Quick Take

The CPF scam tricks French workers into spending their training balance on fake training organizations. Scammers call or text claiming your CPF will expire (it does not) and direct you to fake versions of moncompteformation.gouv.fr. Once you log in via the lookalike site, the fake training provider bills your CPF account for thousands of euros of nonexistent courses.

Why CPF is the perfect target for phishing

CPF stands for Compte Personnel de Formation. Personal training account. Every employee, apprentice, and self-employed person in France has one. The state and your employer top it up every year, usually 500 euros per year of full-time work, capped at 5000 euros for most people and 8000 euros for low-qualification workers. The money can only be spent on accredited training. You cannot withdraw it as cash. That last detail is exactly what makes it a phishing goldmine.

Because the money never touches your bank account, the loss feels abstract. People check their bank balance every week. Almost nobody logs into moncompteformation.gouv.fr more than once a year. By the time you notice the credit is gone, the fake training organization has already been paid by the Caisse des Dépôts and the trail is cold.

The Caisse des Dépôts, which runs CPF, paid out roughly 6 billion euros in training in 2022 alone. Cybermalveillance.gouv.fr has flagged CPF fraud as one of the top three consumer scams in France every year since 2020. Estimates from the official sources put total losses to fake training organizations between 2020 and 2024 in the hundreds of millions of euros. France Connect authentication, which became mandatory for CPF in October 2022, cut the volume sharply but did not kill the scam. It just made the social engineering more polished.

How the scam actually works (step by step)

There are two main entry points. The cold phone call and the SMS. The mechanics after the first contact are identical.

The phone call version. Your phone rings. The caller ID often shows a Paris number or a mobile number from your region. A friendly voice introduces themselves as a CPF advisor or a representative of a training organization. They tell you your CPF balance is about to expire on December 31 and you should not let it go to waste. They offer to enroll you in a free course (English, web design, project management, real estate licensing) paid for entirely by your CPF credit. They sound helpful. They are not.

If you agree, they walk you through a "registration" process. They ask for your full name, date of birth, social security number, and email. Then they send you a link to "finalize the enrollment." That link goes to a fake version of moncompteformation.gouv.fr. You enter your France Connect credentials. Game over.

The SMS version. A text message arrives. It looks short and official. Something like: "MCF: Votre solde de 3450€ expire dans 48h. Activez ici: bit.ly/mcf-cpf-fr". You tap the link. You land on a near-perfect copy of the real CPF portal. You enter your France Connect login. Game over.

Once they have your credentials, scammers log into your real CPF account and enroll you in a "training" run by a sham organization (organisme de formation, or OF) that they control or have paid off. The course is listed as completed within days, even though it never happened. The Caisse des Dépôts pays the OF directly, anywhere from 1000 to 8000 euros. The money lands in a bank account in France, often in the name of a shell company, and gets moved out within hours. Your CPF balance goes to zero. You find out months later when you actually want to take a real course.

The exact phrases scammers use

These are real lines pulled from complaints filed with Cybermalveillance.gouv.fr and signal-spam.fr. If you hear or read any of them, you are in a scam.

  • "Votre CPF expire le 31 décembre." Translation: your CPF expires on December 31. This is a lie. CPF balances do not expire. They roll over year after year and only reset to zero if you remove yourself from the workforce permanently or pass away.
  • "Profitez de votre solde CPF avant qu'il soit perdu." Translation: use your CPF balance before you lose it. Same lie, gentler phrasing. There is no "use it or lose it" rule on CPF.
  • "Formation gratuite financée par votre CPF." Translation: free training funded by your CPF. The word "gratuite" is the bait. If your CPF pays for it, you are spending your own money. It is not free. The training also does not exist.
  • "Mon Compte Formation, dernière chance." Translation: last chance. Pressure phrase. Real CPF communications never use last-chance language because there is no deadline.
  • "MCF: Votre solde de 3450€ expire dans 48h. Activez ici." The SMS template. The 48-hour clock is fake. The shortened link is the kill switch.

One memorable rule for the road: the real Caisse des Dépôts will never call you, text you, or email you about your CPF balance. They wait for you to log in. If someone reaches out first, it is a scam.

Common lookalike domains to recognize

Real CPF lives at exactly one address: moncompteformation.gouv.fr. The .gouv.fr suffix is a closed top-level domain reserved for French government agencies. Nobody outside the state can register a name there. Anything else is fake. Here are the patterns SafeBrowz sees most often in the wild:

  • moncompteformation-cpf.com (hyphen, then .com instead of .gouv.fr)
  • mon-compte-formation-cpf.fr (hyphens between every word, .fr suffix that looks french but is not state)
  • mcf-france.com (initials only, generic .com)
  • cpf-gouv-fr.net (the giveaway: real gouv is the actual TLD, not part of the name)
  • mes-formations-cpf.com (rebranded to "my trainings" to feel softer)

The only mental check you ever need: scroll your eyes to the end of the domain before the first slash. If those last six characters are not .gouv.fr, close the tab.

