Share
FRANCE PHISHING GUIDE

EDF and Enedis power-cutoff SMS scam in France 2026: is the energy-bill text real?

A text lands at 8 in the evening. "EDF: facture impayée. Coupure de votre électricité sous 24h. Régularisez ici." There is a link. Your stomach drops. Before you tap it, read this.

SafeBrowz Threat Research Security ResearchJune 28, 20269 min read

Is the EDF power-cutoff SMS real?

Verdict: no. An SMS or email from EDF or Enedis threatening to cut your power in 24 hours unless you pay through a link is a phishing scam. Real EDF never warns of an unpaid bill by SMS with a payment link. A genuine cutoff procedure starts with letters by post and gives you weeks, not 24 hours, to react. The only real sites are edf.fr and enedis.fr, and Enedis confirms it never asks for your bank details by phone or email. Do not tap the link. A lookalike like edf-paiement-facture[.]com is fake. To check, open a new tab and type edf.fr yourself, or sign in to your espace client.

The Headline

Fake EDF and Enedis texts claim your electricity will be cut within 24 hours for an unpaid bill, then push you to a cloned payment page that harvests your card or bank details. A second version dangles a fake chèque énergie refund. Real energy-bill warnings arrive by post, never as a panic SMS. The only legitimate domains are edf.fr, enedis.fr, and for the energy voucher, chequeenergie.gouv.fr.

Why energy-bill scams land so easily in France

Everyone in France has an electricity bill. EDF alone serves the large majority of households, and Enedis manages the meters and the physical grid for nearly the whole country. So a message about your electricity feels personal and plausible in a way a random "package" text does not. You probably do have a bill. You probably are not 100 percent sure it was paid.

The scam leans on one fear above all others: sitting in the dark. A cutoff "within 24 hours" is concrete and frightening. It turns an ordinary administrative worry into an emergency, and emergencies shut down the careful part of your brain. People who would never enter their card number into a random site will do it when they think the fridge is about to go off and the kids come home to a cold flat.

There is a second hook. Many French households genuinely receive the chèque énergie, a state voucher that helps pay energy bills. So a text saying "your chèque énergie of 248 EUR is ready, confirm your details" feels just as believable as a threat. Same machinery, opposite emotion. One scares you, the other tempts you. Both end on a page that steals your data.

How the fake EDF and Enedis scam actually works

The scam runs in a few flavors, but they all funnel you to the same place: a cloned page that captures card or bank credentials.

The cutoff SMS. A text arrives, often from a French mobile number or a spoofed short code, reading something like "EDF: votre facture de 47,80 EUR est impayée. Sans règlement sous 24h, coupure de votre alimentation. Régularisez: [lien]". The link points to a domain that looks energy-themed but is not edf.fr. You land on a page styled in EDF blue and orange, with the logo lifted straight from the real site, asking for your client number, then your card number, expiry, and CVV.

The chèque énergie refund. An SMS or email says a voucher is available and you must "confirm your bank details to receive it". The page imitates a government site. The French state only ever uses the .gouv.fr ending, so anything like chequeenergie-gouv[.]com or aide-energie-france[.]fr is a fake by definition. Only chequeenergie.gouv.fr and guichet.chequeenergie.gouv.fr are real.

The follow-up call, now with an AI voice. Enedis warned in early 2026 about a wave of fraudulent calls in which people pose as Enedis or an Enedis "partner". Reporting through 2026 describes some of these calls using AI voice synthesis: the voice pauses, hesitates, and reacts to your answers like a real agent, reading from a language model rather than a fixed script. The aim is the same, to extract personal and banking data under the cover of a fictional partnership. Enedis is blunt about it: the company does no commercial canvassing and sells no product or service.

The fake home visit. Some fraudsters go door to door wearing a fake badge, claiming to be from Enedis or a partner, to get into your home or push a bogus "device". A real Enedis technician has a verifiable identity, and Enedis never sells anything at your door.

Once your card is captured, the attackers run small test charges within minutes, then drain the account or resell the data. Some variants add a fake "3D Secure" screen that asks you to copy a code your bank just texted you, which lets them authorize a much larger payment in real time.

