Every day, millions of French people are victims of phishing attempts. If you are not familiar with this term, know that this hacking, also sometimes called phishing, consists of imitating the identity of a legitimate interlocutor to deceive the vigilance of a target and recover their personal data. MPs and a former minister have just been victims on Telegram with potential access to their conversations and therefore to sensitive information from hackers.
How did the pirates do it?
A former minister, support of Emmanuel Macron, recounted her misadventure to our colleagues at BFM TV. It all started with a message received from one of his contacts on the application containing a link and asking him to go see “this crazy thing”. She ends up clicking but doesn’t worry more than that, because she remains on the service created by Pavel Durov.
Subsequently, she ends up being redirected to a pornographic site, which immediately alerts her. She therefore decides to change her password. The same type of incident happened to several parliamentarians, including Alexis Corbière from the Ecologist and Social group and Laure Lavalette from the RN.
The movement is so strong that the National Assembly sent an alert email to elected officials according to BFM : “The attack comes in the form of a standard message directing you to click on a fraudulent link that will ask you to enter your phone number. If you click on the link AND enter your phone number, your Telegram account will be immediately compromised and the attacker will use your account to spread malicious content”.
However, we do not know whether these elected officials are specifically targeted or whether these are automated attacks. This type of threat, where a compromised account sends messages to the victim’s contacts, is also widespread on other social networks, such as X, Instagram and Facebook.
A flaw on Telegram
On Telegram, malicious actors are in any case taking advantage of a flaw that allows developers to distribute their own applications on the platform, while relying on the service’s security tools. This gives them the opportunity, as we saw above, to act without arousing too much suspicion.
In any case, the matter may only be in its early stages, and an elected official told Politico having seen deputies from “all groups queue at the Assembly digital counter”. This space is present to support parliamentarians in terms of good digital practices.