An update on recent phishing activity

During the weekend of January 13 and 14, a small number of Payoneer customers in Argentina were victims of an organized fraud scheme that led to certain customers’ funds being stolen. Payoneer’s internal investigation into recent phishing scams impacting some customers in Argentina is ongoing, and we are working non-stop to help them recover funds where possible and to identify and help stop the criminal actors behind these scams. The situation was quickly contained, affecting approximately 100 customers.

At no point were Payoneer’s enterprise systems or platforms compromised. Rather, the fraudsters were able to access customer accounts through external vulnerabilities. In some cases, fraudsters lured customers to click on links to phishing sites and provide their account credentials. In some other cases, customers had their mobile lines or SMS content compromised, as recently happened in some countries in the region, where local mobile carriers identified this type of loophole on their networks. Payoneer took swift action to contain the fraud attempts and prevent spreading, switching the reset-password flow to mitigate further phishing attempts, and there have been no further cases reported since January 17th.

Although this incident did not involve any direct compromise of Payoneer’s platform, we are looking at ways to support customers who have been defrauded by the criminals. As we are working directly with affected customers, we do not anticipate having further public updates on this matter. We take fraud prevention very seriously and continue to work closely with regulators, mobile carriers, and law enforcement agencies to help combat financial crime. We encourage customers to remain vigilant against fraudsters and to educate themselves on how to keep their accounts safe and protect their confidential information.

Learn more about how to prevent phishing cases here.