-
Watchdog highlights Christmas food shopping ‘scams’ in France
Pastries with palm oil, excess packaging, inflated prices…vote for the worst ‘scam’ in this food watchdog’s annual contest
-
Epidemic alerts raised in France: see how your area is affected
Bronchiolitis is bad nationwide while flu indicators are increasing in the north and east
-
Cheaper but slower… €10 train fare for Paris to Brussels route
Ticket sales are already open for journeys up to the end of March
Hackers alter more than 2,000 French tax returns
The tax returns of more than 2,000 people in France may have been altered by hackers, for reasons that remain unclear, it has been confirmed.
The hackers took control of taxpayers’ email accounts, and used the “forgotten password” option to get access to the users’ tax returns, according to a report by satirical weekly newspaper Le Canard Enchaîné.
The hackers then changed the tax returns so that a portion of them would be eligible for a tax refund, and changed the associated bank details, in an apparent bid to steal this refund money.
Except - rather confusingly - these bank details did not actually correspond to any existing accounts, so are unlikely to have worked.
The hack was discovered after the economy and finance ministry Bercy in Paris detected a spike in unusual logins on the tax declarations website, during a time when logins are usually low (after the declaration deadline, and before the correction period opened).
The attacks all appear to have come from the same computer, but it is not yet known whether it came from a single hacker or a group.
In response, the service was pulled offline, with the affected accounts corrected, and users informed.
The hackers’ motive is still unclear. Suggestions include a clumsy attempt to get hold of tax refunds, or a simple “show of force” to prove that a hack was possible. An official complaint has been lodged, with an investigation pending.
Now, the tax website is set to introduce more robust security measures in a bid to avoid a future security breach. This will include asking users to enter a “secret question and answer” when logging in, in addition to a password.
At this stage, it is unlikely that further measures will be introduced - such as requiring users to enter a code sent to their phones when logging in, for example, as often happens with banking and other secure sites - the finance minister said.
This is because the website itself does not actually manage any financial transactions, Bercy said.
Stay informed:
Sign up to our free weekly e-newsletter
Subscribe to access all our online articles and receive our printed monthly newspaper The Connexion at your home. News analysis, features and practical help for English-speakers in France