Preparation for Laposte phishing revealed

Posted byAnti-phishing Leave a comment on Preparation for Laposte phishing revealed

This screenshot shows a phishing page impersonating La Poste (laposte.net) , the French postal service’s email platform. The page asks for the victim’s email address and password – the classic login credentials for a webmail account.

Analysis Memo: This deceptive layout was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the hostile origin link has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Preparation for Laposte phishing revealed" phishing interface captured during link moderation on our platform.
Figure 1: Verified screenshot of the ongoing fraudulent campaign isolated on our infrastructure.

Threat Analysis: La Poste Phishing – Email Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their mailbox. The link leads to this page, which mimics the official laposte.net login interface. The victim is asked to enter their email address and password and click “Se connecter” (Sign in). The credentials are captured and sent to the attacker.

The goal:
The attacker steals the victim’s laposte.net email credentials to:

  • Access private messages and personal information
  • Reset passwords for other online accounts (banking, social media, etc.) linked to that email
  • Send further phishing messages to the victim’s contacts
  • Sell the credentials on criminal markets

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not laposte.net. Official La Poste login pages are only on laposte.net or labanquepostale.fr domains.
  • Minimal design / missing security features: The page lacks the full branding, security notices, and two‑factor authentication options that appear on the real laposte.net login page.
  • Unsolicited login request: La Poste does not send links requiring users to log in to resolve account issues.
  • No personalization: A legitimate login page may show a security image or personalized message after entering the email address – this page does not.

What to do if you encounter this:

  • Do not enter your email address or password.
  • If you are a laposte.net user, always access your mailbox by typing laposte.net directly into your browser.
  • If you have already entered your credentials, change your laposte.net password immediately and enable two‑factor authentication if available.
  • Report the phishing page to La Poste’s security team.

Protective measures:

  • Bookmark the official laposte.net login page and use that bookmark.
  • Use a password manager – it will autofill only on legitimate laposte.net domains.
  • Enable two‑factor authentication on your email account.
  • Be suspicious of any unsolicited message that asks you to log in via a link.

Leave a comment

Your email address will not be published. Required fields are marked *