In October 2024, French ISP “Free” suffered a data breach which was subsequently posted for sale and later, leaked publicly. The data included 14M unique email addresses along with names, physical addresses, phone numbers, genders, dates of birth and for many records, IBAN bank account numbers. Free advised that the numbers were “not enough to make a direct debit from a bank”.

https://haveibeenpwned.com/breach/FreeMobile

Screenshot of the phishing emails I have received since then.

image image image image image image image image image image image image

And the sender informations of the emails:

  • telepeage contact@nationalspeech.com
  • Ameli info@gaanainfo.com
  • BNP PARIBAS noreply@gaanainfo.com
  • CPS Notif webstore@academic-soft.com
  • sodapa2344@antonionscm1.newssender.com.br
  • ptp97r5swm@detonageral.emktlw-05.com
  • telepage info@credzu.com

All of these emails have managed to get past the spam filter despite the email header being obviously untrustworthy.

The silver lining is that none of these can be applicable to me since I’m just a tourist.