Why is access to Ameli no longer possible from FranceConnect?

The FranceConnect online identification service is very practical for connecting to various public services such as Taxes, or CAF. For several weeks, however, it has been impossible to access Health Insurance (Ameli) via this device. The site officially indicates “a maintenance”. But our colleagues from chained duck decided to investigate the subject to see more clearly.

According to them, in a letter published on August 12, the direction of Health Insurance indicates to suspend the use of this access button due to weaknesses in computer security. And the organization even warns the Interministerial Digital Department (Dinum), the manager of FranceConnect, there is no question of restoring this option until the level of security is improved.

A phishing attack affects FranceConnect

In detail, the institution requires in particular that the e-mail addresses of Internet users are hidden and that an e-mail is sent to them at each connection in order to verify their identity. The pirates would not have prayed to take action. A mysterious number on 09 85 40 40 44 would have contacted French people and asked them to complete a questionnaire on covid-19. A classic method for recovering personal information.

Thanks to the social security numbers, the latter could thus have accessed the Ameli portal, or even the Taxes site. As our colleagues from the Huffington Post, FranceConnect also warns users on its home page about a phishing campaign currently underway. Fake emails are sent to users in order to retrieve their credentials. We must therefore be careful to monitor the address of our interlocutors and for FranceConnect, it is always @franceconnect.gouv.fr or @notification.franceconnect.gouv.fr.

France and its public services are unfortunately not the only ones to be affected. According to data from the Anti-Phishing Working Group (APWG), a body created in 2003 and which includes many cybersecurity players including Kaspersky, BitDefender, McAfee, or even Symantec, this is unfortunately a phenomenon exploding. In the first quarter of 2022, no less than 1,025,968 phishing attempts were counted by experts.