French National Police (ANTAI) “Unpaid Fine” Phishing
Target: Residents and Visitors in France
Threat Level: Critical (Real-time Credit Card Skimming & Identity Theft)
Phishing Method Description
This attack impersonates the ANTAI (Agence Nationale de Traitement Automatisé des Infractions), the official agency for traffic and parking fines in France. Victims receive a “Smishing” (SMS) or Phishing Email claiming they have an unpaid fine (often 35€ or 135€) that will increase if not settled immediately.
The link leads to a highly realistic clone of the official French government portal, often displaying the “Marianne” and ANTAI logos. The phishing kit harvests:
Personal Identity Data: Name, address, and email.
Payment Details: Full credit/debit card information (Number, Expiry, CVV).
3D-Secure / OTP Codes: The fake site intercepts verification codes in real-time, allowing attackers to authorize large, fraudulent purchases instead of a small fine payment.
⚠️ Red Flags to Watch For
The URL Trap: The only official website for paying fines in France is www.amendes.gouv.fr. Scam sites use lookalikes such as portails-amendes-gouv.com, antai-fines.net, or amendes-gouv-infractions.fr.
No SMS for Reminders: ANTAI only sends SMS messages for immediate payment during a direct interaction with an officer on the ground. They never send unsolicited SMS reminders for old or “unpaid” fines.
Generic Sender Addresses: Real emails from ANTAI always end in @antai.gouv.fr (specifically [email protected]). Be wary of senders with .mu, .br, or free domains.
🛡️ How to Protect Yourself
The “Manual Entry” Rule: Never click on a link to pay a fine. Always type www.amendes.gouv.fr manually into your browser or use the official amendes.gouv app.
Wait for the Paper Copy: Genuine fine notices are almost always sent via physical mail to the address on your vehicle registration (carte grise). If you haven’t received a letter, the message is likely a scam.
Report Smishing: In France, you can forward fraudulent SMS messages to 33700 or report them to signal-spam.fr.
💡 Expert Security Tip: The “Real-Time Fine” Verification
The Method:
This case highlights a Real-Time Token Relay attack. Scammers are banking on the fact that drivers are often stressed by the threat of increased fines and legal action.
The Trap:
When you enter your card details on a fake ANTAI site, the attackers are simultaneously using that data on a real payment gateway for a high-value purchase. The OTP/3D-Secure code you enter to “pay your fine” is actually the final signature the hackers need to empty your bank account.
How to Protect Yourself:
Use the Reference Number: Every legitimate fine has a 14 or 18-digit reference number. If the website doesn’t ask for this specific number or doesn’t show your car registration plate, it is 100% a scam.
Zero Trust for QR Codes: Be cautious of QR codes on fake physical tickets left on windscreens, a new tactic used to bypass digital spam filters.
Check the App Context: If your bank’s authorization app asks you to “confirm a payment” of a different amount than the fine while you are on a “government” site, cancel immediately