Do you use Payoneer as a payment processor? If yes, then you need to be careful so you don’t lose your funds to fraudsters impersonating Payoneer Customer Care agents to defraud unsuspecting victims. These fraudsters attempt to steal personal account details by phishing.
Fake payment notification received on the 14th of November, 2017.
How fraudsters access the accounts of unsuspecting victims
An unsuspecting user on receiving this mail might fall victim by clicking either the “continue” button or the alternative hyperlink. This would redirect him/her to a page requesting personal account details like his/her username and password which would then be used by the fraudster to access and empty the user’s account.
How to avoid being a victim of such phishing mails?
Avoid clicking enclosed links without properly studying the mail to ensure its contents add up. For example, if you are not expecting a payment from any client, the mail might very well be a scam.
Other red flags that can be easily spotted based on the sample above are:
i. Mail does not disclose who is sending the payment (see genuine Payoneer payment mail below).
Genuine Payoneer payment notification
ii. Link to the fake site is masked to look like the real deal. Hovering (with your mouse) over both the “continue” button and the alternative hyperlink shows http://r4.payoneer.com.es/… as the page you’ll be redirected to as against http://payouts.payoneer.com… which the genuine Payoneer uses and which the mail sender has tried to mimic in the mail.
iii. Social links icons at the mail footer section may not be clickable (Payoneer would not likely forget to link these icons to their corresponding social pages).
FinTech companies like Payoneer have made it possible to send and receive money globally, thereby allowing freelancers and other entrepreneurs to take their businesses global and still get paid easily and almost instantly. Unfortunately, fraudsters have devised strategies like this to rip legitimate users off their funds. This necessitates these users to familiarize themselves with these strategies and how to best avoid falling victim to them.
What to do when in doubt
When in doubt of the authenticity of mails and even calls received, always remember to contact Payoneer customer care through mail, live chat, or calls for clarification to avoid loss of sensitive account details and funds.