Antiphishing.biz – Page 26 – Proactive phishing detection for cybersecurity and network protection

Fake Free PayPal Gift Cards revealed

This phishing campaign uses “Free $750 PayPal Gift Cards” via social media and pop-ups to lure victims, characterizing a classic survey scam designed to harvest personal data and distribute malware. Victims are induced through a fake, high-value reward offer, ultimately leading to data theft through “verification” steps that require inputting sensitive information or downloading malicious applications. You can read the full case analysis at antiphishing.biz.

Screenshot #1: The Landing Page (The Hook)

The Trap: Displays a professional-looking “PayPal Gift Card” with high-value amounts. It uses official logos and colors to build trust.

The Psychology: “Free money” triggers an impulsive reaction. The user is asked to click a button to “Claim” or “Win,” which begins the redirection to the malicious forms.

Actual screenshot 2 of "Fake Free PayPal Gift Cards revealed" phishing interface captured during link moderation on our platform. — Figure 2: Actual screenshot of the live scam infrastructure captured during routine moderation.

Screenshot #2: The Fake Survey / Verification

The Trap: The site asks simple questions like “How often do you use PayPal?” or “Which brand do you prefer?”

The Intent: This is a “Low-Friction” tactic. By making the user perform small tasks, the scammer builds “investment” and commitment, making the victim more likely to provide sensitive data in the next step.

Actual screenshot 3 of "Fake Free PayPal Gift Cards revealed" phishing interface captured during link moderation on our platform. — Figure 3: Actual screenshot of the live scam infrastructure captured during routine moderation.

Screenshot #3: Personal Data Harvesting (Fullz)

The Trap: To “receive the gift card,” the user is asked for their Full Name, Home Address, and Date of Birth.

The Impact: This information is sold on the Dark Web as “Fullz” (full identity profiles). It allows criminals to bypass security questions on other accounts or commit identity theft.

Actual screenshot 4 of "Fake Free PayPal Gift Cards revealed" phishing interface captured during link moderation on our platform. — Figure 4: Actual screenshot of the live scam infrastructure captured during routine moderation.

Screenshot #4: The Payment / Shipping Fee Form (The Kill)

The Trap: The final step claims a small “Processing Fee” or “Shipping Charge” ($1.00 – $2.00) is required to send the gift card.

The Impact: This form is a Credit Card Skimmer. Once you enter your Card Number, Expiry, and CVV, the attacker has full access to your funds. The “gift card” never arrives, but the fraudulent charges start immediately.

Here is the detailed breakdown of the Fake PayPal Gift Card scam . This is a classic “Reward Bait” scheme used to harvest financial data and personal information.

Fake “Free PayPal Gift Cards” Scam

Target: Global PayPal users looking for discounts or rewards.
Threat Level: High (Financial Fraud & Identity Theft)

Phishing Method Description

This attack uses Social Engineering by promising a “Free $750 PayPal Gift Card” or similar high-value rewards. These scams are often spread via social media ads, WhatsApp messages, or “reward” websites. The goal is to lead the victim through a series of “verification steps” that eventually steal their credit card data and account credentials.

Protection Measures (Safety Rules)

1. The “Too Good to Be True” Rule:
PayPal (and other major companies) does not give away $500 or $750 gift cards for free via third-party websites or surveys. If the offer seems excessive, it is 100% a scam.
2. Check the Domain (URL):
Official PayPal offers only exist on ://paypal.com. Any other domain (e.g., paypal-rewards-2024.net, win-paypal-gift.xyz) is a phishing site.
3. Never Pay to Receive a Prize:
A legitimate prize or gift card should never require you to provide your credit card’s CVV code or pay a “verification fee.” This is the primary red flag for financial skimming.
4. Official Communication Only:
Check your official PayPal app or log in directly to paypal.com. If there is a real reward, it will be listed in your Rewards or Offers section inside your secure account.

Facebook phishing page in Arabic revealed

This screenshot shows an Arabic‑language phishing page impersonating Facebook, designed to steal login credentials (email/phone and password). The page is hosted on a suspicious domain and uses a fake registration or login prompt.

Security Notice: This spoofed page was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our daily link moderation procedures. To protect the public, the phishing source domain has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.

