Tuesday, 23 July 2013

Shutting Down a Payza Scam

The Citadel Trojan was a major Payza scam that stole over $200 million dollars from people and their financial institutions. But with Payza’s help, authorities in the U.S., U.K., and Vietnam were able to take down the 11 cybercriminals behind the virus, and bring them to justice. Unfortunately, many people sustained damage so that the rest of us could learn some valuable lessons about internet safety. This article also contains some useful safety tips. 

Have you heard of the notorious Citadel Trojan? If you haven’t, you must have been visiting another planet because this Payza scam caused some big waves in the payments and financial industries. The version of the Citadel Trojan discussed in this article was a nasty virus that infiltrated millions of computers around the world, recruiting them into a botnet controlled by 11 cybercriminals. Once a computer has been infiltrated by this virus, the computer’s user would see a mirror of the Payza website whenever they wanted to log in to their account.

However, it actually was not the real website, but a Payza scam website. Rather than see the usual Payza log in page, the user would see another field in which to enter their Transaction PIN. What the user did not know was that they were giving over their username, password and PIN to the cybercriminals behind the Trojan. With this information, they would have access to the user’s funds and personal information. This was identity theft at its most deceitful.

But this Trojan was drawing just too much attention to itself, and eventually got caught. Along with the FBI in the United States and authorities in the United Kingdom and Vietnam, Payza’s own anti-fraud team was able to gather enough intel on the Trojan and help these organizations bring them to justice. After a full investigation, 11 cybercriminals involved in a major worldwide fraud ring that stole over $200 million were arrested and prosecuted for their Payza scam.

Unfortunately, many people were turned into proverbial sacrificial lambs as a result of this Payza scam as lessons can be learned from this incident. In that vein, there are several things you can do to protect yourself from Payza scams like this one, as well as email scams and the like:

  1. Install anti-virus and firewall software on your device, be it a desktop, laptop, tablet or smartphone. There are a lot of free options out there, so find one that offers protection against viruses. They are easy to install, and usually update automatically. Doing this simple task can mean the difference between safety against Trojan infiltration or total vulnerability. AVG is a good free anti-virus software option. You can even download free apps for your tablet and smartphone.

  2. Don’t click on links in emails. This is one of many ways to open up your computer to viruses, and hence to Payza scams like the Citadel Trojan. If you get a legitimate email from Payza, it is important to note that they will never ask you to click on a link to log in to your account. They will provide instructions. This is just safe internet practice.

  3. Don’t open emails from unknown senders. When you receive an email, hover your mouse over the sender to see who sent it. The email address from whence it came should be displayed somewhere on the screen. If you do not recognize the sender, it is best not to open the email at all as this is a good way to give your computer a virus.

  4. Never hand out personal information to solicitors. If someone or an organization solicits information by email such as banking details, passwords, PINs, social insurance/security numbers, addresses, phone numbers, birthdays, and more, do not give them what they are asking for. If you call or email them, and they ask for some of this information to check your identity, that is generally ok, but if they ask for it out of nowhere, and it seems fishy to be doing so, just don’t do it.

If you put these tips to good use, you can protect yourself from a lot of harm caused by potential Payza scams whether they are in the form of a Trojan virus like the Citadel or whether through less sophisticated email phishing schemes. Stay safe and happy browsing!


  •  Learn how to protect yourself from Payza scam, check out Payza signs of a phishing attack.