Colissimo and La Poste scam text in France 2026: 5 variants and how to spot them

Why La Poste is the most-impersonated brand in France

La Poste delivers billions of parcels and letters a year through its Colissimo and Chronopost subsidiaries. Pretty much every household in France gets a real Colissimo tracking SMS at some point. That is the fact attackers exploit. When a smishing text lands in your inbox claiming a held package or a customs fee, your brain does not check whether you are expecting a parcel first. It checks the brand. La Poste, Colissimo, Chronopost: all real, all part of daily life, all trusted.

French law-enforcement agency Cybermalveillance.gouv.fr lists La Poste impersonation as the single most-reported phishing pretext in France, year after year. The 33700 SMS spam reporting line (operated by Association Francaise du Multimedia Mobile in cooperation with the four French mobile carriers) processes millions of forwarded scam texts every year, and the postal-delivery variant is by far the highest-volume category. Each individual scam attempt is cheap to send, but the conversion rate on "votre colis" texts is high enough that the campaigns just keep running.

That breadth of attack is the reason this article exists. If you are reading this, the odds you have already received one of these texts in the past 30 days are close to certain.

The 5 active scam variants

The wording rotates every few weeks as the four French carriers add new filter rules and as 33700 publishes new takedown lists. The underlying templates stay stable. If your incoming SMS matches any of these five, treat it as a scam by default.

Variant 1: Customs fee smishing (the most common)

Example text: "Votre colis est en attente. Frais de douane 1,99 € a regler: la-poste-suivi[.]com"

The fee is intentionally tiny. 1,99 € is small enough that you do not pause, large enough to feel like a real customs declaration on a low-value international parcel. The fake page looks like La Poste. The card form asks for number, expiration, CVV, address, and date of birth. The 1,99 € charge may post or may not. The card details then get sold within hours on dark-web markets. Higher-limit cards see direct fraud attempts within 24 hours.

What real La Poste does instead: real customs fees on international packages are paid in person at delivery to the postal worker, or invoiced through your account portal on laposte.fr if you have a registered account. Never by SMS link, never on a card form embedded in a text message.

Variant 2: Failed delivery rescheduling

Example text: "Votre colis Colissimo n'a pu etre livre. Cliquez pour reprogrammer: colissimo-frais[.]fr"

This one works because anyone who works during the day genuinely could have missed a delivery. The fake page asks for full address (for "redelivery"), phone number, and a 4,99 € "redelivery fee" charged to the card. The real Colissimo redelivery service is free and lives at colissimo.fr, where you log in and pick a new delivery date. Colissimo never charges for rescheduling. If a real delivery attempt failed, the postal worker leaves a paper notice (un avis de passage) in your mailbox with a tracking number you type into laposte.fr.

Variant 3: Address verification scam

Example text: "Adresse incomplete sur votre colis. Confirmez ici: suivi-laposte[.]info"

The fake page asks you to re-enter your full street address, postal code, city, phone number, and date of birth. Sometimes a card form attached "to verify identity." This variant is the most dangerous one for identity theft because the address bundle by itself is enough to open accounts in your name. Real La Poste does not need to "verify" an address that the sender wrote on the actual parcel. If an address is incomplete in reality, the postal worker leaves a paper avis and the parcel returns to the local sorting centre.

Variant 4: Parcel held / identity confirmation

Example text: "URGENT - La Poste: votre colis sera retourne a l'expediteur sous 48h sans confirmation. Verifiez votre identite: laposte-douane[.]com"

The urgency primitive is the trigger here. A clock that says 48 hours pushes you to click before you think. The fake page asks for an ID document upload (passport, carte d'identite, or permis de conduire), which the attacker uses for full identity theft. Some variants also ask for a card on top. La Poste never asks for ID documents over SMS. If a real package needs identity verification at delivery (rare, for registered mail or signature packages), the postal worker asks for the ID in person.

Variant 5: Chronopost express upgrade

Example text: "Chronopost: votre colis arrivera demain. Pour une livraison express aujourd'hui, payez 4,99 €: chronopost-livraison-fr[.]net"

The reverse pretext. Instead of threatening a problem, this variant offers a benefit (same-day express upgrade). The card form does its usual job. Real Chronopost shipping options are chosen by the sender at the time of dispatch and cannot be upgraded mid-transit by the recipient. There is no SMS-based pay-to-upgrade flow.

The exact French phrases scammers use

Memorise these. If your incoming SMS contains any of them with a link, it is a scam. There are no exceptions.