Actual screenshot of "Facebook phishing page in Arabic revealed" phishing interface captured during link moderation on our platform. — Figure 1: Live screenshot of the live scam infrastructure captured during routine moderation.

Threat Analysis: Facebook Phishing – Credential Harvesting

How it works:
The victim receives a phishing email, SMS, or social media message claiming a security alert, account suspension, or the need to verify their information. The link leads to this page, which mimics the Facebook login interface. The victim is asked to enter their email address or phone number and password, then click a button (likely labeled “login” or “register”). The credentials are captured and sent to the attacker.

The goal:
The attacker steals Facebook account credentials to:

Access private messages and personal information
Post spam, scams, or malicious links from a trusted account
Spread the phishing attack to the victim’s friends
Use the same email/password combination to compromise other accounts (if credentials are reused)

Red flags to watch for:

Suspicious URL: The page is hosted on a domain like نتجاهاص.xyz – a random, non‑Facebook domain. Legitimate Facebook login pages are only on facebook.com.
Poor Arabic grammar / typos: The text contains errors and awkward phrasing that would not appear on an official Facebook page.
Unsolicited login request: Facebook does not send links requiring users to log in to resolve account issues.
Minimal design: The page lacks Facebook’s full branding, security notices, and two‑factor authentication options.
No personalization: Genuine Facebook login pages often show a profile image or account selection after entering an email.

What to do if you encounter this:

Do not enter your email/phone or password.
If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA).
Always access Facebook by typing facebook.com directly into your browser.
Report the phishing page to Facebook (via the official reporting tools).

Protective measures:

Bookmark the official Facebook login page and use that bookmark.
Use a password manager – it will autofill only on legitimate facebook.com domains.
Enable two‑factor authentication on your Facebook account (using an authenticator app).
Be suspicious of any unsolicited message that asks you to log in.

Facebook Messenger phishing page detected

Incident Report: This scam layout was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the phishing source domain has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Threat Analysis: Facebook Phishing – Credential Harvesting

The goal:
The attacker steals Facebook account credentials to:

Access private messages and personal information
Post spam, scams, or malicious links from a trusted account
Spread the phishing attack to the victim’s friends
Use the same email/password combination to compromise other accounts (if credentials are reused)

Red flags to watch for:

Suspicious URL: The page is hosted on a domain like نتجاهاص.xyz – a random, non‑Facebook domain. Legitimate Facebook login pages are only on facebook.com.
Poor Arabic grammar / typos: The text contains errors and awkward phrasing that would not appear on an official Facebook page.
Unsolicited login request: Facebook does not send links requiring users to log in to resolve account issues.
Minimal design: The page lacks Facebook’s full branding, security notices, and two‑factor authentication options.
No personalization: Genuine Facebook login pages often show a profile image or account selection after entering an email.

What to do if you encounter this:

Do not enter your email/phone or password.
If you have already entered your credentials, change your Facebook password immediately and enable two‑factor authentication (2FA).
Always access Facebook by typing facebook.com directly into your browser.
Report the phishing page to Facebook (via the official reporting tools).

Protective measures:

Bookmark the official Facebook login page and use that bookmark.
Use a password manager – it will autofill only on legitimate facebook.com domains.
Enable two‑factor authentication on your Facebook account (using an authenticator app).
Be suspicious of any unsolicited message that asks you to log in.

Mirae Asset Credit phishing pages in Vietnamese detected

This screenshot shows a phishing page impersonating Mirae Asset (a financial services company), targeting Vietnamese‑speaking users. The page asks for a phone number and password, with options to log in or register.

Security Notice: This malicious interface was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the hostile origin link has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Mirae Asset Credit phishing pages in Vietnamese detected" phishing interface captured during link moderation on our platform. — Figure 1: Live screenshot of the active phishing operation isolated on our infrastructure.

Phishing Analysis Mirae Asset Credit Login Scam (Vietnamese)

How it works:
The victim receives a phishing email or SMS claiming an account issue, investment opportunity, or security update. The link leads to this fake login page. The victim enters their phone number and password, then clicks “đăng nhập” (login). Credentials are captured.

