Users of mobile company Free warned to be vigilant of new scam in France

Emails are including customers’ IBAN numbers to appear legitimate

Bordeaux,,,Aquitaine,France,-,06,06,2021,:,Free
Free suffered a huge data leak in 2024
Published Modified

Clients of mobile phone and internet provider Free are being warned to watch out for a new scam focused on the sending of phishing emails. 

Phishing scams (known as hameçonnage in French), involve scammers impersonating a company or official agency, usually in a bid to make people share their bank details or personal information. 

Online news platform Presse Citron reports that scammers have been using information about Free customers that was released during a massive data leak in November 2024. 

The details of around 20 million accounts were compromised in the leak, and five million IBAN numbers were stolen when hackers breached Free’s servers. 

Scammers are now using these real IBAN numbers in their emails to make them look more official. 

What does the phishing email look like?

On first glance, the emails look as if they are from Free; they include the company’s branding and are written in a similar tone to other correspondence. 

As they often include the client’s actual IBAN number the emails do appear to be genuinely from the company as this is usually information only Free would know. These IBAN numbers were the ones stolen during the 2024 data leak. 

Many emails ask clients to “verify their bank details” as soon as possible because of new European regulations. 

What should customers do?

Anyone who receives a suspicious email purporting to be from Free should delete it. 

They should not reply with any personal information or click on any links. 

Customers who had their IBAN stolen in the November 2024 data leak should have been informed via email. 

An IBAN alone is not enough information to make a bank transfer from your account, but it can make hacking and phishing attempts easier. 

France accounts for nearly half of all bank card fraud in the EU according to a 2024 report by the European Central Bank.

In the first half of 2024 alone, scammers were reported to have swindled people out of €211 million via fraudulent bank transfers, often in the form of phishing attacks.