Tuesday, 23 July 2013

Shutting Down a Payza Scam

The Citadel Trojan was a major Payza scam that stole over $200 million dollars from people and their financial institutions. But with Payza’s help, authorities in the U.S., U.K., and Vietnam were able to take down the 11 cybercriminals behind the virus, and bring them to justice. Unfortunately, many people sustained damage so that the rest of us could learn some valuable lessons about internet safety. This article also contains some useful safety tips. 

Have you heard of the notorious Citadel Trojan? If you haven’t, you must have been visiting another planet because this Payza scam caused some big waves in the payments and financial industries. The version of the Citadel Trojan discussed in this article was a nasty virus that infiltrated millions of computers around the world, recruiting them into a botnet controlled by 11 cybercriminals. Once a computer has been infiltrated by this virus, the computer’s user would see a mirror of the Payza website whenever they wanted to log in to their account.

However, it actually was not the real website, but a Payza scam website. Rather than see the usual Payza log in page, the user would see another field in which to enter their Transaction PIN. What the user did not know was that they were giving over their username, password and PIN to the cybercriminals behind the Trojan. With this information, they would have access to the user’s funds and personal information. This was identity theft at its most deceitful.

But this Trojan was drawing just too much attention to itself, and eventually got caught. Along with the FBI in the United States and authorities in the United Kingdom and Vietnam, Payza’s own anti-fraud team was able to gather enough intel on the Trojan and help these organizations bring them to justice. After a full investigation, 11 cybercriminals involved in a major worldwide fraud ring that stole over $200 million were arrested and prosecuted for their Payza scam.

Unfortunately, many people were turned into proverbial sacrificial lambs as a result of this Payza scam as lessons can be learned from this incident. In that vein, there are several things you can do to protect yourself from Payza scams like this one, as well as email scams and the like:

  1. Install anti-virus and firewall software on your device, be it a desktop, laptop, tablet or smartphone. There are a lot of free options out there, so find one that offers protection against viruses. They are easy to install, and usually update automatically. Doing this simple task can mean the difference between safety against Trojan infiltration or total vulnerability. AVG is a good free anti-virus software option. You can even download free apps for your tablet and smartphone.

  2. Don’t click on links in emails. This is one of many ways to open up your computer to viruses, and hence to Payza scams like the Citadel Trojan. If you get a legitimate email from Payza, it is important to note that they will never ask you to click on a link to log in to your account. They will provide instructions. This is just safe internet practice.

  3. Don’t open emails from unknown senders. When you receive an email, hover your mouse over the sender to see who sent it. The email address from whence it came should be displayed somewhere on the screen. If you do not recognize the sender, it is best not to open the email at all as this is a good way to give your computer a virus.

  4. Never hand out personal information to solicitors. If someone or an organization solicits information by email such as banking details, passwords, PINs, social insurance/security numbers, addresses, phone numbers, birthdays, and more, do not give them what they are asking for. If you call or email them, and they ask for some of this information to check your identity, that is generally ok, but if they ask for it out of nowhere, and it seems fishy to be doing so, just don’t do it.

If you put these tips to good use, you can protect yourself from a lot of harm caused by potential Payza scams whether they are in the form of a Trojan virus like the Citadel or whether through less sophisticated email phishing schemes. Stay safe and happy browsing!


  •  Learn how to protect yourself from Payza scam, check out Payza signs of a phishing attack.

Thursday, 18 July 2013

3 Ways to Spot a Payza Scam by Email

Scams come in all shapes and sizes, and they can happen anywhere, at any given time. They can happen on the street, in stores, on the bus, in the subway, on vacation, even at home. But one of the sneakiest kinds happens by email. If you are a Payza member or are thinking about becoming one, there is a special type of Payza scam that you should be aware of that cons people every single day.

Payza scams, although sometimes quite sophisticated, can be easy to catch if you know what to look for. To bolster you with a little knowledge, here are three dead giveaways in a Payza scam email that should send you running in the other direction:

1. The email address it came from. 


Did the email actually come from “[department]@payza.com? If the email came from any other email address, then you should not only disregard it, but should delete it immediately. An example of a Payza scam email address that is trying to mimic the real source could look a little like this: payza@hotmail.com or banking@email-payza.com. A real Payza email will come directly from payza.com and nowhere else.

A word of advice: check the email address, but do not click on any links, and avoid opening the email if you can. Some Payza scam emails may carry viruses that can infiltrate your computer, and give hackers access to your personal information, as well as control over your device.

Some of the less immediately* harmful ones are just asking you to reply with your banking or personal information under the guise of Payza. Either way, ignore and delete. (*These emails are still very harmful if you reply with the requested information; they just may not have viruses attached to them).

2. Grammar and spelling. 


Is the email professionally written, or is it riddled with errors of every kind: spelling, grammar, punctuation, upper and lower case letter issues? If the email just doesn’t sound right, and has any or all of the aforementioned problems, it’s probably best to ignore the email and just delete it as it might be a Payza scam email.

Real Payza emails will be written without typos, spelling and grammatical errors, or punctuation and stylistic problems.

Although this may seem benign to some people, the overuse of exclamation points can be the only red flag you need. If the email title states “URGENT!!! ACTION NEEDED!!!”, there is a high probability that it is totally bogus. Most professional companies will exercise proper use of punctuation

3. What it is asking you to do. 

If an email that appears to be from Payza is asking you to reveal your password, or click on a link to change it (even if the website looks exactly like Payza), or enter your banking and/or personal information either in the email or on a website (again, even if it looks just like the Payza website), it may very well be a Payza scam.

A real Payza email would never request your personal information or password and PIN. If Payza is requesting that you change your password for whatever reason, the email will instruct you to go to the website yourself and change it the usual way, not through a link in the email or by replying with your password to the email.

So, if you have received an email that has all of the above red flags, delete, delete, delete! Payza scam emails can cause some serious damage if you send back or enter any of your personal information, or even just click on a link. It’s better to ignore the email altogether, or call/email Payza directly and ask about it, just to be safe.

Learn more about how to protect yourself from Payza scam and other types of cybercrime, check out Payza signs of a phishing attack.