Phishing

Verified 07 août 2024 - Directorate for Legal and Administrative Information (Prime Minister)

Your situation

  • Other situation
  • Phishing
Edit

Phishing is the act of posing as a familiar site (e.g. a major online sales site), an official body (e.g. a bank, a tax agency, a cif, an ameli) or for a malicious person or persons one of your contacts whose account has been hacked to steal some of your personal data and/or your bank details, in particular to make use of them fraudulent (example: swindle, impersonation, etc.).

The individual can use several phishing techniques such as:

  • Emails, SMS: titleContent alarmists (which usually contain a clickable link) or spam. This is called phishing
  • Phone calls. It is therefore a question of vishing.

The most common ways to obtain your personal and/or banking information are:

  • False refund announcement
  • Urgent request for payment of a default (debt to taxes, payment of a ticket, etc.)
  • Enhancing the security of an account (for example, a bank account or payment platform)
  • Parcel delivery issue
  • Draw to win a sum of money.

In most cases, the phisher intends to collect and use your personal data and/or banking (by debiting your account or making purchases on the Internet).

Detect and process suspicious message or call

Detect Phishing

Several clues allow you to confirm that you are facing a message (e-mail/SMS: titleContent) or to a malicious call:

  • Your (up-to-date) anti-virus software can notify you when a phishing message is received
  • You are contacted by a service or business that you are not a customer of
  • The email address or phone number used does not resemble those of a familiar or official service
  • The spelling, grammar and signature used by the sender of the message seem strange to you.

In addition, your web browser provider (e.g. Google Chrome, Safari) can publish a clear and readable message to let you know that you are about to land on a site fraudulent. This message refers to an official State website and appears for a maximum period of 3 months from its publication on the internet.

This is the case if your supplier is notified by theArcom (ex-CSA and Hadopi): titleContent only one online communication service is designed to commit a swindle or return to a site fraudulent that imitates another and encourages you to communicate your personal data or to pay a sum of money.

FYI  

L'Arcom (ex-CSA and Hadopi): titleContent duty give formal notice the editors of these services to stop the offense established.

Responding to a suspicious message or call

For protect yourself against phishing :

  • You must refrain from communicating your personal information by message, mail or telephone. Indeed, administrations and large online platforms ask never Sensitive information by message or telephone
  • If the message contains a link, you should not click it. From your computer, you can place your mouse cursor over this link. In this case, the entire address to which you may be returned will be displayed. You will be able to compare this web address (URL) with the actual site.
  • If you have received a suspicious message on your computer or business laptop, you must contact the IT department of the company/administration for which you work.

Notify the bank of the phishing

In general, the purpose of phishing is to deceive you into disclosing your personal data and/or banking.

If it has some of your banking information and debits have been made to your account, you must contact your bank in order to object, to contest the transactions made and to obtain a refund.

The way to proceed depends on the information provided to the perpetrator:

Gather evidence of phishing

If you are a victim of phishing, you must keep all the evidence of this action.

He can in particular these are:

  • Message (email or SMS: titleContent) that you received
  • A screenshot of the phishing site
  • The phone number used for the vishing
  • The Internet address (URL) of the phishing site

This is essential if you report phishing or vishing or file a complaint against the phisher.

If you are victim or witness phishing or vishing, you can make a signaling the competent bodies.

The reporting services are not the same depending on the communication medium (internet or telephone) used by the author of this offense.

FYI  

All these services are open to both adults and minors.

Répondez aux questions successives et les réponses s’afficheront automatiquement

On the Internet

It is possible report suspicious email (example: a spam) or a site to which you will return a message fraudulent.

Suspicious email

If you have received a spam on one of your e-mails (e-mail address, social network, etc.), you can report using the following online service:

Spam Signal

To make your report, you must first create a “Signal Spam” account (by filling in an email address) then populate source code of the spam which you have received.

Your report is sent to the “Signal Spam” experts responsible for combating unsolicited emails and the cybercrime.

You are not informed of the outcome of your report.

However, if you wish, “Signal Spam” experts can send your report to the competent authorities (e.g. public prosecutor or the DGCCRF: titleContent). In this case, the report shall remain anonymous.

