This screenshot shows a phishing page impersonating the official French tax website (impots.gouv.fr) . The page claims the victim needs to “confirm their bank card details” to receive a tax refund – a classic pretext to steal full credit card information.


Threat Analysis: French Tax Refund Phishing – Card Data Harvesting
How it works:
The victim receives a phishing email, SMS, or other message claiming they are eligible for a tax refund. The link leads to this page, which mimics the official French tax portal (impots.gouv.fr). The page asks the victim to provide:
- Cardholder name (as printed on the card)
- Expiration date (MM/AAAA)
- Full card number
- Visual cryptogram (CVV)
A button labelled “Valider mon remboursement” (Confirm my refund) submits the data to the attacker.
The goal:
The attacker collects full credit/debit card details to make fraudulent purchases, clone the card, or sell the information. No tax refund exists – the entire offer is fabricated.
Red flags to watch for:
- Suspicious URL: The page is hosted on a domain that is not
impots.gouv.fr. The official French tax website uses only government domains. - Request for full card details for a refund: Legitimate tax refunds are deposited directly to the bank account the tax authorities already have on file – they never ask for your card number, expiration date, or CVV.
- “Cryptogramme visuel” (CVV) request: No legitimate tax authority asks for your card security code.
- Poor design / missing official elements: While the page copies the official logo and footer, the layout and the specific request for card details are not part of the real tax refund process.
- Unsolicited refund notification: The French tax authorities (DGFiP) do not send unsolicited emails with links to claim refunds. Any such message is a scam.
What to do if you encounter this:
- Do not enter any card or personal information.
- If you are a French taxpayer, always access your tax account by typing
impots.gouv.frdirectly into your browser. - If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
- Report the phishing page to the French tax authorities via their official reporting form.
Protective measures:
- Never click links in unsolicited messages claiming a tax refund.
- Always type the official government URL directly into your browser.
- Never provide your card CVV or expiration date to “receive” a refund – refunds do not require this information.
- Enable two‑factor authentication on your bank account and email.
- Be suspicious of any message that creates urgency and asks for sensitive financial information.
