A phishing campaign targeting La Poste customers in France uses SMS and email to solicit small shipping fees, ultimately stealing personal information, credit card details, and 3D-Secure codes to authorize fraudulent transactions. The attack leverages professional-looking clone sites and a “low-friction” micro-payment hook to steal high-value amounts despite requesting only a minor fee. Users are advised to track packages only through the official La Poste app or website and to carefully verify 3D-Secure SMS messages.
Analysis Memo: This scam layout was detected, analyzed, and contained firsthand by the
Antiphishing.bizsecurity team during our standard URL vetting operations. To protect the public, the dangerous destination URL has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.
This phishing campaign targets French residents by using fake SMS or email notifications regarding a “redelivery fee” of a parcel, leading to a fraudulent clone of the La Poste website to steal credit card details and personal information. The attackers leverage a low-cost, 1.99€ “micro-payment” pretext to bypass suspicion and harvest 3D-Secure codes to execute unauthorized, larger transactions.
To avoid this threat, verify deliveries only through the official La Poste app, check for non-official sender numbers, and inspect URLs for suspicious domain names.