

Our advice

Never pass on personal information until you have verified the veracity of a message. In this example, contact your health insurance provider to find out if the information you received is genuine. In particular, they will answer that the Vitale card is never updated online.

If you have been trapped, file a complaint with the gendarmerie. This is a prerequisite for being reimbursed by the bank. In addition, in the event of a number of complaints, an investigation may be initiated.

Report scams you have not been victims of on the Cybermalveillance portal, which often delivers advice on reflexes to the adopter and the steps to take. You can signal on the Perceval platform and file a complaint on the new Thésée instrument.

Leave a Comment