• "Votre colis est en attente de livraison. Frais de douane: 1,99 €"
• "Votre colis Colissimo n'a pu etre livre. Cliquez pour reprogrammer: [URL]"
• "URGENT - La Poste: votre colis sera retourne a l'expediteur sous 48h sans confirmation"
• "Chronopost: colis arrive au centre de tri. Confirmez l'adresse: [URL]"
• "Adresse incomplete sur votre colis. Confirmez ici: [URL]"

One memorable rule: a tracking SMS from real La Poste never contains a clickable link to pay anything. The real tracking SMS gives a tracking number in plain text plus a reminder to check laposte.fr. That is it.

The fake URLs in active rotation

Recognising the URL pattern is the most reliable defence. Real La Poste, Colissimo, and Chronopost only use a handful of official domains. Anything else is fake.

Currently active fake domains (do not visit):

• la-poste-suivi[.]com (hyphen between "la" and "poste")
• colissimo-frais[.]fr (real Colissimo never charges by SMS)
• chronopost-livraison-fr[.]net (real Chronopost uses .fr only)
• laposte-douane[.]com (real customs never paid by link)
• suivi-laposte[.]info (the .info TLD is a giveaway)
• colissimo-tracking[.]xyz
• laposte-colis[.]top
• chronopost-express[.]click
• Shortened URLs like bit.ly/laposte-colis or tinyurl.com/colissimo-fr

Real La Poste, Colissimo, and Chronopost only ever use these domains:

• laposte.fr (and subdomains like suivi.laposte.fr, www.laposte.fr)
• colissimo.fr (the only real Colissimo domain)
• chronopost.fr (the only real Chronopost domain)

Anything with a hyphen splitting the brand name, anything on a non-.fr TLD (like .com, .info, .xyz, .click, .top, .net for these brands), and anything routed through a URL shortener is a scam.

Red flags: 8 things to check in 10 seconds

• Hyphenated domain. Real La Poste is laposte.fr. Fake is la-poste-suivi.com. The hyphen is the giveaway.
• Wrong TLD. Real Colissimo and Chronopost use .fr. Fake variants live on .com, .info, .net, .top, .click, .xyz.
• Shortened link. Real La Poste does not use bit.ly, tinyurl, or t.co. If the link is shortened, it is hostile.
• Small payment ask. Real La Poste never asks for any payment over SMS. Customs is paid in person at delivery.
• Urgency clause. "Sous 48h" or "URGENT" pushes you to click before you check. Real La Poste does not use deadlines on SMS.
• Address bar after click. If you tap and the page loads, the URL bar in your browser shows the real domain. If it is not laposte.fr, colissimo.fr, or chronopost.fr, leave.
• ID upload request. Real La Poste never asks for a scanned passport or carte d'identite over SMS.
• Mismatched sender. Real La Poste tracking SMS comes from a 5-digit short code like 38600 or a named sender. Fakes come from random 10-digit mobile numbers or international numbers.

What to do when a suspicious SMS lands

Hang up the text. Do not tap the link, do not reply, do not call any number it lists. If you want to check whether a real parcel is on its way, type laposte.fr into your browser yourself, log in or use the tracking-number lookup, and verify there. If the parcel is real, the status will show on your account. If nothing shows, the SMS was fake.

For verified scam texts: forward the message free to 33700. The 33700 service is the official French SMS spam reporting line and is operated jointly by the four French mobile carriers. Forwarding takes 5 seconds and feeds into automated takedown of the source numbers. After you forward, also delete the original SMS so you do not accidentally tap it later.

If you have an account on laposte.fr and want to be extra safe, log into the account portal and check the "Mes envois" section. Real activity (incoming and outgoing parcels) shows up here in real time. If your portal is empty but the SMS claimed a delayed package, the SMS was fake.

What to do if you fell for it

Speed matters. The attacker may already be running your card. Order of operations:

1. Call your bank. Use the customer-service number on the back of your physical card, not any number from the SMS or page. Ask them to freeze the card and issue a new one. French banks process this same-day.
2. Dispute the charge under PSD2. The European Payment Services Directive 2 protects you against unauthorised card transactions. If you reported the loss promptly, the bank is required to refund unauthorised charges. Document the SMS and the fake page (screenshots help) so the bank has the evidence.
3. Change your online banking password. If the same password was used on the fake La Poste page (unlikely but possible if you have credentials reuse habits), the attacker may try it on your bank login. Rotate it.
4. Enable 3D Secure / strong authentication on your card. Most French banks now require this by default for online card payments, but check that the "secure online payment" option in your app is on.
5. Declare to Cybermalveillance.gouv.fr. The French national cyber-victim support service offers free guidance on next steps, including how to file with the police if the loss is large. The declaration is online and takes about 10 minutes.
6. Watch for follow-up phone calls. Attackers often call back later pretending to be the bank or the police, asking you to "secure your money" by moving it to another account. This second-stage attack (the faux conseiller bancaire scam, covered in our faux conseiller bancaire guide) is how the biggest losses happen.
7. If you uploaded ID documents, file a fraud-prevention block at the credit reference services and consider declaring identity theft at your local commissariat to get a recorded reference number you can use when disputing future accounts opened in your name.

