The French 2-Step: Exposing a Multi-stage Scam Targeting the National Railway Company in France

Group-IB details a multi-stage scam targeting SNCF customers in France: attackers use leaked personal data to send timely phishing emails and host convincing fake SNCF websites that accept payments via legitimate processors (such as Stripe), then follow up with phone calls impersonating bank counselors to obtain IBANs, security codes, and authorize further fraudulent transactions. The report includes indicators of compromise (domains, email addresses, phone numbers), victim testimonials, analysis of attacker tactics and timing (aligned with French school holidays), and mitigation recommendations for organizations and individuals.