Revealed carding using fake General Directorate of Public Finance of France pages (Direction générale des Finances publiques )

Posted byAnti-phishing Leave a comment on Revealed carding using fake General Directorate of Public Finance of France pages (Direction générale des Finances publiques )

This screenshot shows a phishing page impersonating the official French tax website (impots.gouv.fr) . The page claims the victim needs to “confirm their bank card details” to receive a tax refund – a classic pretext to steal full credit card information.

Threat Analysis: French Tax Refund Phishing – Card Data Harvesting

How it works:
The victim receives a phishing email, SMS, or other message claiming they are eligible for a tax refund. The link leads to this page, which mimics the official French tax portal (impots.gouv.fr). The page asks the victim to provide:

  • Cardholder name (as printed on the card)
  • Expiration date (MM/AAAA)
  • Full card number
  • Visual cryptogram (CVV)

A button labelled “Valider mon remboursement” (Confirm my refund) submits the data to the attacker.

The goal:
The attacker collects full credit/debit card details to make fraudulent purchases, clone the card, or sell the information. No tax refund exists – the entire offer is fabricated.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not impots.gouv.fr. The official French tax website uses only government domains.
  • Request for full card details for a refund: Legitimate tax refunds are deposited directly to the bank account the tax authorities already have on file – they never ask for your card number, expiration date, or CVV.
  • “Cryptogramme visuel” (CVV) request: No legitimate tax authority asks for your card security code.
  • Poor design / missing official elements: While the page copies the official logo and footer, the layout and the specific request for card details are not part of the real tax refund process.
  • Unsolicited refund notification: The French tax authorities (DGFiP) do not send unsolicited emails with links to claim refunds. Any such message is a scam.

What to do if you encounter this:

  • Do not enter any card or personal information.
  • If you are a French taxpayer, always access your tax account by typing impots.gouv.fr directly into your browser.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to the French tax authorities via their official reporting form.

Protective measures:

  • Never click links in unsolicited messages claiming a tax refund.
  • Always type the official government URL directly into your browser.
  • Never provide your card CVV or expiration date to “receive” a refund – refunds do not require this information.
  • Enable two‑factor authentication on your bank account and email.
  • Be suspicious of any message that creates urgency and asks for sensitive financial information.

Leave a comment

Your email address will not be published. Required fields are marked *