FYI  

Some phishing emails can be reported on the platform PHAROS. This platform can only be used if you are a victim or witness to a parcel delivery scam or a lottery scam.

Phishing site

If you have received a clickable link and you suspect that it may take you to a phishing site, you can report on the Phishing Initiative platform.

Report a phishing site

To make your report, you must fill in the link (the internet address) that will take you to a phishing site. You can also explain the situation to the experts on this platform.

Following your report, these experts analyze the website concerned and can block it from internet browsers (e.g. Google Chrome, Safari, Yahoo).

By telephone

If you are victim or witness of a phishing act by SMS: titleContent or by phone call, you can contact the anti-trafficking platform SMS: titleContent and unwanted calls to 33,700.

You also have the option to report using an online form or a screenshot of a QR code.

Who shall I contact

  • 33,700 - Voice or SMS Spam

    By SMS

     33,700

    Use to report a phone number that is sending spam

    Free for Bouygues Telecom, Orange, SFR, NRJ Mobile, Crédit Mutuel Mobile, CIC Mobile, Cofidis Mobile and Auchan Telecom customers.

When you report to 33,700, it is transmitted to the mobile phone operator of the sender of the message/call and to your mobile operator (if not the same). They can then conduct various shares :

  • Cut the surtax number at which the SMS: titleContent or the call prompts you to send a message
  • Cut the surcharged phone number as the SMS: titleContent or the call prompts you to contact
  • Cut Transmitter Number From SMS: titleContent or the call.

Please note

You can only report phishing on a mobile phone (example: smartphone).

If you are victim you can file a complaint against the perpetrator of the act of phishing, even if you don't know his real identity.

In the case where the sender of the message (e-mail/SMS: titleContent) or the phone call misled you to get some of your personal data and/or your bank details and use them, you can file a complaint for swindle and for impersonation.

If he's only collecting your personal data, you can complain about the collection of personal data by a means fraudulent.

Please note

Other offenses may be used against the phisher.

Répondez aux questions successives et les réponses s’afficheront automatiquement

Complaint of fraud

If you wish to file a complaint for swindleHowever, you can go to the police station or the gendarmerie brigade of your choice. You can also write to the public prosecutor.

If you don't know the perpetrator, you can file a complaint against X.

On the spot

To file a complaint, you can:

  • Make a online pre-complaint then go sign it at the police station or the gendarmerie you have chosen. This option will save you time.
  • Go directly to a police station or to the gendarme of your choice.
Who shall I contact

Police or gendarmerie services are obliged to register your complaint if you are a victim of infringement.

When filing a complaint (or signing the pre-complaint), you are received and heard by the police or gendarmerie. At the end of this interview, you will receive a receipt and a copy of your complaint if you request it.

Filing a complaint leads to a police investigation that can result in the conviction of the phisher.

If you're a civil party, you can get damages.

Please note

If you are a minor, you can report the facts at the police station or gendarmerie brigade of your choice. If you wish to obtain compensation, you must obligatory be accompanied by your legal representatives (e.g. your parents) who shall constitute a civil party in your place.

By postal mail

You can file a complaint with the public prosecutor.

To do this, you must send an email to the  court of law of the place of the offense or of the domicile of the offender.

Who shall I contact

Your mail should include the following:

  • Civil status information (your surnames, first names, etc.) and full contact details (address and telephone number)
  • Detailed account of the facts, date and place of the offense
  • Name of the alleged perpetrator if known (otherwise, the complaint will be filed against X)
  • Name and address of any witnesses to the offense
  • Description and provisional or definitive estimate of the damage
  • Evidence (example: Phishing message screenshot)
  • Possible desire to constitute yourself civil party.

You can use the following mail template:

File a complaint with the public prosecutor

You can send your complaint by registered letter with acknowledgement of receipt, by simple letter or by letter followed.

A receipt will be given to you as soon as the Public Prosecutor's Office has registered your complaint.

Filing a complaint leads to an investigation that can result in the conviction of the phisher.

If you constitute yourself civil party, you can get damages.

Please note

If you're a minor, you can report the facts, in writing, to the public prosecutor. If you wish to obtain compensation, your legal representatives (e.g. your parents) must register civil party.

