CPF Scam: Why the deceptive advertising never ends

Your CPF balance has expired. Please fill in this form. Since 2020, this type of fraudulent SMS has been flooding smartphones. The goal of the message is mostly to encourage victims to spend the money from their Personal Training Account (CPF) on phantom training. In order to lure them into a trap, the criminals claim that the money they have acquired will disappear or they will dangle a profit (a sum of money, a pill…) next to the training.

These scams not only result in millions of dollars in fraud, but also damage the image of the device. The incessant spam, which also arrives in phone calls and to a lesser extent in emails, leads to a direct association in the collective imagination between Fraud and CPF.

The Covid epidemic at the origin of the wave of fraud

For the Caisse des dépôts et consignations (CDC), responsible for the system on behalf of the Ministry of Labour, Employment and Integration, spam is not only a financial problem, but also a reputational risk. ” If the entire ecosystem fails to stop the fraud, there is a risk that the long-term credibility of the system will be undermined. », recognizes me The gallery Laurent Durain, Director of Training and Skills, CDC Division of Social Policy.

The CPF was introduced in 2015 to replace the Individual Right to Training (DIF) and is funded each year by the Caisse des dépôts according to the hours worked by the beneficiary. This auto-created kitten can then be mobilized by its owner to afford training. At the time, the Valls government, the origin of the device, wanted to give decision-making power back to employees to address the shortcomings of corporate-managed DIF, which caused all sorts of difficulties.

Mobilized very little in the first five years, the CPF is beginning to find its audience in 2020 with 984,000 training courses attended, double the number of the previous year. This record will be surpassed again in 2021 with more than two million registrations for an apprenticeship, led by driver license learning and language courses. This sudden momentum marks the successful launch of the My Training Account website and application in late 2019, greatly improving the accessibility of the device for both users and training organizations. All you have to do is connect to the site, create your account and then make a request.

The problem ? Almost four months after this start, in March 2020, the curfew will come into force. As a result, training organizations that conduct their courses face-to-face are closing or outsourcing courses to keep them out. As online scams thrive all over the internet, Caisse des Dépôts sees its first wave of scams, phantom or botched training. Since then, she’s been working to fix the problem, fueled largely by cold calling.

Who can restrict spam?

If the CPF scams are so successful, it’s largely because the advertisers exploit an amazing vacuum: no one is clearly responsible for restricting spam via SMS, starting with the Caisse des dépôts, whose identity is being stolen. “Spam is not the responsibility of the Caisse des dépôts, which is only responsible for what happens within the My Training Account platform. It is important to clarify this point as any action we take against solicitation is a bonus to ours obligations emphasizes Laurent Durain.

Specifically, the organization has authority to issue instructions within the framework of its terms of use, which regulate the platform. It can dereference [bannir du site, ndlr] B. a fraudulent training organization, block current payments or even demand the refund of amounts paid. On the other hand, the CDC has no authority outside the platform and therefore cannot intervene on the Internet or on the mobile network through which the spam travels.

Should we contact the operators then? To limit SMS spam, we don’t have a solution at the moment », admits The gallery Deborah Caderon, CEO of Orange Telephone. This free application, free of ads and accessible to everyone, allows to detect abusive advertising calls. To achieve this, it mobilizes both a collaborative reporting system and an algorithm that detects abnormal behavior (1,000 calls in a day, calls lasting a single second, etc.). Its 900,000 users will receive an average of 13 spam calls per month in 2022, 2 more than 2021 and 5 more than 2020, especially with the increase in CPF fraud. Orange Telephone allows its users to block or ignore much of the door-to-door calls fairly effectively, but it doesn’t solve the problem of the flood of fraudulent SMS.

Limiting spam means taking a risk

In order to manage the SMS, another application would have to be deployed that could read the messages. But users would have to agree to read them. », sums up Déborah Caderon. Here she points out the main problem in the fight against SMS spam: the easiest way to detect them is to analyze the content of the messages, leading to an intrusion into the privacy of users, which is very heavily regulated by law. Faced with this legal and practical headache, operators with no financial interest or legal obligation remain cautious at the moment, despite user demand. ” We’re considering it, but such an application comes at a cost that’s difficult to justify at this time. ‘ adds Deborah Caderon.

If they can’t intervene at the end of the chain when the message is received, the operators could potentially intervene at the source of the problem by blocking the numbers sending the spam. But it’s not easy here either. ” The customer doesn’t have to justify why they buy a number and therefore we can’t stop spammers from taking numbers », remembers the head of Orange Telephone.