How to report a fake Colissimo or La Poste SMS in France

France has the strongest scam-reporting infrastructure in Europe. Use all four channels for the highest impact.

• 33700. The free SMS spam line. Forward the scam text to 33700 from your phone. Operated by Association Francaise du Multimedia Mobile with the four French mobile carriers (Orange, SFR, Bouygues, Free). Forwarding is free and triggers automated takedown analysis. This is the single highest-impact step.
• signal-spam.fr. For phishing emails that follow the same script. Free reporting tool that feeds into national takedown.
• Cybermalveillance.gouv.fr. The national cyber-victim support service. Use this if you fell for the scam and need guidance on next steps. Includes a victim chat, fraud reporting forms, and police-filing assistance.
• DGCCRF (Direction Generale de la Concurrence, de la Consommation et de la Repression des Fraudes). The French consumer protection agency. Use signalconso.gouv.fr to file commercial-fraud reports.

You can also report directly to La Poste via the form at laposte.fr under "Aide et contact" then "Signaler une fraude." La Poste maintains a corporate takedown team that requests blocks of the fake domains through registrars and hosting providers.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

• Layer 1 - Local detection: 60+ URL patterns + 550+ brand-specific signatures including La Poste, Colissimo, Chronopost, plus typosquat variants (la-poste-suivi, colissimo-frais, chronopost-livraison-fr) + community whitelist/blacklist, all running directly in the extension before the page renders. The hyphenated-brand pattern that fake La Poste pages rely on is caught instantly.
• Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus, ScamAdviser, and 30+ scam TLDs for known malicious domains. Most active fake-La-Poste domains are flagged within hours of going live.
• Layer 3 - AI deep scan (Premium): content analysis in French and 99 other languages catches novel variants the moment they go live, even before the API providers update their lists. The model recognises the "frais de douane" + small payment form pattern even on a fresh domain it has never seen before.

Detection signatures come from threat-intelligence research and brand database analysis, not from user browsing data. No per-user browsing history is stored.

Updated

Last updated May 29, 2026. We refresh the active-URL list and variant phrasing every few weeks as 33700 publishes new takedown patterns.

Frequently asked questions

Does La Poste really send customs fee texts?

No. Real La Poste never asks for customs payment over SMS. Real customs fees on international parcels are paid in person to the postal worker at delivery, or invoiced through your registered account on laposte.fr. Any text claiming a customs fee with a payment link is a scam.

What is the real La Poste tracking URL?

The only real tracking lives on laposte.fr (with the lookup form on the homepage) or directly at suivi.laposte.fr/tracking/<tracking-number>. Colissimo tracking lives at colissimo.fr. Chronopost tracking lives at chronopost.fr. Every other URL is fake.

Is colissimo-frais.fr a real Colissimo site?

No. Real Colissimo is colissimo.fr with no hyphens, no additional words, and no other TLDs. The hyphenated variant colissimo-frais.fr was registered by attackers and is one of the most-reported fake-Colissimo domains in 2026. Other fake variants include la-poste-suivi.com, chronopost-livraison-fr.net, laposte-douane.com, and suivi-laposte.info.

What should I do if I paid a fake La Poste fee?

Call your bank immediately using the customer-service number on the back of your card. Have the card frozen and a new one issued. File a chargeback dispute under PSD2, which legally protects French consumers against unauthorised card transactions. Then declare the incident at cybermalveillance.gouv.fr for free victim support. Change any reused passwords. Watch for follow-up phone calls pretending to be the bank.

How do I report a fake Colissimo text in France?

Forward the SMS free to 33700. This is the official French SMS spam reporting line operated by the four mobile carriers. Forwarding takes 5 seconds and feeds into automated takedown. Also report to signal-spam.fr for the email equivalent, cybermalveillance.gouv.fr for victim support, and signalconso.gouv.fr for DGCCRF consumer-fraud filing.

Does Chronopost ever charge for upgrades by SMS?

No. Chronopost shipping options are picked by the sender at the time of dispatch. Recipients cannot upgrade a parcel mid-transit, and there is no SMS-based pay-to-upgrade flow. Any Chronopost text offering a paid express upgrade is a scam.