55logo mikael le bot avocat

Fake Bank Card Scam: Beware of This New Trap That Drains Your Accounts

  • Banking Law
A new sophisticated scam is circulating in France. Fraudsters send fake bank cards by post with a malicious QR code. The goal: steal your personal data and drain your accounts in minutes. Here is everything you need to know to protect yourself.

🚨 Security Alert from the National Police

A new, particularly sophisticated scam is currently circulating in France. Fraudsters are sending fake bank cards by postal mail, accompanied by a malicious QR code. The objective: to steal your personal data and drain your accounts within minutes.

You open your letterbox and find a letter from your bank containing a new bank card. Everything appears legitimate. However, it may be the beginning of a scam that could cost you thousands of euros. Here is everything you need to know to protect yourself.

What is the fake bank card scam?

At the beginning of 2026, a new form of banking fraud is gaining momentum in France. Unlike the classic SMS or email scams that we have learned to recognise, this one uses a channel we still consider “safe”: postal mail.

The principle is simple but devastatingly effective. You receive an envelope that looks in every respect like an official letter from your bank. Inside, a bank card that appears authentic, accompanied by a message inviting you to activate it quickly by scanning a QR code. This is precisely where the trap lies.

💡 Did you know?

This technique is called “quishing” (a contraction of “QR code” and “phishing”). QR codes, which have become ubiquitous since the pandemic, are now being hijacked by cybercriminals to steal your banking data.

How does this scam work? The method explained

visuel 1 schema arnaque

Step 1: The letter that appears perfectly legitimate

Everything begins with the receipt of a postal letter that reproduces the identity of your bank with disturbing accuracy. The fraudsters spare no expense:

  • High-quality official bank logo
  • Professional letterhead
  • Authentic colours and typography
  • Careful layout that mimics genuine bank correspondence

Inside, you find a counterfeit bank card equipped with a chip (non-functional), a printed magnetic strip, and your bank’s logo. At first glance, nothing arouses suspicion.

Step 2: The urgent message that pushes you to act

The letter accompanying the fake card uses well-established social engineering techniques. Typical messages look like this:

“Your bank card must be replaced urgently for security reasons. We have detected a security vulnerability on your old card. Please activate your new, more secure card within 48 hours to avoid your account being blocked.”

These formulations create a sense of urgency that short-circuits your critical thinking. You tell yourself: “If I don’t act quickly, my account will be blocked!” That is precisely the reaction the fraudsters are looking for.

Step 3: The QR code, the heart of the scam

To “activate” this supposed new card, the letter invites you to scan a QR code. On the surface, this may seem modern and convenient. After all, we scan QR codes daily at restaurants, on public transport, to make payments…

But here is what actually happens:

By scanning this QR code with your smartphone, you are immediately redirected to a fake website that perfectly imitates the official portal of your bank. This copy is so convincing that it can deceive even vigilant users: the same URL in appearance, the same interface, the same colours, the same layout of elements.

On this fraudulent site, you are asked for several pieces of information:

  • Your online banking login credentials
  • Your personal password
  • The full number of your current bank card
  • The security code (CVV) on the back of your card
  • Validation codes received by SMS
  • Sometimes even your date of birth and full address

Step 4: The rapid theft of your data and money

As soon as you submit the form, your information is instantly transmitted to the cybercriminals. With these data in hand, they have total access to your bank accounts.

The consequences can be catastrophic:

  • Immediate fraudulent transfers to accounts abroad
  • Massive online purchases before you realise the fraud
  • Identity theft to take out credit in your name
  • Opening of new bank accounts in your name
  • Sale of your personal data on the dark web

According to law enforcement, some victims have had their accounts emptied within minutes, with losses potentially reaching tens of thousands of euros.

Why does this scam work so well?

You may wonder: “How can anyone fall for such a trap?” The answer is more complex than it appears. This scam exploits several psychological and technological vulnerabilities:

1. The trust placed in postal mail

We have learned to be wary of suspicious emails and text messages. But postal mail? It still retains an aura of legitimacy. Receiving a physical letter seems more “serious” than a simple electronic message.

2. The invisibility of the malicious link

With a phishing email, you can hover over the link with your mouse to see the destination URL. With a QR code, that is impossible. You scan blindly, without knowing where you will end up.

3. Bypassing security filters

Anti-spam and anti-phishing systems that protect our email inboxes are ineffective against QR codes. These codes are merely images, invisible to security software that analyses text links.

