Incident Report: This spoofed page was detected, analyzed, and contained firsthand by the
Antiphishing.bizsecurity team during our daily link moderation procedures. To protect the public, the phishing source domain has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.
French National Police (ANTAI) “Unpaid Fine” Phishing
Target: Residents and Visitors in France
Threat Level: Critical (Real-time Credit Card Skimming & Identity Theft)
Phishing Method Description
This attack impersonates the ANTAI (Agence Nationale de Traitement Automatisé des Infractions), the official agency for traffic and parking fines in France. Victims receive a “Smishing” (SMS) or Phishing Email claiming they have an unpaid fine (often 35€ or 135€) that will increase if not settled immediately.
The link leads to a highly realistic clone of the official French government portal, often displaying the “Marianne” and ANTAI logos. The phishing kit harvests:
Personal Identity Data: Name, address, and email.
Payment Details: Full credit/debit card information (Number, Expiry, CVV).
3D-Secure / OTP Codes: The fake site intercepts verification codes in real-time, allowing attackers to authorize large, fraudulent purchases instead of a small fine payment.
Red Flags to Watch For
The URL Trap: The only official website for paying fines in France is www.amendes.gouv.fr. Scam sites use lookalikes such as portails-amendes-gouv.com, antai-fines.net, or amendes-gouv-infractions.fr.
No SMS for Reminders: ANTAI only sends SMS messages for immediate payment during a direct interaction with an officer on the ground. They never send unsolicited SMS reminders for old or “unpaid” fines.
Generic Sender Addresses: Real emails from ANTAI always end in @antai.gouv.fr (specifically nepasrepondre_noreply@antai.gouv.fr). Be wary of senders with .mu, .br, or free domains.
How to Protect Yourself
The “Manual Entry” Rule: Never click on a link to pay a fine. Always type www.amendes.gouv.fr manually into your browser or use the official amendes.gouv app.
Wait for the Paper Copy: Genuine fine notices are almost always sent via physical mail to the address on your vehicle registration (carte grise). If you haven’t received a letter, the message is likely a scam.
Report Smishing: In France, you can forward fraudulent SMS messages to 33700 or report them to signal-spam.fr.
Expert Security Tip:
The “Real-Time Fine” VerificationThe Method:
This case highlights a Real-Time Token Relay attack. Scammers are banking on the fact that drivers are often stressed by the threat of increased fines and legal action.
The Trap:
When you enter your card details on a fake ANTAI site, the attackers are simultaneously using that data on a real payment gateway for a high-value purchase. The OTP/3D-Secure code you enter to “pay your fine” is actually the final signature the threat actors need to empty your bank account.
How to Protect Yourself:
Use the Reference Number: Every legitimate fine has a 14 or 18-digit reference number. If the website doesn’t ask for this specific number or doesn’t show your car registration plate, it is 100% a scam.
Zero Trust for QR Codes: Be cautious of QR codes on fake physical tickets left on windscreens, a new tactic used to bypass digital spam filters.
Check the App Context: If your bank’s authorization app asks you to “confirm a payment” of a different amount than the fine while you are on a “government” site, cancel immediately