Complaint of another offense

If you want to file a complaint for a phishing offense (example: impersonation or collection of personal data by fraudulent means), you can go to the police station or gendarmerie brigade of your choice. You can also write to the public prosecutor.

If you don't know the perpetrator, you can file a complaint against X.

On the spot

To file a complaint, you have to go to a police station or to the gendarme of your choice.

Who shall I contact

Police or gendarmerie services are obliged to register your complaint if you are a victim of an offense.

When you file a complaint, you are received and heard by the police or the gendarmerie. At the end of this interview, you will receive a receipt and a copy of your complaint if you request it.

Filing a complaint leads to a police investigation that can result in the conviction of the phisher.

If you're a civil party, you can get damages.

Please note

If you are a minor, you can report the facts at the police station or gendarmerie brigade of your choice. If you wish to obtain compensation, you must obligatory be accompanied by your legal representatives (e.g. your parents) who shall constitute a civil party in your place.

By postal mail

You can file a complaint with the public prosecutor.

To do this, you must send an email to the court of law of the place of the offense or of the domicile of the offender.

Who shall I contact

Your mail should include the following:

  • Civil status information (your surnames, first names, etc.) and full contact details (address and telephone number)
  • Detailed account of the facts, date and place of the offense
  • Name of the alleged perpetrator if known (otherwise, the complaint will be filed against X)
  • Name and address of any witnesses to the offense
  • Description and provisional or definitive estimate of the damage
  • Evidence (example: miscellaneous invoices, screenshot of a message)
  • Possible desire to constitute yourself civil party.

You can use the following mail template:

File a complaint with the public prosecutor

You can send your complaint by registered letter with acknowledgement of receipt, by simple letter or by letter followed.

A receipt will be given to you as soon as the Public Prosecutor's Office has registered your complaint.

Filing a complaint leads to an investigation that can result in the conviction of the phisher.

If you constitute yourself civil party, you can get damages.

Please note

If you are a minor, you can report the facts at the police station or gendarmerie brigade of your choice. If you wish to obtain compensation, you must obligatory be accompanied by your legal representatives (e.g. your parents) who shall constitute a civil party in your place.

Following your complaint, the phisher (phishing or vishing) can be prosecuted for several infringements, including:

  • Collection of personal data by a means fraudulent.

In any case, he may be sentenced to criminal sanctions by the correctional court but the penalties are different depending on the offense.

Répondez aux questions successives et les réponses s’afficheront automatiquement

Impersonation

The penalties incurred by a natural persons are different from those that a legal person.

Natural person

Identity theft committed on a online communication service shall be punishable by:

  • One year in prison
  • And from €15,000 of fine

FYI  

The perpetrator of an identity theft committed on the Internet faces additional penalties such as online platform (example: a social network) from which she committed this infringement.

This ban is valid for a maximum period of 6 months. This period may be extended to one year in case of recurrence.

Legal person

The perpetrator of identity theft committed on a online communication service shall be liable to a penalty of €75,000 of fine.

He may also be sentenced to additional penalties such as posting the court decision in the press or online.

Scamming

The penalties incurred by a natural persons are different from those that a legal person.

Natural person

The perpetrator of a phishing scam shall be liable to:

  • 5 years in prison
  • And from €375,000 of fine.

The correctional court may also issue additional penalties such as a prohibition on engaging in the professional activity during which the offense was committed.

Please note

If the individual has attempted deceive you to steal your personal data and/or banking and use them, he faces the same penalties as if the scam had taken place. This is called attempted fraud.

Legal person

The perpetrator of a phishing scam shall be liable to a fine of €1,875,000.

He may also be sentenced to additional penalties such as posting the court decision in print or online.

Please note

If the individual has attempted deceive you to steal your personal data and/or banking and use themHowever, he is liable to the same penalties as if the scam had taken place. This is called attempted fraud.

Fraudulent collection of personal data

The penalties incurred by a natural persons are different from those that a legal person.

Natural person

The phisher who has stolen some of your personal data is liable to:

  • 5 years in prison
  • And from €300,000 of fine.
Legal person

The phisher who has stolen some of your personal data is subject to an equal fine €1,500 000.

He may also be sentenced to additional penalties such as posting the court decision in print or online.

FAQ