The exact phrases the texts use

Once you have seen them, they jump out of any inbox. Real EDF and Enedis messages do not talk like this.

  • "Facture impayée - coupure sous 24h" as the opening line
  • "Régularisez votre situation pour éviter la coupure" next to the payment link
  • "Votre chèque énergie est disponible, confirmez vos coordonnées bancaires"
  • "Un technicien Enedis doit intervenir, confirmez votre rendez-vous ici"
🛡 LIVE CHECK

Test a suspicious link right now

Got a phishing text claiming to be EDF or Enedis? Click any red-dotted domain above, or paste your own suspicious link. Our 3-layer engine (Local + APIs + AI) returns a verdict in ~3 seconds. Free, no signup.

Full scan with deep AI analysis → · No URL is logged to your identity.

The wording feels official because the scammers copied real templates, but the rhythm is off. Real EDF and Enedis communication is dry and procedural. It does not run a 24-hour countdown, it does not mix administrative language with marketing urgency, and it never sends you a payment link in a text. A real EDF message points you to your espace client on edf.fr or to a posted letter, not to a "régularisez ici" button in an SMS.

What a real EDF cutoff actually looks like

This is the part to memorize, because it dismantles the whole scam in one stroke. The real procedure is slow, written, and arrives on paper.

Real warnings come by post, with a notice period. When a bill is genuinely unpaid, your supplier sends a first letter, and the law sets minimum delays before any reduction or suspension of supply. EDF's own guidance describes letters by post, and the regulated process gives you at least 30 days of notice, not 24 hours. A genuine overdue-bill warning lands in your physical letterbox or your espace client on edf.fr, never as a sudden SMS with a link.

EDF no longer fully cuts the power for an unpaid bill. Since the end of 2021, EDF has stopped outright disconnections for unpaid bills for residential customers. Instead of leaving you with nothing, EDF asks Enedis to reduce your supply to a minimum power level so you can still light a room, run a fridge, and charge a phone while you sort out the bill. So a message threatening to plunge you into total darkness "in 24 hours" is, on its face, not how EDF operates.

The trêve hivernale freezes everything in winter. From 1 November to 31 March, the winter truce legally prevents your supplier from cutting electricity or gas for unpaid bills. If a "coupure sous 24h" text reaches you during that window, it is impossible under French law, which makes it an obvious fake.

Enedis never collects money or bank details. Enedis runs the network and the meters. It does not sell you anything, does not handle your bill payment, and will never ask for your bank or card details by phone or email. If someone "from Enedis" wants payment, it is a scam, full stop.

Lookalike URLs to watch for

These are the kinds of domains energy-bill phishing campaigns use. The list is illustrative (attackers register new domains every day), but the pattern is always the same: bolt EDF, Enedis, "facture", or "energie" onto a non-official TLD, or hyphenate a real address so the genuine domain is buried.

  • edf-paiement-facture[.]com (real is edf.fr)
  • edf-regularisation[.]fr (EDF does not use a "regularisation" payment domain)
  • enedis-intervention[.]com (Enedis does not take payment or bookings on a .com lookalike)
  • facture-edf-impayee[.]net (real EDF uses edf.fr, not a .net lookalike)
  • chequeenergie-gouv[.]com (the state only uses .gouv.fr, so only chequeenergie.gouv.fr is real)
  • aide-energie-france[.]fr (no such official energy-aid service)

If you ever hover a link in an energy-bill message, the preview at the bottom of your browser shows the truth. If it is not exactly edf.fr, enedis.fr, or chequeenergie.gouv.fr, do not click.

Red flags: how to spot it in 30 seconds

  • A 24-hour cutoff threat. Real cutoffs follow a written notice period measured in weeks, not a one-day countdown.
  • A payment link inside an SMS. EDF does not collect overdue payments through a text link.
  • The URL is not edf.fr, enedis.fr, or chequeenergie.gouv.fr. Hyphens and .com or .net endings are hostile.
  • "Enedis" asks for money or bank details. Enedis never handles payment or asks for card data.
  • The message arrives during winter (1 Nov to 31 Mar). A cutoff for unpaid bills is legally barred in that window.
  • The page asks for full card number and CVV on one screen. Real payment redirects to a secure bank gateway.
  • A caller pressures you and rushes you, even with a convincing human-sounding voice. AI voices now read these scripts.
  • A "technician" at your door wants payment or to sell a device. Enedis sells nothing door to door.

