Phishing and identity theft: what you need to know and how to stay alert

“Phishing” is when someone tries to contact you pretending to be from a legitimate organization (Payoneer, in our example), and asks you to provide sensitive account information, in an attempt to access your account without your authorization. Here’s what you need to know about phishing and what you can do to prevent it.

Signs you may have received a phishing email:

If you receive an email from a website or company urging you to provide confidential information, such as a password Credit Card details or Social Security number, you might be the target of a phishing scam. But when you are using an online financial service like Payoneer, it can be hard to tell the difference.  The tips below can help keep you safe against phishers.

1. Unofficial “From” address. Look out for a sender’s email address that is similar to, but not the same as, Payoneer’s official email address. Fraudsters often sign up for free email accounts with company names in them (such as “PayoneerCustomerCare@yahoo.com”). These email addresses are meant to fool you. Official emails from Payoneer always comes from an “@payoneer.com” email address.
2. Urgent action required. Fraudsters often try to get you to react immediately to an email message. Yes, sometimes Payoneer asks for personal information to ensure your account security (the irony isn’t lost on us); however, it’s important to be wary of emails containing phrases like “your account will be closed,” “your account has been compromised,” or “urgent action required.” If you have received an email like this, please contact check the links and or URLs.  If in doubt, contact Customer Care.
3. Nameless greetings. Fraudsters often send bulk emails based on an email list they acquired or purchased. when you sign up to Payoneer, we ask for your name, and that means we use it in our emails. Be skeptical of an email sent with a generic greeting such as “Dear Customer” or “Dear Member”.
4. Link to a fake web site. To trick you into disclosing your username and password, fraudsters often include a link to a fake website that looks like (sometimes exactly like) Payoneer”s login page. This is a particularly deceptive approach and requires you to be savvy before entering your details.

Can you spot the problems with these phishing examples?

Example phishing email

• For starters, there’s no greeting.  That’s just not our style!
• Additionally, our buttons work! If you see an email with a button AND an additional URL option, contact Customer Care.
• Next, (we have to admit that these fraudsters were clever!) – they typed out a URL that looks fine, but if you mouse over it, you can see that the location of the actual URL is different!  Notice that the real version has “.pl/” after Payoneer.com, which means that it’s actually a different domain.  All Payoneer URLs will be formatted as follows:  https://www.payoneer.com/information.  There is always a forward slash after “.com”, and the next information should be the name of the page.

Phishing link vs Payoneer secure link

• Payoneer’s login pages are secured by https, the secure version of http, meaning that all communications between a user’s browser and Payoneer’s website are encrypted.  If a user’s taken to a Payoneer login page that ISN’T https-secured, something’s amiss and users should take caution.

If you have any other tips to share or have any questions, please contact the Payoneer support team. We are available via email, live chat, phone, Twitter, and Facebook to answer your questions.