A sophisticated phishing campaign targeting La Banque Postale customers in France uses a fake “Certicode Plus” security update to bypass two-factor authentication. Scammers use smishing and phishing to steal credentials and register their own devices, granting full access to victims’ accounts.
Analysis Memo: This deceptive layout was intercepted, verified, and locked down firsthand by the
Antiphishing.bizsecurity team during our automated link scanning workflows. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.
Target: Customers of La Banque Postale (France)
Threat Level: Critical (Mobile Authentication & Funds Theft)
Phishing Method Description
In this attack, scammers use a Security Compliance pretext. Victims receive a Phishing Email or SMS (Smishing) stating that their “Certicode Plus” service (the bank’s strong authentication system) is expiring or needs to be re-activated to comply with European banking regulations.
The link leads to a pixel-perfect replica of the La Banque Postale login portal. The phishing kit is specifically designed to harvest:
Identifiant ID (10-digit customer ID)
Personal Password (entered via a fake numeric keypad to mimic the real site)
Mobile Phone Number
Certicode Plus Activation Codes: The fake site attempts to intercept the activation or validation codes in real-time, allowing the attacker to link their device to the victim’s bank account.
Red Flags to Watch For
The Deceptive URL: The official domain is labanquepostale.fr. Phishing sites often use lookalike addresses such as connexion-labanquepostale.com, certicode-plus-activation.net, lbp-securite.online, or free subdomains like la-banque-postale.web.app.
The Numeric Keypad: While the fake site mimics the official virtual keypad, pay attention to the speed and responsiveness. If the layout of the numbers changes or looks “blurry,” it may be a captured image used for phishing.
Urgent Warnings: Messages like “Your access will be suspended in 48 hours” are classic social engineering tactics to induce panic.
How to Protect Yourself
Never Click Login Links: La Banque Postale explicitly states they will never send an email or SMS containing a link to the login page. Always type the address manually or use the official “La Banque Postale” mobile app.
App Notifications Only: Manage your Certicode Plus settings only within the official app. If you receive a request to “validate” something you didn’t initiate, ignore it and check your app directly.
Verify the Sender: Official banking SMS in France usually come from short-codes (e.g., 38004). If the message comes from a standard mobile number (+33 6… or +33 7…), it is 100% a scam.
Reporting: You can report La Banque Postale phishing by forwarding suspicious emails to alertes.pishing@labanquepostale.fr or SMS to the number 33700.