Who This Guide Is For
This article is written for anyone living in France who owns a Carte Vitale.
If you have ever seen a text message or email that says something like “Your new 2026 health card is ready to be shipped” or “Your Carte Vitale has expired – click here to renew”, this guide is for you. It does not matter if you are a student, a retiree, a parent, or a busy professional. The scammers do not care about your job or your age. They care about one thing: the moment you stop thinking and start clicking.
Every year, millions of French residents receive fraudulent SMS messages pretending to come from the national health insurance system. In 2022 alone, more than 10,000 such scams were officially reported to the national health insurance fund, and experts believe the real number is much higher. According to recent surveys, around 80% of French adults have received at least one fake SMS about their Carte Vitale. The scammers send these messages in huge batches, hoping that even a tiny fraction of recipients will panic and click the link.
The scam works because the Carte Vitale is a deeply trusted document. Everyone has one. Everyone has dealt with it at a pharmacy, a doctor’s office, or a hospital. That familiarity is exactly what the criminals deceptive tactic. You are not suspicious of a message that mentions your health card. You do not immediately question it. And that split second of trust is all the attacker needs.
How The Scam Actually Works – Step By Step
The criminals behind this operation have refined their technique over years. It is not a clumsy, badly spelled email. It is a carefully choreographed sequence designed to look and feel official. Here is what happens when you become their target.
Step One: The Hook Lands In Your Inbox Or On Your Phone Screen
It starts with an SMS (a technique called “smishing”) or an email. The message looks like it comes from Ameli, the official French health insurance portal. It might say any of the following:
- “Your Carte Vitale has expired.”
- “A new Carte Vitale 2026 is ready to be shipped.”
- “Your health coverage will be suspended unless you update your card immediately.”
- “You have a reimbursement pending. Click here to collect it.”
The language is administrative and official. It uses the right tone, the right vocabulary. It might even include the exact logo and color scheme that the real Ameli uses. The message creates urgency. It tells you that you have a limited time – often 24 or 48 hours – to act, or your reimbursements will stop. Your healthcare coverage will be interrupted. You will be charged a fee.
This is the hook. The scammers know that the most powerful way to make you act without thinking is to threaten something you cannot afford to lose.
Step Two: The Link Leads To A Perfect Fake Website
If you click the link – and many people do – you are taken to a webpage that looks almost indistinguishable from the real Ameli login portal. The design is professional. The fonts match. The logos are correct. The layout is identical to what you see when you log in to manage your health records.
Security Notice: This malicious interface was logged, cross-checked, and neutralized firsthand by the
Antiphishing.bizsecurity team during our standard URL vetting operations. To protect the public, the hostile origin link has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.
But look closely at the web address in your browser’s bar. The real Ameli website lives at ameli.frameli-vitale.frservice-vitale-info.comrenouvellement-vitale.net
Security researchers at Antiphishing.biz recently intercepted one of these fake sites. The malicious interface was logged, cross-checked, and neutralized in real time. But for every site they take down, several more spring up on new domains.
Step Three: The Form Asks For Everything That Matters
Once you are on the fake website, the criminals start asking questions. First, they want your personal information: your full name, your address, and – most dangerously – your Social Security number (numéro de sécurité sociale). This is identity theft gold. With your Social Security number and a few other details, criminals can open credit accounts in your name, file false tax returns, or claim fraudulent medical reimbursements.
Then comes the request that should make your alarm bells ring. The site asks for your credit card details. There is always a story to explain why. Maybe you need to pay a small shipping fee – usually around €0.99 – to receive your new Carte Vitale. Maybe you need to “verify” your bank account to continue receiving reimbursements. The amount is tiny. That is intentional. A small fee does not feel like a threat. It feels like a reasonable administrative cost.
The truth is exactly the opposite. The official French health insurance system has a clear, unambiguous rule: the Carte Vitale is completely free. No shipping fee. No verification charge. No payment of any kind. The only cost is zero euros.
Step Four: The Silent Theft Happens In The Background
After you enter your card details, the criminals do not stop there. Many of these fake sites are also programmed to intercept the two‑factor authentication codes that your bank sends you by SMS. When you enter your card number, expiration date, and CVV, the criminals try to make a much larger transaction – sometimes thousands of euros – and use the SMS code you unknowingly provide to authorize it.
By the time you realize something is wrong, the money is already gone.
Three Heartbreaking Real‑Life Stories
This is not abstract theory. Real people are losing real money to this exact scam.
In one case documented by French media, a victim named Kelly fell into the trap. She received a text message about renewing her Carte Vitale, clicked the link, and entered her personal information. Shortly afterward, she started receiving calls from someone pretending to be her bank’s fraud department. The caller was convincing. He sounded professional. He told her that her account had been compromised and that she needed to move her money to a “safe” account. By the time she realized she was talking to the same criminals who had stolen her data in the first place, she had lost €4,500 – money she had to borrow from a family member to cover.
