A new form of scam, both surprising and ingenious, is spreading in France: it starts in your letterbox, with a fake delivery notice from La Poste, and it ends on the Internet where cybercriminals seek to recover your bank details. What’s going on ?
For the start of the 2022 school year, a new form of scam seems to be emerging, based on a fake delivery notice that you will receive directly in your mailbox. At first glance, it seems legitimate, and we must admit that when it comes to a delivery notice from La Poste, and that we have the piece of paper in our hands, we do not think directly of a scam. ! The transit advice note contains the tracking number used by La Poste as an example on its website: 6Q01929938641. But hey, at the time, we can not guess.
It was user Flavio Perez who relayed this scam on Twitter, and quickly, many people took part in the discussion. Look at the image below, and you will see that the notice of passage may seem legitimate at first glance.
Oh it looks like a nice scam on the back of La Posre (@lisalaposte how do we do?. Received in my box. Very easy to believe it and end up giving your credit card information! pic.twitter.com/5V6WlL43wI
— Flavio Perez (@flablog) August 28, 2022
The link specified on the fake delivery notice and the QR code both refer to the official La Poste websitebefore redirecting you to the malicious site that relies on the domain “laposteaide.fr”. In fact, this attack exploits a vulnerability of the La Poste site which allows to be redirected to any address. Once on the malicious site, you must enter your bank details with a view to benefiting froma new delivery of your package. We can also imagine that some suspicious people went directly to a La Poste agency.
As of this writing, the redirect is still working. For example, the address below directs me to IT-Connect:
https://laposte.fr/switch-site?switchSiteRequestURI=https://www.it-connect.fr
A boon for cybercriminals, because from a legitimate link, it becomes possible to redirect potential victims to a malicious site! From now on, the malicious site “laposteaide.fr” is unavailable, which is good news and should prevent people from being trapped. However, we don’t know if other fake transit reviews in circulation redirect to a different site. Ideally, La Poste should correct this vulnerability on its website. At the moment, this scam seems to be spreading in the city of Montpellier. Mistrust.