You could have been a victim of a phishing attack!

From La Fabrique
Securify cybersecurity
La Fabrique

What happened?

You have just scanned a QR code that belongs to the workpiece "Trojaans Paard". This QR code took you to a page where you were asked to vote for the pubic voting contest "de publieksprijs". In order to vote, you were asked to log in first. Since you do not have a Floralia account, you tried to log in via the Google, Twitter or Facebook button. After you inserted your e-mail address and possible your password you were redirected here and you received the message that you could have just become the victim of a phishing attack. How come?

The QR code generates a page that looks like the official website floralia-nieuweniedorp.nl, but there is a small spelling error in the domain name that you visited via the QR code. We have reversed the L and the I. On this fake Floralia page, we have asked you to vote for the "publieksprijs".

Floralia Phishing

Digital Trojan Horse

We have set up this campaign to increase the digital resilience of everyone. The awareness of the dangers via the internet must be increased, because attackers are still too successful. On behalf of the group "La Fabrique" in collaboration with Securify we try to do our bit with this. It is important to emphasize that we do not store any email addresses or passwords. You do not have to worry about anything.

The Trojan horse is not only one of the most famous stories from Greek mythology, but also a reference to a "Trojan Horse", or trojan. A trojan can provide access to the infected computer to malicious parties and thus damage the computer data or the privacy of the user. It can, among other things, retrieve the e-mail addresses and passwords of the user. With this workpiece including the QR code and fake Floralia page we have not only made a beautiful physical workpiece, but also used the digital domain.

Please note! You have not yet cast a vote for the public voting contest. You can follow the instructions via the floralia booklet to submit your vote. Don't forget to fill in our number!

La Fabrique - winner public voting contest 2024

Phishing

Phishing is a form of fraud: criminals mislead you with fake emails, fake QR codes, fake websites and fake text or WhatsApp messages. When you scan a QR code, you do not see which URL you are redirected to, so you never know for sure which website you will end up on. If you scan a QR code in a fake email or a fake letter, the URL leads you to a fake website or fake payment environment. The messages appear to come from well-known and often reliable organizations. Think of government institutions and banks, but also, as in this case, the regular Floralia website. Fraudsters send you messages to steal personal information. For example, login details, credit card information or PIN codes.

The QR code itself is nothing more than a link. A QR code is therefore not necessarily dangerous or undesirable. There are risks that you should pay attention to, but it is often just useful. Scanning an incorrect QR code itself is therefore not where the danger lies. In most cases, you will see which location the QR code refers to during or after scanning in the app.

If you have already landed on the website, you can still check in the address bar whether this is a fake website. The most important thing is that you at least stop and check whether the web address is correct or incorrect. Consider the following options that an attacker has:

  • A domain name that looks like the original domain name, but with a typo. (as we did)
  • A domain name that looks like the original domain name. In this case, think of floralia-nieuweniedorp.com
  • Shortened links such as bit.ly
  • A domain name with special characters that are not in our alphabet. Fortunately, this is now recognized by most browsers.

Fell for it?

Did you still go through the steps after scanning the QR code and thereby fell in the play of the attackers? It can happen to the best of us. We all have moments of inattention, hurry, tiredness, etc. What is important to do:

  • Do you think you are a victim of digital crime such as bank helpdesk fraud? Then report it on politie.nl or contact the police via 0900-8844 or the fraud helpdesk.
  • Did you enter credit card details? Then contact your credit card company.
  • Did you enter passwords? Then change them immediately. Also on other websites where you use the same password.

No idea whether you have ever been a victim? To be sure, check the Check your hack website of the police here.