Driving to France this summer? Watch out for scam websites before you go

Cyber Security

Scammers don’t take the summer off – be on your guard when buying your Crit’Air sticker

If you drive your own vehicle in certain regions of France at certain times, you will need to purchase a special ‘clean air sticker’ called Crit’Air or risk facing a fine from the French government. Similar schemes already exist in the UK with the low emission zone in central London, and the sticker to prove you have paid is considerably less than the fine.

A quick Google search will show you the site that supplies Crit’Air stickers, as well as many other sites with guidance the stickers are required for all vehicles entering selected regions of France. Once you have located the official website, it is initially in French but you can see the English and German versions at the hit of a button and then start filling the form out.

Figure 1. Legitimate site selling Crit’Air vignettes –https://www.certificat-air.gouv.fr/.

Now, this website is not illicit – quite the opposite. Indeed, the problem isn’t the official website; it’s the fact that it’s extremely easy to create an impostor site and heavily promote it and, using some clever SEO tactics, possibly even push it up the Google rankings. In fact, the threat is not purely theoretical and multiple people have reported being ripped off when buying their Crit’Air vignettes from sites that claimed to represent the French government [1, 2, 3, 4].

Compounding things further, the amount of data that the legitimate website requests is rather a lot to give, especially to a site that you may have never heard of, and may be in another language at that.

Figure 2. Information requested by the legitimate site selling Crit’Air stickers

Holiday makers who are in a hurry to fill out a new form and with few places to check its authenticity could eventually lose their money or data. Scammers could cleverly use this tactic especially when people may think of the vignette as a minor, but necessary, annoyance before setting off on their holiday.

Beware the copycats

The genuine website even states:

You can be sure that you are on the official site if the ministry’s logo is displayed and the site address ends in .gouv.fr.

Beware of intermediaries and fraudulent sites.

But since when did that stop any cybercriminal from copying the logo and changing the wording to match any prefix they choose on the fake? Or use domain names of the form www.certificat-air.gouv.fr.example.com or URLs of the form example.com/www.certificat-air.gouv.fr that rely on less than careful checking by people with less-than-perfect knowledge? Or just remove that small piece of text from the copied site content?

In other words, as a scammer, you do not have to successfully trick every possible victim for your site to successfully make you some quick, and almost free, money. Also, sensitive information is often sold on the dark web and other illicit channels and you should also be aware of secondary phishing email attacks should you have filled in a potentially fraudulent form.

Again, the problem doesn’t lie with the Crit’Air website; it is the fact that cybercriminals continue to copy genuine sites and direct people to fraudulent sites in order to steal their valuable and personal data from right under their fingertips. Furthermore, without knowing it is a scam, people could still be liable for a fine without purchasing the legitimate sticker to drive in France.

How to get your Crit’Air sticker safely

As cybercriminals will pounce on any given opportunity to steal data and money, you need to be very careful before submitting your personal and financial information on any website, doubly so if you visit a website for the first time. In this particular case, it’s probably best to type the URL in by hand, and make sure you type it correctly: certificat-air.gouv.fr.

That should keep you protected. Happy holidaying!

Products You May Like

Articles You May Like

THN Cybersecurity Recap: Top Threats, Tools and News (Oct 21 – Oct 27)
ESET Research Podcast: CosmicBeetle
Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
Researchers Uncover Python Package Targeting Crypto Wallets with Malicious Code

Leave a Reply

Your email address will not be published. Required fields are marked *