For its part, Bouygues Telecom points out that the numbers displayed by spammers are often the subject of spoofing, ie they disguise their real number with another by impersonating it. ” Our Action remains unduly limited: if we blacklist the number, d its phone services, if it is not the origin of this practice », Specifies the operator. To make matters worse, some calls come from numbers associated with foreign operators that are difficult to mobilize on French affairs.

Contacted by La Tribune, Arcep – the telecoms cop – says regulating spam is not within his remit. It merely recalls the existence of 33700, a spam reporting platform created in 2008 by Bouygues Telecom, Orange and SFR at the request of the authorities. But if this service makes it possible to identify fraudulent numbers, it only allows to keep the volume of spam to a minimum.

Sanctions against direct sellers, but a posteriori

If neither the CDC nor the operators can intervene, only the authorities remain. But again, they have few tools to restrict doorstep selling, which would amount to intervening before the crime is committed. ” Receiving an SMS can only be the beginning of a fraud attempt “ weighs heavily The gallery Thierry Pezennec, former head of Sirasco (information, intelligence and strategic analysis service on organized crime), a service of the criminal police. “The police only intervene after a report to Tracfin [le service de renseignement chargé de la lutte contre la fraude fiscale et le blanchiment d’argent, ndlr] or in a few cases due to strong suspicion”he adds.

Same story on the side of Directorate-General for Competition, Consumer Affairs and Fraud Prevention (DGCCRF), contacted by The gallery. When it performs upstream actions, it intervenes mainly after identifying the scammer. However, last year it included the issue of CPF fraud in its national investigation plan, which aims to protect consumers from deceptive commercial practices.

However, the authorities’ room for maneuver is all the more limited because breaking up the fraud networks is not always easy. ” You have to find the authors of the messages, those who send them, those responsible for money laundering… Since the scam is far away, the scammers are often abroad and use various techniques to cover their tracks. », sums up Thierry Pezennec. But what is at stake is such that it justifies the means: the amounts of fraud are not significant individually. But cumulatively we are talking about several tens of millions of euros in damages. »

Stop advertising at the source

Despite the observed impotence in the face of advertising, there are still ways to fight indirectly. The first is to dry up the phenomenon at its source by preventing the scams from being successful and by sanctioning those who direct them. In other words, reduce the temptation to cheat by increasing the risks and decreasing the potential rewards.

With this in mind, a steering committee to combat CPF fraud meets every month with representatives from the Caisse des Dépôts, the Ministries of Labor and Justice, the Police and the DGCCRF. ” The sense of impunity is gone ‘ thundered CDC’s Laurent Durain. The goal: to share expertise and information to catch scammers. This coalition prefers to remain discreet so as not to give scammers a chance to escape, but the first results are appearing in the public domain.

In June, The world narrated the trial of a fraudster in the court of Saint-Omer (Pas-de-Calais). The accused had attracted the attention of the authorities after she had paid herself 300,000 euros in dividends over 2 years through her company Happy Form. She sold office automation software training courses to CPF beneficiaries for several thousand euros. In exchange, the learners received a simple USB stick (at 6.90 euros) with a training kit, itself bought for 193 euros from a specialized company … The prosecutor’s office asked for a fine of 300,000 euros (ie the reimbursement of the collected totals) and thirty months in prison, including six farms against the fraudster.

At the same time, the CDC has tightened the access conditions on its platform for training organizations, thanks to a new official requirement since January 1st: the Qualiopi certificate. Issued after an audit, it guarantees the seriousness of the learning content. On April 1, the CDC removed from its platform 2,278 training organizations that had not received it.

Prevention, the best fortress

The other weapon on which everyone agrees is prevention. In other words, give victims weapons so they can protect themselves. If they don’t fall for it, the scammers won’t make any money and eventually drift off to other topics. ” Users must understand that when called about the CPF, they must hang up “, remembers Laurent Durain. To insist on the issue, the CDC launched a new prevention campaign in early July.

For its part, the Task Force for the Fight against Fraud – which brings together nine directorates from 5 ministries, including the DGCCRF and the DCPJ, but also the AMF, the Anssi and the Cnil – published the 3rd edition of the Prevention Guide that same month, dedicating a whole one for the first time Sheet the CPF scam.

But while the CDC emphasizes the role of users in combating fraud, they don’t want to burden victims in the event of an error. ” We have a reporting form. If it is filled out truthfully, we will credit the rights back. The goal is that users are not harmed by the advertisements that caught them “, reassured Laurent Durain.