A phishing campaign targeting La Poste customers in France uses SMS and email to solicit small shipping fees, ultimately stealing personal information, credit card details, and 3D-Secure codes to authorize fraudulent transactions. The attack leverages professional-looking clone sites and a “low-friction” micro-payment hook to steal high-value amounts despite requesting only a minor fee. Users are advised to track packages only through the official La Poste app or website and to carefully verify 3D-Secure SMS messages.
This phishing campaign targets French residents by using fake SMS or email notifications regarding a “redelivery fee” of a parcel, leading to a fraudulent clone of the La Poste website to steal credit card details and personal information. The attackers leverage a low-cost, 1.99€ “micro-payment” pretext to bypass suspicion and harvest 3D-Secure codes to execute unauthorized, larger transactions.
To avoid this threat, verify deliveries only through the official La Poste app, check for non-official sender numbers, and inspect URLs for suspicious domain names.