Published on 29/05/2026
Information security
Cybersecurity, an absolute priority
In order to protect our information systems and our clients’ data from cyber threats, which are constantly evolving and becoming industrialised, we are continuing to invest heavily in cybersecurity.
Our strategy is based on 4 complementary lines of action:
- protect client data and operations in close collaboration with the Group’s business lines;
- secure our IT infrastructures;
- test our ability to swiftly resume our activity and serve our clients if attacked;
- maintain the operational efficiency of the cybersecurity line and its more than 1,400 experts around the world.
Societe Generale also pays particular attention to the security and resilience of its suppliers. The Group works closely with the global cybersecurity ecosystem, and notably the ANSSI, the French national information systems security agency. Furthermore, Societe Generale is a member of Cyber Campus, launched on the initiative of the French government to bring together all players to focus on innovative security projects.
The IT Security information and best practices are non-exhaustive and and are not binding; they are provided for indicative purposes only.
Security contacts
Call for your vigilance
| Date of detection | Name | Description |
| Q2 - 2026 | Paris Titrisation | Websites are fraudulently using the name of the company Paris Titrisation, in particular “www.paristitrisation.com” and “www.paris-titrisation.fr”. These sites are already listed and/or in the process of being listed on the AMF’s blacklist. We therefore urge the utmost vigilance: any existing or future website combining the keywords “paris” and “titrisation”, or any related variation, should be considered as potentially associated with an attempted fraud, unless it has been officially validated by Paris Titrisation. |
| Q2 - 2025 | GE SCF | Fraudulent use of the Societe Generale logo (red and black square) associated with an entity named GE SCF, which is not a subsidiary of the Societe Generale group. We urge heightened vigilance regarding risks of fraud and scams: any service or product offer, related to savings or financing, issued by an entity named GE SCF has absolutely no connection of any kind with the Societe Generale group. |
| Q3 - 2023 | SGENERALBANQUE | Stealing the identity of our bank with the intention to cause damage. We call for vigilance. |
| Q2 - 2023 | PAREL | PAREL SA’s identity was stolen. It is recalled that PAREL SA does not have any offer to individuals, nor any management mandate or any other form of investment. |
| Q1 - 2023 | GENEBANQUE | Stealing the identity of our affiliate GENEBANQUE with the intention to cause damage. GENEBANQUE does not provide investment advice or market financial products. |
| Q1 - 2023 | Axus Finance | Website having no connection with ALD’s Filiates Axus. We call for vigilance. |
| Q1 - 2022 | Société banque Générale | Registration of a company having no connection with our Group. We call for vigilance. |
Main cybersecurity threats, risks and best practice
-
These attacks all use social engineering mechanisms to deliver messages for fraudulent purposes.
They take several forms; here are some examples.
What is:
- phishing? This technique consists in impersonating a legitimate organisation or company to send fraudulent emails in order to steal sensitive information or infect a device (computer, smartphone, etc.) The aim is to trick you into clicking on a link, providing confidential information on a website or in a file or opening an attached file.
- smishing? With SMS phishing, the principle is the same, except instead of an email you receive a fraudulent SMS text message. It also contains a link directing you to a website or page seeking to steal your information.
- vishing? With voice phishing, the fraudster’s weapon of choice is the telephone. They pretend to be a trusted entity to obtain sensitive information from you.
- quishing? QR phishing uses malicious QR codes to redirect you to fraudulent websites.
Exercise caution and identify the sender of the message, paying attention to every detail. Ask yourself whether the message sent to you is coherent.
If in doubt, do not click on any links, open any attached files or scan any QR codes, and do not disclose any sensitive or confidential information.
Don’t hesitate to go to the cybermalveillance.gouv.fr website (in French). -
Cybersquatting consists in registering domain names that are similar to those of well-known companies in order to trick users and redirect them to malicious websites.
Check the URL (the site’s entire link) before any interaction. Use reliable search engines to access official sites and record the latter in your bookmarks.
-
Malware is a program developed in order to harm an IT system, without the consent of the user of the infected computer. There are several types, including ransomware. Ransomware primarily attacks companies. It blocks access to your data until a ransom is paid, often by encrypting important files. You receive a clear message demanding payment of the ransom. It is important to maintain regular external backups of your data in order to have a fall-back solution and avoid your activity being paralysed.
Cyber best practice helps reduce the risk of such attacks (only install software from reliable sources, use an up-to-date antivirus to protect your system, keep your systems updated).
If you are the victim of a ransomware attack, never pay the ransom and immediately report the incident to the local authorities (see security contacts).
-
Fraud is an act of bad faith or deception. Applied to the world of banking, fraud can take several forms including the following:
Loan fraud: attractive loan or credit buyback offers, requiring upfront fees, that are actually from cybercriminals pretending to be a banking institution or credit organisation.
Investment fraud: fraudulent investments promising high returns, often accompanied by forged documents and unverifiable information, on existing products.
If in doubt when faced with attempted fraud, never pay any money or disclose your bank details.
You can also visit the AMF savings info service website (in French). -
Social engineering psychologically manipulates you in order to obtain confidential information.
CEO fraud uses social engineering techniques and involves the fraudster pretending to be a senior executive in order to request the urgent transfer of funds.
Fake bank account details fraud: identity theft or misuse enabling payments to be rerouted to a fake bank account.
The urgent, unusual or oppressive nature of these requests should alert you.
If in doubt, never pay any money or disclose any confidential information. Verify any unusual request via another communication channel.