Red flags:

Suspicious URL: The page is hosted on a domain that is not the official Mirae Asset Vietnam domain (which would end with .com.vn or similar).
Generic design: No Mirae Asset logo, security notices, or personalized elements.
Unsolicited login request: Mirae Asset does not send links requiring users to log in via third‑party pages.

What to do:

Do not enter your phone number or password.
If you are a Mirae Asset customer, always access your account by typing the official website URL directly.
If you already entered credentials, contact Mirae Asset immediately and change any reused passwords.

Facebook Messenger phishing page revealed

This phishing campaign targeting Facebook Messenger users utilizes social engineering, where compromised accounts send fake “shocking video” links to contacts, leading to fraudulent, mobile-optimized login pages. Attackers capture credentials and 2FA codes in real-time, enabling account takeover and further distribution of the malware.

Analysis Memo: This spoofed page was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.

Actual screenshot of "Facebook Messenger phishing page revealed" phishing interface captured during link moderation on our platform. — Figure 1: Verified screenshot of the ongoing fraudulent campaign captured during routine moderation.

Cybersecurity Measures: How to Avoid Messenger Phishing

To protect your Facebook account and personal data from being hijacked, follow these essential safety rules:

1. The “Think Before You Click” Rule

Phishing messages in Messenger often use “Bait” phrases like:

“Is this you in this video?”
“Look what someone said about you…”
“I found this old photo of us!”
Action: Even if the message comes from a friend, do not click the link. Their account may have already been compromised and is now automatically sending spam to all their contacts.

2. Verify the Login Page (URL)

If you click a link and it asks you to “Log in to Facebook to see the content,” check the address bar immediately:

Official: facebook.com or ://facebook.com.
Fake: facebook-login-video.net, secure-fb-check.online, m-facebook.web.app.
Action: If the URL looks strange or long, close the tab. Facebook will never ask you to log in again if you are already using the Messenger app.

3. Enable Two-Factor Authentication (2FA)

This is your most powerful defense. If a scammer steals your password, they still won’t be able to log in without the code from your phone.

Action: Go to Settings > Security and Login > Use two-factor authentication. Use an Authentication App (like Google Authenticator) instead of SMS for maximum security.

4. Use the “In-App” Verification

If you receive a suspicious message from a friend, contact them through a different channel (call them, text them via WhatsApp, or speak in person).

Action: Ask them: “Did you just send me a link in Messenger?” Usually, they will be surprised to learn their account is sending spam.

5. Keep Your Browser and Apps Updated

Modern browsers (Chrome, Safari, Firefox) have built-in “Safe Browsing” features that block known phishing sites.

Action: Always install the latest updates for your smartphone and browser to ensure you have the newest anti-phishing filters.

6. Use a Password Manager

Password managers (like Bitwarden, LastPass, or 1Password) identify sites by their URL.

Action: If you are on a fake Facebook site, your password manager will not auto-fill your credentials. This is a clear technical warning that the site is a fraud.

Orange phishing page detected

This screenshot shows a phishing page impersonating Orange, a major French telecommunications provider. The page is hosted on a free website builder (Strikingly) and mimics Orange’s login portal to steal email address / mobile number and password.

Analysis Memo: This deceptive layout was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the dangerous destination URL has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.

Actual screenshot of "Orange phishing page detected" phishing interface captured during link moderation on our platform. — Figure 1: Verified screenshot of the ongoing fraudulent campaign isolated on our infrastructure.

Threat Analysis: Orange Phishing – Fake “PortalOrange” Login Page

How it works:
The victim receives a phishing email, SMS, or message claiming a security alert, account issue, or unread notifications. The link leads to this page, which mimics the Orange login interface. The victim is asked to enter their Orange account identifier (email or mobile number) and password, then click “S’identifier” (Sign in). The credentials are captured and sent to the attacker.

