Warnings have been issued over a new scam advertising an exceptionally cheap SNCF railcard.
Using a page that resembled the official website of France’s state-owned railway operator SNCF, fraudsters enticed people to sign up for the €1.95 card.
While no such card existed, the real scam comes afterwards, when scammers use the personal information gathered to pose as banking staff and gain access to people’s bank accounts.
Although the website offering the card has now been taken down, anyone who signed up for the card originally could still be targeted by hackers, with the SNCF and banks urging people to be aware of the scam and not hand over banking details when on the telephone.
Cheap ticket attracted customers
The scam worked on a number of levels but managed to get people to hand over their bank account information with the promise of discounted travel.
“The SNCF is very expensive. If you can travel just about anywhere with a card, that's great,” Christine, a victim of the scam, told the French television channel TF1.
“You think it doesn't cost anything, so it's easy to do. At worst, you'll have lost two euros,” said cybersecurity expert François Deruty.
Alongside the low cost enticing potential customers to purchase the railcard, the website’s professional look also added authenticity to the scam.
“For a long time, the little padlock was a sign of security,” added Mr Deruty.
The ‘little padlock’ in question is the symbol you see next to a website’s URL (the place where the website’s address, such as connexionfrance.com is shown).
“Today, it's still necessary, but it's not enough [to show a website is safe]. It's really the connection to that site that's secure, but it's not necessarily the site itself that's trustworthy", says François Deruty.
Despite the website looking similar to an official SNCF page, one telltale sign for Mr Deruty that the page was a scam was the praiseworthy comments left by others.
The Facebook page advertising the railcard contained nothing but glowing reviews for the card in the comments section, posted by accounts which seemed fake.
Scammers pose as bank staff
Although those who ‘purchased’ the railcard received nothing and probably put it down to a scam to make a quick buck, the real danger came afterwards.
The website was only the first part of a wider scam, looking to swindle innocent travellers out of far more than €1.95.
“You can lose a lot more [money] when your information is circling on the internet,” said Mr Deruty.
A few days after obtaining their information, the scammers would call these individuals, posing as a staff member from their bank, asking them to hand over sensitive information to access their bank account.
They collected all the information needed to seem like a staff member – phone number, address, name, and all information about the person’s bank card – from them signing up for the railcard.
The Facebook page and subsequent website have been deleted and SNCF is going to lodge a complaint over the scam.
But the chances of a refund seem low, however.
“There are so many attacks and in particular all these cases of petty crime, of scams [on the internet],” said journalist Mathilde Saliou.
“It's very complicated to prosecute everyone,” she added.