Francophoned Attack

Social Engineering is the art of convincing People to reveal confidential information. It is depend on fact that people are unaware of their valuable information and are careless about protecting it.

In the similar way Francophoned is type of sophisticated Social Engineering Attack.  In April 2013, In a French based multinational company received an email to an invoice hosted on a popular file sharing service by the administrative assistant to a vice president ,a few minutes later, the same  administrative received a phone call from another vice-president within the  company ,instructing her to examine and process the invoice. The vice president spoke with authority and used perfect French. However, the invoice was fake and the vice president who called her was an attacker.

The Invoice was actually a Remote Access Trojan (RAT) that was configured to Command and Control server located in Ukraine. The tactics like email followed by Phone call and using French, are sign of aggressive social Engineering.

Social Engineering Tactics Used in Francophoned Attack

  • Firstly the attacker compromised the systems using RAT.
  • Once the systems were compromised using RAT, after that retrieved identifying information and necessary confidential information.
  • Using the retrieved data the attacker was able to impersonate as authorize representative and called to telecom provider of the organization’s and proved his/her authenticity to the telecom provider, and said that they needed all of the organization phone numbers to be redirected to attacker-controlled phones.
  • Immediately after the phone number redirection,the attacker faxed a request to the organization’s bank, requesting multiple large-sum wire transaction to numerous offshore accounts.
  • As this was unusual transaction, the bank representive called the organization’s number on record to validate the transaction. This called redirected to the attacker who approved the transaction.
  • The funds had transferred through multiple accounts, which were later laundered through other accounts and monetary instruments.

Abhishek Rai
IMS2013017