The goal:
The attacker steals Orange account credentials to:

Access the victim’s personal information, billing details, and phone services
Port the victim’s phone number (SIM swapping) to bypass SMS‑based two‑factor authentication for banking or other accounts
Use the account to send further phishing messages

Red flags to watch for:

Suspicious URL: The page is hosted on a Strikingly subdomain (site-7190390-1998-7617.mystrikingly.com), not orange.fr or any official Orange domain. Strikingly is a free website builder – legitimate telecom providers do not use it for login pages.
Generic design / missing security features: The page uses the Orange logo but lacks the full navigation, security notices, and two‑factor authentication options present on the real Orange login portal.
Unsolicited login request: Orange does not send links requiring customers to log in to resolve account issues or check notifications.
“PORTALORANGE” and “AUTHENTIFICATION” wording: While these terms are used by Orange, the overall layout and the fact that it is on a third‑party domain are clear giveaways.

What to do if you encounter this:

Do not enter your Orange identifier or password.
If you are an Orange customer, always access your account by typing orange.fr directly into your browser or using the official Orange app.
If you have already entered your credentials, change your Orange password immediately and contact Orange customer service to secure your account and watch for SIM swapping attempts.
Report the phishing page to Orange’s fraud team (e.g., via spam.orange.fr).

Protective measures:

Bookmark the official Orange login page and use that bookmark.
Use a password manager – it will not autofill on fake domains.
Enable two‑factor authentication on your Orange account if available.
Be suspicious of any unsolicited message that asks you to log in via a link.
Never log in on pages hosted on free website builders (Strikingly, Wix, Weebly, etc.) – these are almost never legitimate for banking or telecom services.

Microsoft phishing page in Spanish detected

A Spanish-language phishing campaign targeting Microsoft 365, Outlook, and OneDrive users utilizes fake document-sharing notifications to harvest credentials via cloned login pages. This attack pressures victims with a “Shared Document” pretext to enter their email and password on a fraudulent site designed to steal login data and bypass security checks. The case emphasizes the need to inspect URLs for official Microsoft domains and verify unexpected shared document notifications.

Threat Intel: This scam layout was logged, cross-checked, and neutralized firsthand by the Antiphishing.biz security team during our standard URL vetting operations. To protect the public, the phishing source domain has been completely disabled within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.

Actual screenshot of "Microsoft phishing page in Spanish detected" phishing interface captured during link moderation on our platform. — Figure 1: Actual screenshot of the live scam infrastructure captured during routine moderation.

Cybersecurity Measures: How to Avoid Microsoft Phishing (Spanish/Global)

To protect your Microsoft / Office 365 account and prevent sensitive documents from being stolen, follow these essential safety rules:

1. Verify the Domain (The URL Rule)

Phishing sites often use lookalike domains to trick Spanish-speaking users (e.g., microsoft-inicio.com, seguridad-office365.online, verificar-cuenta.net).

Action: Official Microsoft login pages always reside on microsoft.com, live.com, or outlook.com. If the address bar shows anything else, close the window immediately.

2. Inspect the Language and Tone

Scammers use urgent phrases in Spanish to induce panic, such as:

“Su cuenta será suspendida en 24 horas.” (Your account will be suspended in 24 hours.)
“Error de entrega de mensajes entrantes.” (Incoming message delivery error.)
“Actualización obligatoria de seguridad.” (Mandatory security update.)
Action: Microsoft will never threaten to delete your account via an email link. Real alerts appear in your official Microsoft 365 Admin Center or via system notifications.

3. Mandatory Two-Factor Authentication (2FA)

Password theft is the primary goal of this phishing page. 2FA is your final line of defense.

Action: Enable Microsoft Authenticator or an app-based 2FA. Even if the attacker steals your password, they cannot access your files without the approval notification on your smartphone.

4. The “No-Link” Policy for Login

Emails with a “Login” or “Verify Now” button are the most common entry points for threat actors.

Action: Never log in through a link sent in an email. If you receive an alert, open a new browser tab and manually type ://office.com or outlook.com to check your status safely.

5. Check the Sender’s Address

Scammers often spoof the sender’s name to say “Microsoft Support,” but the actual email address is a random domain (e.g., support@seguridad-cloud.es).

Action: Hover your mouse over the sender’s name to see the real email address. If it doesn’t end in @microsoft.com, it is a scam.

6. Use a Password Manager

Tools like Bitwarden, Dashlane, or 1Password are designed to identify sites by their URL.

Action: If you are on a phishing page, your password manager will not offer to auto-fill your credentials. This is a definitive technical warning that the site is a fraud.