In another widely reported case, an elderly French resident received an email claiming that her Carte Vitale had expired and that she needed to pay a small fee to renew it. She followed the instructions, entered her card details, and within hours, her bank account was drained. The scammers had used the information she provided to make multiple large purchases online, all of which went through before she could cancel her card.
A third victim, whose story was shared on the official Ameli forum, described receiving a “very well‑made” fake email. She filled in her address and her Social Security number. Then the page redirected her to a payment form. She realized something was wrong only when the site asked for her bank card. By then, her personal information was already in the hands of criminals.
These are not isolated incidents. Between ten and twenty people fall victim to this scam every single day in France, according to the government‑backed cybersecurity organization Cybermalveillance.gouv.fr. The number has been rising, not falling.
The Four Red Flags That Give Away The Fake Message – Every Single Time
You do not need to be a cybersecurity expert to spot these scams. You just need to know what to look for. Here are the four signs that a message about your Carte Vitale is fraudulent.
Red Flag One: The Message Says Your Card Has Expired
This is the most important fact in this entire guide: the Carte Vitale does not expire. Unlike a driver’s license or a passport, your green health card has no expiration date printed on it. It does not need to be renewed every year. It does not become invalid at the start of a new calendar year.
The only time you need a new card is if your current one is damaged, demagnetized, or if your personal information has changed – for example, if you get married and change your name. And even then, the replacement process is free and is never initiated by a text message or email asking for your bank details.
If a message tells you your Carte Vitale has expired, you are looking at a scam. No exceptions.
Red Flag Two: The Message Creates Panic With A Deadline
“Your reimbursements will be suspended within 48 hours.” “Act now or your health coverage will be interrupted.” “Immediate action required.”
These phrases are the scammers’ most powerful weapon. They are designed to make you panic. When you panic, you do not check the web address. You do not question the request for your bank card. You just want to fix the problem as fast as possible.
The real health insurance system does not work this way. Legitimate administrative communications do not create artificial emergencies. If a message tries to rush you, that is your signal to stop entirely.
Red Flag Three: The Web Address Does Not End With “ameli.fr”
The official Ameli website lives at ameli.frameli-vitale.frameli-renouvellement.netservice-ameli.comameli.fr
Before you click any link or type any information into a website, look at the address bar of your browser. If you see anything other than ameli.fr.com.net
The fraudsters use these look‑alike domains because they know most people glance at the first part of the address (“ameli”) and assume the rest is fine. It is not fine. The difference is the difference between safety and theft.
Red Flag Four: The Message Asks For Money Or Bank Details
The official French health insurance system will never, under any circumstances, ask you for your credit card number, your CVV code, or your bank account details by SMS or email. Not for a shipping fee. Not for a verification. Not for any reason.
If a message asks for your bank information, it is a scam. If it asks for a payment, it is a scam. The Carte Vitale is free. The renewal process is free. The “shipping fee” does not exist.
The same rule applies to your Social Security number. While there are legitimate situations where you might need to provide this number to a healthcare provider, you will never be asked to type it into a random webpage that you reached by clicking a link in a text message.
The One‑Click Tactic That Would Have Saved Every Victim
If you take nothing else away from this guide, remember this single, simple rule:
Never, ever click a link in a text message or email about your Carte Vitale.
Do not click it. Do not tap it. Do not “just take a look”. The link is the trap. Once you click it, you are on the criminals’ territory. The fake website can look exactly like the real one. The form can ask for exactly the information the real Ameli would never request. And your guard will be down because you took the action yourself.
Instead, do this:
Open a new browser tab. Type ameli.fr
That one habit – typing the official address yourself instead of clicking a link – would have prevented every single victim story in this article. It takes fifteen extra seconds. It costs you nothing. And it is the only defense you need.
Expert Advice: How To Stay Safe From Carte Vitale Phishing
The criminals behind these attacks are sophisticated, but their methods rely on you making a quick, panicked decision. Take that decision away from them. Follow these expert recommendations every single time you receive a message about your health card.
Remember the golden rule: the Carte Vitale never expires. If a message tells you otherwise, delete it immediately. There is no need to “renew” your card. There is no “2026 version” that requires a new order. The card you have is valid until it physically breaks or your personal information changes.
Use the official Ameli mobile app. The easiest way to check your health insurance status without worrying about fake websites is to use the official Ameli app on your smartphone. Download it from the official app store, log in once, and then use it whenever you need to check your reimbursements or update your information. The app is secure by design and eliminates the risk of landing on a fake website.
Forward suspicious messages to 33700. If you receive a fraudulent SMS about your Carte Vitale, do not just delete it. Forward it to 33700, the official French spam reporting number. This helps telecommunications operators block similar messages and warn other potential victims. The service is free, and it takes five seconds.