4. The vulnerability of smartphones

According to a recent study by NordVPN, 41% of French people never check before scanning a QR code. Moreover, our phones generally have less robust protections than our computers.

5. The urgency effect that paralyses reflection

Urgent messages (“within 48 hours”, “risk of account blocking”) create stress that inhibits our capacity for critical thinking. We act impulsively, without taking the time to analyse the situation.

📊 The scale of the phenomenon in figures

visuel 2 statistiques

EUR 618 million

Total amount of banking fraud in France in 2025 (+7% vs 2024)

EUR 245 million

Manipulation fraud (including quishing), up 37% year-on-year

54%

Of French people have been victims of an attempted banking data scam

1 in 10 people

Has actually been a victim of a banking scam

1,190 sites

Fraudulent sites placed on the blacklist in 2025

Source: Banque de France, Observatoire de la sécurité des moyens de paiement, FBF (2025-2026)

How to recognise this scam? Warning signs

visuel 4 signaux alerte

Fortunately, despite their sophistication, these scams present several clues that allow them to be unmasked. Here is what to check:

🔴 Warning signs on the card

  • Total or partial absence of the cardholder’s name
  • Incomplete or absent card number
  • No visible expiry date
  • The card is rejected by ATMs
  • Non-functional chip and magnetic strip

🔴 Warning signs on the letter

  • Unsolicited card (no prior notification)
  • Presence of a QR code for “activation”
  • Message creating a sense of urgency
  • Request to update your data
  • Unusual tone or spelling mistakes

GOLDEN RULE TO REMEMBER:

A bank NEVER sends you a bank card without having informed you in advance through another channel. Card activation is NEVER done via a QR code received by post.

What to do if you receive this type of letter?

visuel 3 checklist securite

Immediate reflexes (even if you have not scanned anything)

✅ DO IMMEDIATELY:

  • Do not scan the QR code under any circumstances — It is the gateway to the fraudulent website
  • Keep the letter as evidence — It will be useful for your report
  • Contact your bank through official channels (the number on the back of your real card or the official mobile app)
  • Report it on MaSécurité (masecurite.interieur.gouv.fr) to alert the authorities
  • Warn those close to you, particularly elderly individuals who are more vulnerable to this type of scam

If you have already scanned the QR code and entered your information

Every minute counts. Here is what to do immediately:

  1. Block your bank card without delay (unified opposition number: 0 892 705 705, available 24/7)
  2. Change all your banking passwords from a secure device
  3. Monitor your accounts several times a day for the following weeks
  4. File a complaint at the police station or gendarmerie as quickly as possible
  5. Keep all supporting documents (letter, screenshots, bank statements)
  6. Contact credit agencies to report a potential identity theft

⚖️ Your rights as a victim

If you are a victim of banking fraud, your bank must reimburse you for unauthorised transactions, unless it can prove gross negligence on your part. Keep all evidence and do not hesitate to seek assistance from a consumer association if necessary.

How to protect yourself effectively? The complete guide

Protect your banking information

The first line of defence is you. Here are the essential best practices:

  • Never share your codes — Your login credentials, passwords, and secret codes must remain strictly confidential, even when dealing with your bank adviser
  • Create strong passwords — At least 12 characters with uppercase, lowercase, numbers, and special characters. Use a password manager if needed
  • Enable two-factor authentication (2FA) on all your bank accounts — This is a highly effective additional protection
  • Check your accounts regularly — A weekly check allows you to quickly detect any anomaly
  • Enable instant notifications — Receive an SMS or email for each transaction

Adopt the right attitude towards QR codes

QR codes are convenient, but now require heightened vigilance:

  • Never scan a QR code received by postal mail without prior verification with the purported sender
  • Be wary of QR codes on stickers in public spaces (car parks, charging stations) — they may conceal the legitimate code
  • Check the URL before entering information — After scanning, look at the website address that appears
  • Prefer manual entry — When in doubt, type the official website address directly
  • Use a secure scanning app that previews the URL before opening the link

Secure your devices

  • Keep your operating system and apps up to date
  • Install a reliable antivirus on your smartphone and computer
  • Limit the permissions granted to third-party apps
  • Never save your banking details on merchant websites
  • Use a secure Wi-Fi network for your banking transactions

Actions being taken to protect you

Faced with the scale of this threat, the authorities and the banking sector are not standing idle. Several measures have been implemented or are being deployed:

Number Authentication Mechanism (MAN)

Deployed at the end of 2024, this system requires telephone operators to automatically cut off unauthenticated calls using a French number. This effectively combats “spoofing” (number usurpation) used in fake bank adviser scams.

