A “pass notice scam” takes advantage of a computer failure at La Poste

Share This Post

- Advertisement -

The city of Montpellier seems affected by a campaign of scams. Residents have received fake delivery notices from La Poste redirecting them to a site asking for their bank details.

It is a curious letter that Flavio Pérez received on August 23. After leaving the letter lying around for a few days, this technical director of an animation film studio investigated this strange passing notice. But after some checking, the Montpellier resident spots the scam.

- Advertisement -

Physical identity theft

The delivery notice indicates that a registered letter with acknowledgment of receipt could not be delivered and invites you to schedule a new delivery. The only problem is that the entered link, as well as the QR code to scan, redirect to a fraudulent site, where the trapped person is invited to enter their bank details.

Luckily, this Montpellier resident is alert to phishing attempts, those scams that take the form of emails or SMS with the colors of an establishment known to the victim, such as their bank or telephone operator.

- Advertisement -

Several elements alert Flavio Pérez. First, the size of the abnormally long URL disturbs her. So the printing of the document is not accurate. In addition, the quality of the paper seems similar to that of a page printed at home.

In the document, other clues betray the attempted scam. The tracking number is printed directly on the delivery notice. Normally, it is the postman who communicates it himself in pen or by means of a label. On Twitter, some have also noted that the tracking number used is the one offered as an example on the La Poste website.

Flaw of a redirect tool

If he claims to have had doubts, a detail just convinced him to open the link. “When I pointed to the QR code, I saw that the URL pointed to the La Poste site, says Flavio Pérez. So I opened it.” But once clicked, the link finally sends him to an unknown site, which ends up confirming his suspicions.

This display is not due to an error. It is about exploiting a bug in an internal tool of the French company.

Since the alert launched by Flavio Pérez on Twitter on August 28, the site indicated by the false notice of passage has been deactivated. However, the Montpellier resident has received several testimonials from people who have also found the fraudulent document in his mailbox. “At least two or three on Twitter”, he specifies. The other affected inhabitants live in different neighborhoods of Montpellier, which keeps the mystery of the distribution of this scam, at least original.

Contacted by Tech & Co, a spokesperson for La Poste states that the company itself has deactivated the link present in the notice of passage. At the moment, the action seems very localized and is limited only to the city of Montpellier.

“This hybrid attempt of paper and digital is a novelty, recognizes the spokesman. But that makes it difficult to implement, as it requires significant logistics.” A patch is already being tested to remove the ability to redirect to any site. It should roll out in the next few days.

In early July, the La Poste Mobile website had been the target of a cyberattack. Claimed by the Russian-speaking group of hackers LockBit 3.0, this operation led to the dissemination of the personal data of thousands of customers of the fifth largest telephone operator in France.

Author: pierre monnier
Source: BFM TV

- Advertisement -

Related Posts