:quality(70)/cloudfront-eu-central-1.images.arcpublishing.com/liberation/TZ7MYXBMIRFWTATJGA7OKNKSIE.jpg)
A simulated phishing email was recently sent to 9,000 gendarmes and deputies in the Ile-de-France region, according to “le Parisien”, which reveals that of the 5,000 who opened the email, 500 of them clicked on the potentially dangerous link.
A click and a slap. Le Parisien revealed on Saturday March 16 the not very reassuring results of a cybersecurity exercise organized “recently” by the Olympic referents within the Ile-de-France gendarmerie (RGIF) in view of the sports competition which takes place this summer in Paris. Because a major international event means an increase in threats of all kinds. According to the daily, of the 9,000 gendarmes and deputy gendarmes tested for phishing, 5,000 opened the dubious email. Of the 5,000, 500 went so far as to click on the fraudulent link, or 10% of them.
Rather mediocre results given the crudeness of the phishing. You don’t have to be an inveterate paranoid person to flinch when you receive an email from your employer in the middle of the night, even if it has a “gendarmerie letterhead”. Furthermore, the subject, “Exclusive allocation of places for the 2024 Olympic Games events”, is more than tempting: it is too tempting. Other details and errors distilled to alert the military, specifies the Parisian: “the address in “gendarmerieinterieur-gouv.fr” instead of “gendarmerie.interieur.gouv.fr”.”, two spelling errors in the sender “General Directorate of the National Gendarmerie” and a factual error in the signature, “General Xavier Ducept, who is not the Director General of the Gendarmerie, but the boss of the Ile-de-France gendarmes”, details the Parisian.
“The cyber threat is real”
The gullible police officers who clicked on the fraudulent link were redirected to a page which alerts: “Phishing, phishing, the link you just selected in the email was a trapped link”, as evidenced by the published screenshot by the newspaper. The page also contains “7 basic best practices” to combat these kinds of cyberattacks.
All of the 9,000 gendarmes tested received another email the next day to inform them that “this message was an exercise organized by the RGIF staff”. General Xavier Ducept also sent a message to his teams: “Let us all be aware, the cyber threat is real and will further increase during the JOP [Jeux olympiques et paralympiques] […]. For the national gendarmerie, as for other organizations in the private or public sector, the security of information systems is an imperative”, reports Le Parisien, which affirms that “among the soldiers who were fooled, we also find rank and file gendarmes as well as officers with laces.”
In its annual report published on March 5, the government digital risk awareness platform, Cybermalveillance.gouv.frrecalled that with nearly 1.5 million consultations on its site, the various forms of phishing remain the most widespread threat online.
