- Home
- News & Publications
- News releases
- AMF news releases
- The Autorité des marchés financiers (AMF) is warning professionals about the extensive fraudulent and malicious use of its name, with links to various websites that could trick people into running a malicious computer program
The Autorité des marchés financiers (AMF) is warning professionals about the extensive fraudulent and malicious use of its name, with links to various websites that could trick people into running a malicious computer program
The AMF has been informed that a number of players, both regulated and unregulated by the AMF, have received emails and phone calls impersonating the AMF and one of its staff members, inviting them to visit fraudulent sites. To date, two different instances of impersonation have been observed, with no factual evidence to confirm or deny that they originate from the same hostile actor.
Technical investigations are still underway, but the evidence known to date for each scenario are as follows:
For the first scenario:
- The email received indicates an alleged “series of important updates to optimise your user experience” and tricks users into visiting a site that turns out to be malicious.
- The malicious site redirects users to download a Java archive file (.jar), known to date to be a malicious computer program, the precise purpose of which is not yet known, but which it is reasonable to believe allows the person who opened it to take control of their workstation.
- The technical elements are as follows:
- Subject of email: “geco amf 2024 update”
- Actor copying or receiving the email: “extern@ssl-sender[.]com”
- Link to malicious site: “https://ssl-sender[.]com/amfupdate/”
- Name of malicious file: “AMF-KEY-2024.jar”
- Cryptographic fingerprints of the malicious file:
- MD5 : e44be98fdc3e442dcb3c6a873478ad78
- SHA1 : 56b2d54e8957131c5c3d273e1ab60bc43d78127b
- SHA256 : 1029b217ffdc43c0f4cec916cceef1ae934f12bb71850b6050d8b3a65bfa5711
- MD5 : e44be98fdc3e442dcb3c6a873478ad78
- Subject of email: “geco amf 2024 update”
For the second scenario:
- The email received refers to an alleged “invoice”, bearing a number starting with “AMFKEY”, which allegedly contains an “error”. The recipient is asked to “please examine the invoice as soon as possible and confirm the corrected information”
- The technical elements are as follows:
- Subject of email: “Confirmation required for invoice payment ”
- Link to the malicious site: “https://sldbprivate[.]com/protepargne.amf-france.org/update20240111.html”
- Subject of email: “Confirmation required for invoice payment ”
The AMF invites professionals who receive such emails or who receive a phone call relating to these scenarios to:
- carry out a prior art search on their information system: to do this, the square brackets inserted “[“ and ”]” in the technical elements above must be removed;
- be careful not to click on the fraudulent link contained in the message and not to run the malicious computer program, in order to prevent any risk of infection;
- implement appropriate technical blocking measures;
- and contact the AMF Epargne Info Service team, quoting “AMFKEY” as the subject:
As a priority, use the form found at https://www.amf-france.org/en/report-scam-or-market-anomaly.
- Or by telephone on 01 71 53 20 05, Monday to Friday, 9am to 12.30pm.
The institution will forward this information to the public prosecutor.
About the AMF
The AMF is an independent public authority responsible for ensuring that savings invested in financial products are protected and that investors are provided with adequate information. The AMF also supervises the orderly operations of markets.Visit our website https://www.amf-france.org/en
Press contact
On the same topic
Head of publications: The Executive Director of AMF Communication Directorate. Contact: Communication Directorate – Autorité des marches financiers 17 place de la Bourse – 75082 Paris cedex 02