La Poste fake page in French detected

Posted byAnti-phishing Leave a comment on La Poste fake page in French detected

These two screenshots show a two‑step phishing campaign impersonating La Poste (the French postal service). The scam uses a small fee (€3.00) as a pretext to harvest personal information and full credit card details.

Threat Analysis: La Poste Phishing – Personal Info & Card Harvesting

Step 1 – Personal Information Page (First Screenshot)
The victim is asked to provide:

  • First name, last name
  • Email address
  • Street address, city, postal code
  • Phone number

A total of €3.00 is displayed, and logos for Visa, PayPal, and “secured payment” are shown to appear legitimate.

Step 2 – Card Details Page (Second Screenshot)
After submitting personal information, the victim is taken to a page asking for:

  • Full card number
  • Expiration date (MM/YY)
  • CVV

A “Valider et payer” (validate and pay) button submits the data.

The goal:
The attacker collects:

  • Personal identity details (name, address, email, phone) for identity theft
  • Full credit/debit card information (number, expiry, CVV) for fraudulent purchases

Red flags to watch for:

  • Suspicious URL: The pages are hosted on a domain that is not laposte.fr. Legitimate La Poste services use official domains.
  • Small fee trick: €3.00 is a trivial amount meant to lower suspicion.
  • No tracking or package reference: The victim is not given any tracking number or shipment details to verify.
  • Request for CVV: A legitimate postal service does not ask for your card security code to collect a small fee.
  • Copied branding: The pages use La Poste’s logo, slogans (“Livraison gratuite,” “Proche de vous”), and payment icons, but these are copied from the real site.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a delivery, track it directly by typing laposte.fr into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to La Poste’s fraud team.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are collected through the official site after logging in or upon delivery.
  • Check the URL carefully: Legitimate La Poste domains end with laposte.fr. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Leave a comment

Your email address will not be published. Required fields are marked *