Online security has become one of the most important topic in online discussions. Advancement in technology is not only benefiting common person but hackers too. A major part of internet budget is spend on online security by big companies. Most of the times people become victims of online hacking by their own mistakes as they don't fully understand how to protect their online accounts and information. A couple of months ago, we wrote an article explaining the ways to keep your online information safe and secure. We have also discussed to identify email and phishing scams. Today I received genuine looking Email which was actually a phishing Email. I thought it appropriate to share with my readers.
I received an Email in the main image from Email address "email@example.com" which in first instance looks like a genuine Email but I was skeptical about its content. That's why I declared it a phishing scam.
Now I tell you how this Email is a scam. You might have noticed that I am addressed as "Dear Customer" in this Email. This is unnatural because I am a registered member at Payoneer so they have all my credentials including my name and Email address. Whenever I will receive any Email from Payoneer. It will be having my name inside it because the names are associated with Email addresses and automatically included in Email sending to that Email address.
There are also some other reasons but its not worth sharing them because they contain human errors and I fear if they are shared, same hacker may overcome those errors making it more difficult to detect phishing Email. Well, its not only the content of Email which indicates it scam but also the link in it also redirecting users to a site other than Payoneer. Although the hacker has made an almost genuine looking Payoneer login phishing page to steal usernames and password but it lacks somethings.
Watch both of these pages in following screenshots.
They are almost identical and at first glance a novice user can donate his Username and password to the hacker. The only thing from which we detect the fraud easily is the URL of fake web-page. As you can easily figure out that URL of original web-page is "https://myaccount.payoneer.com" which is only URL for logging in to Payoneer. The URL of fake webpage is very long and even more complicated. The hacker has tried to make a URL representing what he wants but a person must note that the final domain included in this URL isn't "Payoneer.com" but "homestylists.com.au" which has nothing to do with Payoneer.
Another difference between these pages is of SSL/HTTPS certificate. Watch a Padlock icon in URL bar of actual webpage and note that URL starts from HTTPS which ensures encryption and security of data which is transmitted between servers. Encryption makes it guaranteed that data which you are entering in webpages is secure and no one can read it.
However we doesn't see anything like this in Phishing page which indicates lack of trust in that page.
That's the end. I have tried to present a live example of online phishing scams and hope that you understand it fully and don't loose anything online by committing small mistakes. Stay tuned with us for more updates.