Red flags: how to spot it

  • Anyone telling you your CPF balance "expires" on a specific date. CPF balances do not expire.
  • An unsolicited phone call offering free training paid by your CPF. Real training providers do not cold-call. The official platform is opt-in.
  • An SMS with a shortened URL (bit.ly, tinyurl, t.co, ow.ly). The real Caisse des Dépôts never sends shortened links.
  • A page that looks like Mon Compte Formation but the address bar does not show moncompteformation.gouv.fr.
  • Pressure to act in 24 or 48 hours. CPF has no deadlines. Slowness is your friend.
  • A request to share your France Connect login over the phone or by email. France Connect logins are entered only on government sites, never given to a third party.
  • A "free" course where you do not have to do any work. Real CPF training requires attendance and assessment.
  • The training organization wants your bank RIB. Real CPF training is paid by Caisse des Dépôts directly to the provider. You never pass on bank details.

What to do if you fell for it

If you entered your France Connect credentials on a fake site, or if you spot a training enrollment you did not authorize, act in this order. Time matters.

  1. Log in immediately to the real moncompteformation.gouv.fr by typing the address yourself. Do not use any link from email or SMS. Check your dossier section for any enrollment you do not recognize.
  2. Cancel the enrollment if it has not yet been validated. CPF gives you a withdrawal window. You can refuse a training within 4 working days of enrollment with no penalty. Use the cancellation button in the dossier page.
  3. Contact the Caisse des Dépôts via the official support form at moncompteformation.gouv.fr (Assistance section) or call 09 70 82 35 51 (the official support number, free from a landline). Explain that you were tricked and request a fraud investigation.
  4. Change your France Connect password through whichever identity provider you used (Impots, Ameli, La Poste, MSA, IN). If you used Impots, go to impots.gouv.fr and reset there. Same for the others.
  5. Turn on two-factor authentication on every France Connect identity provider that offers it.
  6. File a fraud complaint with Cybermalveillance.gouv.fr. They walk you through the process and refer you to a specialized service provider for free.
  7. File a police report (porter plainte). Go to your local commissariat or gendarmerie. Bring screenshots, the SMS, the call log, and the enrollment confirmation from your CPF dossier. A formal complaint is required if you want to pursue any recovery.
  8. Dispute with the Caisse des Dépôts in writing. Once you have a police report number, send a registered letter (lettre recommandée avec accusé de réception) to the Caisse des Dépôts asking for the fraudulent training payment to be reversed. Include the complaint number.

Recovery is not guaranteed but it does happen. The Caisse des Dépôts has reversed thousands of fraudulent payments since France Connect became mandatory, especially when the victim acts within the first month and the fake training organization is still under investigation.

How to report it

France has a strong reporting ecosystem for this exact scam. Use all of these. Each one feeds a different prevention system.

  • Cybermalveillance.gouv.fr: the central government cybercrime portal. Reports here feed police investigations and the national threat map.
  • Signal-spam.fr: report unwanted email and SMS. Backed by the French data protection authority (CNIL) and the police. Free Chrome and Outlook plugins make it one-click.
  • 33700: the SMS shortcode for reporting scam texts. Forward the spam SMS to 33700 and you will get a reply asking for the sender's number. Reply with the number. The operator coalition uses these reports to block scammers in real time.
  • ANSSI cert-fr: the national cybersecurity agency. For widespread phishing kits or compromised infrastructure, cert.ssi.gouv.fr accepts reports.
  • Caisse des Dépôts CPF support: 09 70 82 35 51 or the contact form on moncompteformation.gouv.fr. Critical for blocking the fake training organization at the source.
  • Pharos (internet-signalement.gouv.fr): the police platform for reporting illegal online content. Use for the fake site itself.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

  • Layer 1, Local detection: 60+ URL patterns plus 550+ brand-specific signatures run in the extension before the page renders. Mon Compte Formation and the Caisse des Dépôts are in the protected brand database, so lookalikes like moncompteformation-cpf.com, mes-formations-cpf.com, and cpf-gouv-fr.net are caught the moment the browser tries to load them. The .gouv.fr suffix check is hardcoded as a trust anchor: if a page is impersonating Mon Compte Formation but the host does not end in .gouv.fr, it is blocked.
  • Layer 2, API checks: server-side cross-reference against Google Safe Browsing, PhishTank, and URLhaus, plus a list of 30+ scam-heavy TLDs. Many CPF phishing kits get reported to PhishTank within hours of going live, so the second layer catches new domains before our local database is updated.
  • Layer 3, AI deep scan (Premium): 100+ language content analysis. Reads the page for the exact French phrases the scammers reuse ("votre CPF expire", "formation gratuite", "dernière chance") and flags impersonation even on first-seen domains that have never been reported anywhere. Works in Arabic, Mandarin, Spanish, and the other 100+ languages too, in case the scam ever localizes.

