La Poste fake page in French detected

Posted byAnti-phishing Leave a comment on La Poste fake page in French detected

Threat Intel: This scam layout was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.

Actual screenshot of "La Poste fake page in French detected" phishing interface captured during link moderation on our platform.
Figure 1: Actual screenshot of the live scam infrastructure captured during routine moderation.

Actual screenshot 2 of "La Poste fake page in French detected" phishing interface captured during link moderation on our platform.
Figure 2: Actual screenshot of the live scam infrastructure captured during routine moderation.

These two screenshots show a two‑step phishing campaign impersonating La Poste (the French postal service). The scam uses a small fee (€3.00) as a pretext to harvest personal information and full credit card details.

Threat Analysis: La Poste Phishing – Personal Info & Card Harvesting

Step 1 – Personal Information Page (First Screenshot)
The victim is asked to provide:

  • First name, last name
  • Email address
  • Street address, city, postal code
  • Phone number

A total of €3.00 is displayed, and logos for Visa, PayPal, and “secured payment” are shown to appear legitimate.

Step 2 – Card Details Page (Second Screenshot)
After submitting personal information, the victim is taken to a page asking for:

  • Full card number
  • Expiration date (MM/YY)
  • CVV

A “Valider et payer” (validate and pay) button submits the data.

The goal:
The attacker collects:

  • Personal identity details (name, address, email, phone) for identity theft
  • Full credit/debit card information (number, expiry, CVV) for fraudulent purchases

Red flags to watch for:

  • Suspicious URL: The pages are hosted on a domain that is not laposte.fr. Legitimate La Poste services use official domains.
  • Small fee trick: €3.00 is a trivial amount meant to lower suspicion.
  • No tracking or package reference: The victim is not given any tracking number or shipment details to verify.
  • Request for CVV: A legitimate postal service does not ask for your card security code to collect a small fee.
  • Copied branding: The pages use La Poste’s logo, slogans (“Livraison gratuite,” “Proche de vous”), and payment icons, but these are copied from the real site.

What to do if you encounter this:

  • Do not enter any personal or card information.
  • If you are expecting a delivery, track it directly by typing laposte.fr into your browser.
  • If you have already entered card details, contact your bank immediately to block the card.
  • Report the phishing page to La Poste’s fraud team.

Protective measures:

  • Never click links in unsolicited delivery messages. Always go directly to the official courier website.
  • Never pay a “redelivery fee” via a link. Legitimate fees are collected through the official site after logging in or upon delivery.
  • Check the URL carefully: Legitimate La Poste domains end with laposte.fr. Look for misspellings, extra words, or unusual top‑level domains.
  • Enable transaction alerts on your bank account to catch unauthorized charges early.

Leave a comment

Your email address will not be published. Required fields are marked *