Any one of these is enough to bin the message. Two or more and you are looking at a confirmed phishing attempt.

What to do (the safe routine)

If you are worried you might actually owe something, do not click anything in the text or email. Open a new browser tab. Type edf.fr yourself and sign in to your espace client, or call EDF directly on the number printed on a real paper bill. Any genuine overdue amount will be visible in your account. If nothing is outstanding, the message was a scam.

For the energy voucher, only ever use chequeenergie.gouv.fr, typed by hand. The real voucher is sent automatically to eligible households; you never have to "confirm your bank details" through a link to receive it.

If someone calls claiming to be EDF or Enedis and pressures you, hang up and call back on an official number you looked up yourself. To verify a suspected Enedis impersonation, you can contact Enedis customer service on 09 70 83 19 70, a non-premium number. If a "technician" shows up at your door, ask for verifiable identification and do not pay anything or sign anything on the spot.

What to do if you already entered your details

Speed matters. The attacker may already be running test charges.

  1. Call your bank immediately and block the card. Use the opposition hotline on the back of your card or in your banking app.
  2. Dispute the transaction under PSD2. European payment law (Article L133-18 of the Code Monétaire et Financier) gives you up to 13 months to dispute unauthorized card transactions. Banks must refund unauthorized charges unless they can prove gross negligence on your part, and phishing fraud generally qualifies.
  3. Report it to Cybermalveillance.gouv.fr. The official French cybercrime platform gives you a written reference and next steps.
  4. File a formal complaint at your local commissariat or gendarmerie. Bring screenshots of the message, the fake URL, and any receipts. The plainte often helps push the bank refund through.
  5. Change passwords on any account tied to the email address you used. Leaked emails get reused across new phishing waves.
  6. Watch your statements daily for 30 days. Some attackers wait before running larger fraud.

If the bank refuses the refund, escalate to the ACPR (Autorité de Contrôle Prudentiel et de Résolution), which enforces PSD2 against French banks.

How to report the scam

Reporting protects the next person. Each step takes under two minutes.

  • Suspicious SMS or call: forward the text or report the number to 33700, the free national platform against unwanted SMS and calls.
  • Phishing site or wider fraud: report at cybermalveillance.gouv.fr under "Signaler une cybermalveillance".
  • Door-to-door or commercial fraud: report to the DGCCRF on signal.conso.gouv.fr.
  • Suspected Enedis impersonation: inform Enedis customer service on 09 70 83 19 70.
  • Cross-check official warnings: EDF publishes phishing alerts on edf.fr and Enedis on enedis.fr.

Updated June 28, 2026.

How SafeBrowz blocks this threat

SafeBrowz runs a 3-layer detection architecture: Local + APIs + AI.

  • Layer 1 - Local detection: 60+ URL patterns + 550+ brand-specific signatures (including French energy and government impersonation patterns like edf-{variant}.{tld}, enedis-{variant}.{tld}, and chequeenergie lookalikes that are not .gouv.fr) plus a community whitelist and blacklist, all running inside the extension before the page renders. EDF, Enedis, and chequeenergie.gouv.fr are in the brand database, so a lookalike payment page triggers a block before it can finish loading.
  • Layer 2 - API checks: aggregates Google Safe Browsing, PhishTank, URLhaus, ScamAdviser, and scam-TLD reputation to catch known malicious EDF and Enedis lookalike domains.
  • Layer 3 - AI deep scan (Premium): 100+ language content analysis recognizes French energy-page mimicry (EDF blue-and-orange branding, the Enedis logo, "facture impayée" and "régularisez" payment forms) and catches novel variants the moment they go live, before they appear on any blocklist.

