Taking advantage of the compensation campaign for Navigo Pass users which will begin soon, scammers are trying to scam users with fraudulent emails and clone sites very similar to the original.
As soon as a particular event takes place, the crooks point the tip of their nose! Whether it’s filing your tax returns, taking care of your retirement, booking your train tickets for a vacation or buying your tickets for the Olympics, you can be sure to see phishing campaigns flourish! Right now, malicious people are taking advantage of the Navigo Pass reimbursement campaign, following the multiple strikes against the pension reform, to usurp the identity of Île-de-France Mobilités. While the operation is due to begin on July 5, journalists have spotted emails offering refunds now.
Pass Navigo scam: a fraudulent clone site of Île-de-France Mobilités
The crooks took pains to be as credible as possible, using the aesthetics and the logo of the company – too bad that many spelling mistakes come to alert us. The message indicates that “all travelers from Île-de-France with a Navigo pass between September 2022 and June 2023 can request reimbursement for half a month, i.e. €37.60”. However, it is written that the compensation campaign has been open since July 3, which is false. A way to entice you to click on a link in order to get your money back.
The link included in the email leads to a clone site of the RATP which, again, uses the aesthetics and the logo of the company in order to mislead the less informed people – but the pages are still full of spelling mistakes . The domain name (www.iledefrance.mobilites.fr) is also quite credible – only the punctuation changes compared to the official site, www.iledefrance-mobilites.fr. You are asked to enter your identifiers – any of them will do – and then your bank details. Of course, these will be transmitted to cybercriminals, who can then be happy to empty your bank account. As of this writing, the site is already rated as malicious by Google, but others should quickly take its place.
To avoid being tricked, always check the sender’s address of the emails you receive. Normally, the RATP should contact you via “[email protected]” or “[email protected]”. Also check the domain name. Here, www.iledefrance.mobilites.fr was registered on July 3 and is hosted on a server in Russia that has been linked to other scam attempts before. In short, there is no doubt that this is a fraudulent site. If you are ever the target of an online or SMS scam, immediately forward the message to 33 700, a platform specializing in reporting scams, to Signal Spam or to Pharos. You can also report these fraudulent messages to the site internet-signalement.gouv.fr. Then block the sender’s number to stop being bothered.