Revealed carding using fake General Directorate of Public Finance of France pages (Direction générale des Finances publiques )

Posted byAnti-phishing Leave a comment on Revealed carding using fake General Directorate of Public Finance of France pages (Direction générale des Finances publiques )

This screenshot shows a phishing page impersonating the official French tax website (impots.gouv.fr) . The page claims the victim needs to “confirm their bank card details” to receive a tax refund – a classic pretext to steal full credit card information.

Security Notice: This scam layout was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.

Actual screenshot of "Revealed carding using fake General Directorate of Public Finance of France pages (Direction générale des Finances publiques )" phishing interface captured during link moderation on our platform.
Figure 1: Live screenshot of the ongoing fraudulent campaign isolated on our infrastructure.

Actual screenshot 2 of "Revealed carding using fake General Directorate of Public Finance of France pages (Direction générale des Finances publiques )" phishing interface captured during link moderation on our platform.
Figure 2: Live screenshot of the ongoing fraudulent campaign isolated on our infrastructure.

Threat Analysis: French Tax Refund Phishing – Card Data Harvesting

How it works:
The victim receives a phishing email, SMS, or other message claiming they are eligible for a tax refund. The link leads to this page, which mimics the official French tax portal (impots.gouv.fr). The page asks the victim to provide:

  • Cardholder name (as printed on the card)
  • Expiration date (MM/AAAA)
  • Full card number
  • Visual cryptogram (CVV)

A button labelled “Valider mon remboursement” (Confirm my refund) submits the data to the attacker.

The goal:
The attacker collects full credit/debit card details to make fraudulent purchases, clone the card, or sell the information. No tax refund exists – the entire offer is fabricated.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not impots.gouv.fr. The official French tax website uses only government domains.
  • Request for full card details for a refund: Legitimate tax refunds are deposited directly to the bank account the tax authorities already have on file – they never ask for your card number, expiration date, or CVV.
  • “Cryptogramme visuel” (CVV) request: No legitimate tax authority asks for your card security code.
  • Poor design / missing official elements: While the page copies the official logo and footer, the layout and the specific request for card details are not part of the real tax refund process.
  • Unsolicited refund notification: The French tax authorities (DGFiP) do not send unsolicited emails with links to claim refunds. Any such message is a scam.

What to do if you encounter this:

  • Do not enter any card or personal information.
  • If you are a French taxpayer, always access your tax account by typing impots.gouv.fr directly into your browser.
  • If you have already entered card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to the French tax authorities via their official reporting form.

Protective measures:

  • Never click links in unsolicited messages claiming a tax refund.
  • Always type the official government URL directly into your browser.
  • Never provide your card CVV or expiration date to “receive” a refund – refunds do not require this information.
  • Enable two‑factor authentication on your bank account and email.
  • Be suspicious of any message that creates urgency and asks for sensitive financial information.

Leave a comment

Your email address will not be published. Required fields are marked *