Fake Facebook page detected

This screenshot shows a phishing page that mimics Facebook’s sign‑up form, designed to collect full name, email address, password, and birthday – enough personal information to steal or create a Facebook account, or to use for credential stuffing on other services.

Incident Report: This scam layout was intercepted, verified, and locked down firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the hostile origin link has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users spot lookalike phishing methods before financial damage occurs.

Actual screenshot of "Fake Facebook page detected" phishing interface captured during link moderation on our platform. — Figure 1: Visual proof of the active phishing operation isolated on our infrastructure.

Threat Analysis: Facebook Fake Registration Phishing – Full Profile Harvesting

How it works:
The victim lands on this page via a malicious link (e.g., “Claim your prize,” “Verify your account,” or “Get a free gift”). The page looks exactly like Facebook’s real sign‑up interface. The victim is asked to provide:

First name and last name
Email address (and re‑enter it)
New password
Birthday
Gender

After clicking “Sign Up,” the data is sent to the attacker. The victim may then be redirected to the real Facebook website, making the scam harder to detect.

The goal:
The attacker collects:

Email and password – to compromise the victim’s Facebook account (if the same credentials are used) or to attempt credential stuffing on other platforms
Full name, birthday, and gender – for identity theft, social engineering, or selling complete profiles on criminal markets

Red flags to watch for:

Suspicious URL: The page is hosted on a domain that is not facebook.com. Legitimate Facebook registration is only on official Facebook domains.
Unsolicited registration page: You would only see a sign‑up form if you intentionally went to Facebook to create an account. Receiving a link to a sign‑up page is always suspicious.
No HTTPS / security indicators: While not always visible in a screenshot, phishing pages often lack valid SSL certificates or show a “not secure” warning.

What to do if you encounter this:

Do not enter any personal information.
If you have already entered your email and password, change that password immediately on the real Facebook website (type facebook.com directly) and enable two‑factor authentication. Also change any other accounts that use the same password.
Always access Facebook by typing facebook.com directly into your browser.

Protective measures:

Never click links that take you to a Facebook login or sign‑up page. Type the URL manually.
Use a password manager – it will only autofill on legitimate facebook.com domains.
Enable two‑factor authentication on your Facebook account.
Be suspicious of any unsolicited link that asks you to sign up or log in, even if the page looks identical to the real one.

Credit Agricole phishing page revealed

A high-risk Crédit Agricole phishing campaign targeting French customers to steal credentials and bypass the SécuriPass system. Utilizing Man-in-the-Middle (MitM) techniques via smishing, the fake site tricks users into authorizing fraudulent device registration, allowing attackers to hijack accounts in real-time.

Incident Report: This scam layout was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the phishing source domain has been fully defanged within our infrastructure. We document and analyze these live visual patterns to help security researchers and users recognize deceptive clone designs before financial damage occurs.

Actual screenshot of "Credit Agricole phishing page revealed" phishing interface captured during link moderation on our platform. — Figure 1: Visual proof of the active phishing operation intercepted by our security systems.

Cybersecurity Measures: How to Avoid Crédit Agricole Phishing

To protect your Crédit Agricole account and prevent unauthorized transfers, follow these essential safety rules:

1. Verify the Domain (The URL Rule)

Phishing sites often use lookalike domains (e.g., mon-espace-credit-agricole.net, securite-ca-fr.online, verification-identite-client.com).

Action: The only official website for Crédit Agricole is www.credit-agricole.fr. Always check that the address bar shows exactly this domain before entering your 6-digit personal code.

2. Inspect the Virtual Keyboard

Crédit Agricole uses a randomized virtual numeric keypad to enter your personal code. Phishing sites often have a “frozen” or laggy version of this keypad to capture your clicks in real-time.

Action: If the virtual keyboard looks different, has low-resolution numbers, or doesn’t respond instantly, close the tab. It is a script designed to steal your PIN.

3. The “SécuriPass” Golden Rule

The most dangerous part of this phishing attack is the attempt to bypass SécuriPass (the bank’s mobile authorization system).

Action: Never validate a SécuriPass notification on your smartphone if you are not currently performing a specific transaction you initiated yourself. If a site asks you to “synchronize” or “update” SécuriPass by entering an SMS code, it is 100% a scam.

