Refund from Gouv.fr - Scam? Should we be wary?

General Discussion
1

Morning all, I received this email this morning saying that I was due a refund, and to fill the link out online.


My Mac warned that it was a phishing site so I didn't proceed, and looked more carefully at the sender's address : impots.gouv.fr@danieventos.com.br


All that shows in the 'from' bit is the "impots.gouv.fr" part, the rest only appears is you hover the mouse over it.


It does appear to be a scam, I was taken in because I'd been doing a fair bit of trawling on the gouv site for info.


If you agree, perhaps spread the word, others' computers might not pick it up.


Pity, I'd have liked the refund.


This is the email in full:


Cher (e) Client (e)

Apres les derniers calculs annuels de l'exercice de votre activité,
nous vous déterminons que vous admissible a recevoir un remboursement de 187.80 Euro



Veuillez nous soumettre s'il vous plait la demande de remboursement d’impôt pour nous permettre de la traiter dans un plus bref délai
( le délai du traitement est de 10 jours ouvert ).



>> Pour acceder au formulaire pour votre remboursement d’impôt , cliquez ici .



Un remboursement peut être retarde pour diverses raison . Par exemple la soumission du dossier non valides ou inscriptions après une certaine limite


Le Conciliateur fiscal adjoint
Philippe BERGER

Vous étés tenu de fournir un numéro de téléphone ou notre conseil pourra vous joindre .

Nous vous prions d'accepter nos excuses .

2

There are just so many of these scams, but there are loads of suckers not-very-aware computer users out there that the scammers see as easy targets. Someone I know got caught twice by essentially the same scam & is now on her third credit card in three months. She, just this afternoon, finally fell in to what had happened, though, in mitigation, she is now over 80. The message she received was the following:

---------------------------------------------------------

From: Service@SFR.Fr

Date: 20/07/2013 10:49:28

To: pppppppp.ssssssss@sfr.fr

Subject: Merci de bien lire ce message.

votre numéro client : 0087673231

votre références client : 1-JFSTPFA


Bonjour,


Sfr a le plaisir de vous compter parmi ses client(e)s et vous remercie de votre fidélité.

Le paiement de votre dernière facture, d'un montant 41,40€ TTC relative à votre compte n'est pas validé.

Veuillez effectuer votre réglement afin de continuez à profiter de l'ensemble de nos services Vous pouvez effectuez votre paiement dès aujourd'hui.

Utilisez pour cela votre carte bancaire - c'est très facile et rapide.

cliquent ici pour effectuer votre réglement.

En cas d'échec de règlement de votre situation, nous procèderons à la suspension de votre fourniture d'énergie. Cette intervention vous sera facturée.

Vous pouvez gérer à tout moment votre compte sur sfr.fr > espace client.

-----------------------------------------------------------------------------------------

Of course, €41.40 wasn't the amount of her real bill & the customer & client references weren't correct, but she clicked on the link two months in succession & filled in all her details. This was, of course, akin to the old Goons instruction "Open your wallet & say after me 'Help yourself'" and the scammers did just that. She hadn't noticed that what would happen if she didn't reply was that they would suspend the supply of energy! Strange, seeing as she bought internet & phone services from them. I wonder how many of you reading this here also noticed that.

For loads of ways by which others have generated phishing scams, including the one that hit my friend, see this link from SFR's Security Department

3

It is obviously not from a government site as they are apologising!!

4

There is a simple solution to these things usually. Number one is to go to impots.gouv.fr then work back from that to see if you can find anything that gets you to something resembling 'danieventos.com.br' (which you will note I have just deactivated for my own sakes) which is instantly suspicious because it finishes with Brazil (br). Philippe BERGER may well be real, if so and you track him down then copy him the scam. Number two, sure they now inform by email when a 'remboursement' is due but it is a no reply, no action message only which will be followed up by paper notification and now their preference is to direct debit you or send a cheque. If you are an AE or other kind of entrepreneur you will have your arrangements with URSSAF/RSI or whoever set up already and no email of this nature will be sent to you anyway.

It's a scam. Let people know, inform the appropriate authorities, otherwise unless you have reason to do the people in Brazil over (;-) let it go. But good that you have put it up here at least, may save a few other people some grief.

5

Ooh, I didn't know you could do that with the link - thanks Sheila! As to the rest, I'd realised it was a scam but thought it a good idea to post here so others might be alerted to it.

And yes, Andrew, I'd always received a cheque before, it was only because I'd been filling things out online that I thought I must have created a secure password protected environment although I didn't remember having done so. But that's not so unusual these days!!

6

It's a very obvious scam. Don't rely on your computer's anti-virus/phishing protection to pick it up, and remember the mantra "If it looks too good to be true, then it is!"

Regardless of whatever email software you are using, they will all offer a method of looking at the sender's full email address. Mousing over the provided link also shows you to what website you will be directed, in this case: http://www.hebrjazijk. com/

7

scam! I've had rebates, get them most years and they're never done like that. clicked the link and it was blocked because it's not 100%. They send you a cheque when you get a rebate ;-)