IBAN-name verification

Since October 2025, banks automatically verify the consistency between the IBAN entered and the beneficiary’s name before sending a transfer. An alert message is displayed if an inconsistency is detected.

National fraudulent IBAN file

Planned for 2026, this system will automatically block transfers to bank accounts flagged for fraud, thereby creating a collaborative database to protect all users.

National awareness campaign

The Ministry of the Economy, the Banque de France, and the French Banking Federation have launched a major campaign with a clear message: “Codes, passwords and banking credentials: NEVER GIVE OUT THIS DATA”.

Resources and useful contacts

If you encounter a problem, several official platforms are at your disposal:

Platform Purpose Contact
MaSécurité Report fraudulent letters and scam attempts masecurite.interieur.gouv.fr
Pharos Report illegal content on the internet internet-signalement.gouv.fr
Cybermalveillance Assistance and advice in case of cyberattack cybermalveillance.gouv.fr
Info Escroqueries Free hotline to report a scam 0 805 805 817 (free)
Perceval Dedicated platform for bank card fraud perceval.interieur.gouv.fr
Card opposition Unified opposition service 24/7 0 892 705 705

Key takeaways

The fake bank card scam perfectly illustrates the evolution of cybercrime: fraud is no longer technical but psychological. Scammers no longer attack systems, but directly target people, by exploiting our natural reflexes of trust and urgency.

Your best protection? Knowledge, vigilance, and taking time to think before acting.

In conclusion: stay vigilant, stay informed

This new scam reminds us of a fundamental truth: in today’s digital world, caution is not paranoia — it is wisdom.

Scammers invest time and money to create ever more sophisticated schemes. They count on our trust, our haste, and our lack of information. But we have a formidable weapon against them: knowledge.

Now that you know how this scam works, you are equipped to recognise and avoid it. But that is not enough. Share this information around you. Your parents, grandparents, friends, colleagues — everyone can be a target.

Elderly individuals are particularly vulnerable. According to statistics, they are less often victims than young people (44% vs 54%), but they feel their vulnerability more acutely. Take the time to explain this scam to them, show them the warning signs.

💪 Three reflexes to develop now

  1. The pause reflex — When faced with an urgent message, take 5 minutes to think. Genuine banking emergencies are extremely rare.
  2. The verification reflex — If in doubt, contact your bank directly through the official channels you already know.
  3. The sharing reflex — If you spot a scam, warn those around you. Your experience can protect others.

Remember: no bank will ever send you a bank card as a surprise with a QR code to scan. If you receive this type of letter, it is a scam. Full stop.

Stay vigilant, stay informed, and never hesitate to verify. Your money and personal data are worth it.

Did you find this article useful? Share it with those close to you to help them protect themselves. Together, we can reduce the impact of these scams.

1521 2281 max

Need Personalized Legal Advice?

Don’t face your questions alone. A lawyer can call you back for free to review your situation.

Be Contacted by a Lawyer

Need Personalized Legal Advice?

GDPR:

Similar Articles

chèque de banque falsifié vente de véhicule

Bank Liability and Wire Transfer Fraud: The RIB Anomaly at the Heart of the Duty of Vigilance – CA Pau, 2e ch. sect. 1, 19 January 2026, No. 24/01687

The ruling delivered by the 2nd chamber of the Court of Appeal of Pau on 19 January 2026 (No. 24/01687) provides an interesting illustration of ...
assets task 01jx2gy7cxe8nbdkeydqgszsms 1749210393 img 1

Agreement Between Lender and Borrower: A Bar to Judicial Review? Not So Fast!

In the field of consumer credit, it is common for lenders and borrowers, when facing difficulties, to attempt to find an amicable solution, often formalized ...

emxn1y8qxwogdxbsb2fkeg55bgfilxn0dw50lxnncbpfa2xpbmcvdy1jadmtwdljvxlsqvbinepjag1udy8zedjfqv9yzwfsaxn0awnfyw5kx2vszwdhbnrfymxhy2tfyw4ucg5n

Consumer Credit: Early Repayment Does Not Preclude Nullity of the Agreement – Cass. civ. 1ere, 5 Nov. 2025, No. 24-16.652

Can a consumer credit agreement already repaid be annulled? The ruling delivered by the First Civil Chamber of the Court of Cassation on 5 November ...