4. Beware of “Urgent” Account Suspension Messages

Scammers use panic-inducing phrases in French, such as:

“Votre compte a été temporairement suspendu.” (Your account has been temporarily suspended.)
“Mise à jour obligatoire de vos informations de sécurité.” (Mandatory update of your security information.)
Action: Crédit Agricole will never send you an email or SMS with a link to “unblock” your account. Real alerts will always be visible in your secure “Message Center” inside the official Ma Banque app.

5. Check the SMS Sender

Official bank messages often come from short codes (e.g., 36105). Scammers use standard 10-digit mobile numbers or spoofed names like “Info CA”.

Action: If you receive a banking alert from a mobile number you don’t recognize, delete it. Do not click the link.

6. Use the “Ma Banque” App for Everything

The safest way to manage your accounts is through the official Ma Banque app downloaded from the App Store or Google Play.

Action: Avoid using web browsers for banking on your mobile device. The app provides a sandboxed environment that is much harder for phishing sites to intercept.

La Banque Postale phishing page detected

A phishing campaign targeting La Banque Postale users in France utilizes a sophisticated Man-in-the-Middle (MitM) attack to hijack credentials and Certicode Plus codes in real-time. Scammers use SMS and email, mimicking the official bank portal, to steal login IDs, PINs, and mobile numbers, urging victims to authorize fake “security synchronizations” that actually enable fraudulent transfers.

Threat Intel: This spoofed page was detected, analyzed, and contained firsthand by the Antiphishing.biz security team during our automated link scanning workflows. To protect the public, the dangerous destination URL has been safely deactivated within our infrastructure. We document and analyze these live visual patterns to help security researchers and users detect replica fraud techniques before financial damage occurs.

Actual screenshot of "La Banque Postale phishing page detected" phishing interface captured during link moderation on our platform. — Figure 1: Actual screenshot of the live scam infrastructure intercepted by our security systems.

Cybersecurity Measures: How to Avoid La Banque Postale Phishing

To protect your La Banque Postale account and prevent unauthorized access to your funds, follow these essential safety rules:

1. Verify the Domain (The URL Rule)

Phishing sites often use deceptive lookalike domains (e.g., espace-client-labanquepostale.net, securite-labanquepostale.online, connexion-lpb-fr.com).

Action: The only official website for La Banque Postale is www.labanquepostale.fr. Always verify that the address bar displays exactly this domain before entering your user ID or your 6-digit personal password.

2. Watch Out for the “Virtual Keypad” Trap

La Banque Postale uses a randomized virtual numeric keypad to enter your password. Phishing kits often use a fake version of this keypad to capture your digits in real-time.

Action: If the virtual keypad looks blurry, takes too long to load, or behaves strangely, close the tab. This is a script designed to steal your PIN.

3. The “Certicode Plus” Golden Rule

The most critical part of this attack is the attempt to hijack Certicode Plus (the bank’s mobile security system).

Action: Never validate a Certicode Plus notification on your smartphone if you did not personally initiate a specific transaction (like adding a beneficiary or making a transfer). If a website asks you to “synchronize” or “reactivate” Certicode Plus by clicking a link, it is 100% a scam.

4. Ignore “Urgent” Account Security Alerts

Scammers use fear to induce panic, sending messages like:

“Accès bloqué : identité à confirmer.” (Access blocked: identity to be confirmed.)
“Mise à jour réglementaire de vos coordonnées.” (Regulatory update of your contact details.)
Action: La Banque Postale will never send you an email or SMS containing a link that leads directly to a login page. Real alerts are only accessible through your secure “Message Center” within the official app.

5. Check the SMS Sender Name

Official messages from the bank usually come from verified short codes. Scammers often use standard 10-digit mobile numbers or spoofed names like “Info-LBP”.

Action: If you receive a banking alert from a standard mobile number, do not trust it. Delete the message and do not click the link.

6. Use the Official “La Banque Postale” App

The safest way to manage your accounts is through the official mobile app downloaded from the App Store or Google Play Store.

Action: Whenever possible, use the app instead of a mobile browser. The app’s environment is much more secure against redirection and phishing attacks.