If you receive a fake email, report it to Pharos. The French government’s online reporting platform for illegal content allows you to submit suspected phishing emails quickly and anonymously. Your report could help shut down a scam site before the next person falls for it.
Enable transaction alerts on your bank cards. Set up your banking app to send you an SMS or push notification for every transaction above a small amount – say €1. That way, if a criminal does manage to get your card details, you will know about the first fraudulent charge within seconds, not days, and you can block your card immediately.
Do not rely on the padlock icon in your browser. Many people believe that a green padlock in the address bar means a website is safe. That is not true. The padlock only means that your connection to the site is encrypted. Criminals can get SSL certificates for their fake websites just as easily as legitimate businesses can. The only thing that matters is the domain name.
If you are unsure, call the real Ameli helpline. The official health insurance customer service number is printed on the back of your Carte Vitale. If you are worried about a message you received, call that number – not any number provided in the suspicious message – and ask if there is a real issue with your account. A two‑minute phone call is a small price to pay for peace of mind.
Share this information with older family members and friends. The elderly are disproportionately targeted by this scam. They may be less familiar with the signs of phishing and more likely to trust an official‑looking message. Take five minutes to explain the golden rule: the Carte Vitale never expires, and you never click links in messages about it. That conversation could save their savings.
What To Do If You Have Already Entered Your Information
If you realize that you have clicked a link, filled out a form, or entered your bank details on a suspicious website, do not panic. But do not wait, either. Act immediately.
Call your bank right now. Use the phone number on the back of your credit or debit card. Tell them that your card details may have been compromised in a phishing attack. Ask them to block the card and issue a new one. If any fraudulent charges have already appeared, report them immediately and request a chargeback. The faster you act, the more likely you are to get your money back.
Change your Ameli password immediately. Even if the fake site did not ask for your password explicitly, it is better to be safe. Log into the real Ameli website – by typing ameli.fr
Review your recent transactions. Look for small test charges (often €0.00 or €1.00) as well as larger amounts. Criminals sometimes test a card with a tiny transaction before making a big purchase. Report anything you do not recognise to your bank.
File a police report. In France, you can file a complaint online through the official government portal or in person at your local police station or gendarmerie. Having a police report will help your case when disputing fraudulent transactions with your bank.
Report the phishing attempt. Forward the fake SMS to 33700. If it was an email, report it to Pharos at internet-signalement.gouv.fr
Check your credit report. If you entered your Social Security number on a fake site, you are at risk of identity theft. Request your free credit report from the Banque de France and monitor it for any accounts or loans opened in your name that you do not recognize.
Place a fraud alert on your file. Contact the national credit bureaus and ask them to place a fraud alert on your file. This makes it harder for criminals to open new accounts in your name without additional verification.
The Bigger Picture: Why The Scammers Keep Coming Back
The Carte Vitale scam is not going away. Every year, as the calendar turns to January, a fresh wave of messages appears. “Your 2026 card is ready.” “Your 2027 card requires verification.” The details change, but the method remains the same.
The scammers are able to keep operating because their campaigns are cheap to run and hugely profitable. A single successful victim can net them thousands of euros. Even if only 0.1% of the people who receive the message fall for it, that is still thousands of victims.
In 2022, French banks estimated that fraudulent transactions linked to phishing cost victims €340 million. The government has responded with new laws targeting digital fraud, including measures expected to take effect in 2026 that specifically target administrative identity theft. But no law can stop a criminal from sending a text message. The only real defense is awareness.
The French national health insurance system has been vocal about this threat. In January 2026, Ameli issued an official alert warning of a sharp increase in phishing attempts related to the Carte Vitale. Their message was simple: the health insurance system never charges for card delivery, never asks for bank details by email or SMS, and never threatens to suspend coverage without prior written notice.
A Final Word From The Security Team
The phishing attack described in this guide was intercepted, analyzed, and neutralized by the security team at Antiphishing.biz during standard URL vetting operations. The malicious site has been disabled within their infrastructure to protect the public. But new domains appear every week, using the same fake logos, the same urgent language, and the same fraudulent forms.
The criminals are counting on one thing: that you will act before you think. They want you to panic. They want you to click. They want you to hand over your bank details without looking at the web address.
Do not give them that satisfaction.
Build a new habit today. When a text message lands on your phone claiming your Carte Vitale has expired, do not click. Do not panic. Do not open the link. Open your browser. Type ameli.fr
That fifteen‑second pause will save you from a world of financial pain. Share this guide with everyone you know who has a Carte Vitale. The more people understand this scam, the harder it becomes for criminals to profit.
Stay safe. Stay skeptical. And remember – your Carte Vitale never expires, and no legitimate health service will ever ask for your bank details over text.