Update October 27, 2017

Less than two months passed since we had published the original article about the culprits who arranged a phishing attack against us involving Payoneer payment notification system. And here we go again – yet another attempt.

It sure does seem that these guys, whoever they might be, paid attention to our previous article and to their "techno blunders" we pointed out in it, because their scheme has become even more sophisticated.

This time we received only one email from an auto-responder with a new title: "You have a pending Payoneer payment. Further action is required!" Not only did these phishing aficionados made sure that the email subjects prompts us to take an immediate action, they also took a payor name out of the body of the email – the exact first thing that caught our eye and rose our suspicious the first time.

Moreover, they went even further: Instead of simply inviting us to click on "Continue" button as they had done before, they obligingly added a note asking us to click on a certain URL "if clicking Continue fails". You can see all their "efforts" below:

payoneer phishing attack

If we had been careless enough to click on either the button or the link, we would have most probably said good-bye to both our login credentials and the money on our account.

As we have established strong work relationship with Payoneer, we will be contacting their Customer Support and notifying them about this new phishing scheme.

Original August 29, 2017

It is no secret that in today’s digital world phishing has been one of the most common security challenges. Both individuals and businesses have to face this challenge to make sure that their information is secure. Hereby, businesses, of course, constitute a particularly worthwhile target.

Unfortunately, we at Opinion Corp. have become a target of an elaborate phishing attack just this past weekend. We closely work with Payoneer, a well-known global payout platform, to resolve the issue.

Payoneer has a very efficient and transparent payment notification system. When getting paid through Payoneer, a payee receives two emails:

Email 1 – a notification that you received a new payment from your Payoneer account. In this email a payee is also asked to confirm the preferred loading method. This email usually comes from payouts@payoneer.com.

Email 2 – an actual confirmation that the payment has been loaded to the account that is sent from NoReply@payoneer.com.

The phishing masterminds who were trying to attack Opinion Corp. used a quite interesting approach. In the scam email they combined both standard Payoneer payment notifications in one, while almost flawlessly copying Payoneer’s layout and design (please see the screenshot of a phishing email we received below).

Phishing Attack On Payoneer

By clicking "Continue" button in this email you will be redirected to a page that asks for your login credentials. As soon as you enter them, the fraudsters will receive them and will be able to transfer money from your account to wherever they want.

Luckily for us, we quickly determined the fact that we neither work with nor expect payment from any "Eliza Flores" individual. We contacted Payoneer Customer Support immediately. Despite the fact that all this occurred over the weekend, Mollie Searle Benoni (Director of Sales & Partnerships) and Michael Davies (Client Service Manager) promptly responded to our request, confirmed the issue and took it under investigation: "…Thank you for bringing this to our attention, you made the right call inquiring with us first - it looks like a very sophisticated phishing attempt. Please do not click on the link or enter any of your sensitive information (e.g. password). I am forwarding to our Security team so they can investigate…"

Based on our experience with phishing this weekend, we would like to make the following suggestions to those who use Payoneer:

  • if you receive a similar email from Payoneer, DO NOT click on any links in the body of the email;
  • contact Payoneer Customer Support immediately;
  • if you are expecting to receive any payments through Payoneer, you might want to check your account via Payoneer website or mobile app.

If you wish to reach Payoneer via our site, you can do so by:

Please note that Payoneer monitors their reviews published on our site and responds to them. This is one the many financial scams that can hurt your bank account, we have put together a list of types of financial complaints that you should be aware of.

Be careful and stay safe.

While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal, medical, accounting, investment, or any other professional advice as individual situations will differ and should be discussed with an expert and/or lawyer.

See Also