Honest scope: SafeBrowz flags the cloned EDF or Enedis payment page before you type into it, on the browser extension for Chrome, Firefox, and Edge, and on the SafeBrowz Android app for links you tap on your phone, where these texts actually land. It cannot stop a live phone call or a person at your door, and it cannot claw back a card number you have already typed into a site you opened anyway. What it does is make the fake page not load in the first place, which is where the smishing chain breaks.

Detection signatures come from threat-intelligence research and brand database analysis, not from user browsing data. No per-user browsing history stored.

Block fake EDF and Enedis pages before you tap

SafeBrowz is a free browser extension for Chrome, Firefox, and Edge, plus a live SafeBrowz Android app, that blocks fake French energy and government payment pages automatically. It recognizes 550+ brands including EDF, Enedis, chequeenergie.gouv.fr, impots.gouv.fr, Ameli, La Poste, and more, all auto-blocked when a page tries to impersonate them. AI content analysis works in French and 100+ other languages and spots new phishing domains the moment they go live, even ones not yet on any blocklist. Free forever, no account needed.

Chrome Add to Chrome Firefox Add to Firefox Edge Add to Edge Google Play Get it on Google Play

Frequently asked questions

Is the EDF power-cutoff SMS real?

No. EDF does not warn you of an unpaid bill by SMS and never sends a payment link in a text. A real overdue-bill warning arrives by post or in your espace client on edf.fr, and the cutoff procedure gives you a written notice period of at least 30 days, not 24 hours. An SMS threatening to cut your electricity within a day unless you pay through a link is a phishing scam. Verify by typing edf.fr yourself or signing in to your account.

Does Enedis ever ask for payment or bank details?

No. Enedis manages the electricity network and the meters; it does not sell you anything, does not handle your bill payment, and will never ask for your bank or card details by phone, SMS, or email. Enedis warned in 2026 about a wave of fraudulent calls and door-to-door visits impersonating the company, some using AI voice synthesis. If someone "from Enedis" wants money or bank details, it is a scam. You can verify by calling Enedis customer service on 09 70 83 19 70.

Will my power really be cut in 24 hours for an unpaid bill?

No. Since the end of 2021, EDF no longer fully disconnects residential customers for unpaid bills; it asks Enedis to reduce supply to a minimum power level instead. The legal procedure also requires written notice by post over a period of weeks, and the trêve hivernale (1 November to 31 March) bars any cutoff for unpaid bills entirely. A "coupure sous 24h" text does not match how EDF operates and is a phishing attempt.

What are the real EDF and Enedis domains?

The only real domains are edf.fr for EDF and enedis.fr for Enedis. For the energy voucher, only chequeenergie.gouv.fr and guichet.chequeenergie.gouv.fr are legitimate, because the French state only uses the .gouv.fr ending. Anything like edf-paiement-facture[.]com, enedis-intervention[.]com, or chequeenergie-gouv[.]com is a fake.

Is the chèque énergie refund text a scam?

Treat it as a scam. The chèque énergie is sent automatically to eligible households and you never have to "confirm your bank details" through a link to receive it. A message saying your voucher is ready and asking you to enter banking details on a non-.gouv.fr site is phishing. Only use chequeenergie.gouv.fr, typed by hand, for anything related to the voucher.

Can I recover money paid to a fake EDF or Enedis site?

Often yes. Under European PSD2 rules and Article L133-18 of the French Code Monétaire et Financier, your bank must refund unauthorized card transactions unless it proves gross negligence on your part, and you have up to 13 months to dispute. Block your card immediately, file a complaint at your local commissariat, report to Cybermalveillance.gouv.fr, then dispute formally with your bank. If the bank refuses, escalate to the ACPR.

How do I report a fake EDF or Enedis message?

Forward a scam SMS or report a scam call to 33700, the free national platform. Report a phishing site or wider fraud at cybermalveillance.gouv.fr. Report door-to-door or commercial fraud to the DGCCRF on signal.conso.gouv.fr, and report a suspected Enedis impersonation to Enedis on 09 70 83 19 70. EDF and Enedis also publish current scam alerts on edf.fr and enedis.fr.

Related reading