Detection signatures come from threat-intelligence research and brand database analysis. No per-user browsing history is stored.

If you handle your CPF through your work or for a family member who is not technical, install SafeBrowz on their browser. The first time they click a fake MCF link, the block page will save them three thousand euros and a year of paperwork. The free tier covers this fully. Premium is only needed for the AI layer.

Related French scams worth knowing

CPF fraud rarely travels alone. The same call centers run other French government impersonation scams. If you got the CPF call, you will probably get one of these next:

Quick reference: real vs fake

Print this. Tape it next to your computer if you handle CPF for anyone.

  • Real: moncompteformation.gouv.fr. The only address. Bookmarked manually.
  • Real: Caisse des Dépôts support 09 70 82 35 51, weekdays 9h to 17h.
  • Real: France Connect login (Impots, Ameli, La Poste, MSA, IN). Always entered on a .gouv.fr page.
  • Fake: any phone call, SMS, or email offering to "use your CPF before it expires."
  • Fake: any URL with hyphenated cpf, moncompteformation, or mcf in a non-.gouv.fr domain.
  • Fake: any training organization asking for your bank RIB on top of CPF funding.

Updated: May 29, 2026.

Block fake Mon Compte Formation sites before you click

SafeBrowz is a free browser extension for Chrome, Firefox, and Edge that blocks fake login pages automatically. It recognizes 550+ brands including Mon Compte Formation, Ameli, Impots, La Poste, and the major French banks, all auto-blocked when a page tries to impersonate them. AI content analysis works in over 100 languages including French and spots new phishing domains the moment they go live, even ones that are not yet on any blocklist. Free forever, no account needed.

Chrome Add to Chrome Firefox Add to Firefox Edge Add to Edge

Frequently asked questions

Does the CPF balance really expire?

No. CPF balances do not expire. They roll over from year to year. The only way the balance resets is if you permanently leave the French workforce or pass away. Any caller or message telling you to "use it before December 31" is lying. This is the single most common social engineering line in the CPF scam.

Is moncompteformation-cpf.com a real CPF site?

No. moncompteformation-cpf.com is a known lookalike domain used in phishing campaigns. The hyphen and the .com suffix give it away. The real Mon Compte Formation lives only at moncompteformation.gouv.fr. Anything else is fraudulent and should be reported to Pharos and Cybermalveillance.gouv.fr.

What is the real Mon Compte Formation URL?

The only legitimate URL is moncompteformation.gouv.fr. The .gouv.fr top-level domain is restricted to French government services. No private company can register a name there. If you are ever unsure, type the address by hand in your browser bar instead of clicking any link.

Can I recover CPF money lost to a fake training?

Sometimes, yes. File a police complaint (porter plainte) and contact the Caisse des Dépôts in writing as soon as you spot the fraudulent enrollment. The Caisse des Dépôts has reversed thousands of payments since France Connect became mandatory in October 2022, especially when the fake training organization is still under investigation and the victim acts within 30 days. Recovery is faster if you cancel the enrollment within the 4-working-day withdrawal window.

How does France Connect authentication protect my CPF?

Since October 2022, all CPF training enrollments require a France Connect login through Impots, Ameli, La Poste, MSA, or IN. This stops scammers from enrolling you with just your name and social security number. It does not stop the scam entirely though, because they still trick you into entering your France Connect credentials on a fake site. The protection works only if you keep your France Connect password secret and never enter it outside an official .gouv.fr page.

How do I report a CPF phishing call or SMS?

Forward scam SMS to 33700 (the French operator coalition reporting shortcode). Report scam emails and shortened links to signal-spam.fr. File a full incident report on Cybermalveillance.gouv.fr. For the fake site itself, report to internet-signalement.gouv.fr (Pharos). Each of these feeds a different prevention system, so use them all.

Want to test a suspicious link before you click it? Drop the URL into our free URL safety check tool. No login. No history kept.

For the deeper background on why phishing works on smart people, our piece on the six emotions phishing exploits is the best companion to this one. And if you want the global pattern that CPF fraud belongs to, see our guide to spotting fake Microsoft emails, which uses the same lookalike-domain checks at a worldwide scale.

Related coverage