Secure online payments. How not to fall for hackers?

The National Research Institute NASK and experts from CSIRT KNF and the Central Office for Combating Cybercrime are preparing Internet users for Black Friday. In a series of guides published in November, they warn against possible threats lurking in the Internet.

Electronic payment services – fraudsters impersonate online services

The first guide published on the special websitebezpieczmiesiac.pl concerns electronic payment services. These are quite convenient tools that allow you to quickly transfer funds – most often when shopping online, but also when booking tickets, accommodation or other services. Thanks to them, we do not have to send money, for example, by standard transfer, and the confirmation is sent to the seller in just a few moments.

However, hackers often prowl wherever money is exchanged. Electronic payment gateways have therefore become the target of fraudsters trying to extort payment details or even money from Internet users. Most often, they try to do this by impersonating well-known payment services.

Experts emphasize that the most common fraud involves the preparation of websites trusted by payment operators. Fake websites can closely resemble the originals, so even a moment of inattention can be enough to make a big mistake.

However, hackers will always be betrayed by one element. This is another URL that appears in our browser bar. For a transaction to be secure, these must match the original site. Here are some examples of how fraudsters can impersonate popular payment gateways.

• PayU (https://payu.com). Fake: epayu.pl, e-payu.xyz, epayu24.com, ipayu.pl, inpost-payu.com, payu-24.pl, payu-bank.com, ssl-payu.pl;
• Transfers 24 (https://www.przelewy24.pl/) Fake: prezelevy.com, przelewy24-7.pl, przesyika24pl.fun;
• Tpay (https://tpay.com/) Fake: ttpay.com, secure.tpay.website.

As you can see, it is popular to replace the domain (.com with.pl and vice versa), misspellings in the name, additions such as 24 or bank or additions intended to gain our trust. For example, SSL is a protocol that secures data transmission.

How not to get scammed when paying online?

NASK specialists have also prepared special tips that will help ordinary users be more careful when making online payments. The Institute recommends:

1. Each time we verify the authenticity of the website where we make payments. If even a small detail in the address raises our doubts, we should immediately refrain from transmitting our data;
2. Verify that the payment page layout and formatting is correct. Hackers can imitate the layout of elements very accurately, but sometimes their templates may be missing some options. It is worth verifying the appearance on the supplier’s official website;
3. Securing your account with a good password and using additional secure login options. The data provided to hackers may give them access to our other accounts. Repeating passwords is very dangerous;

4. Regular verification of your bank account balance. If suspicious transactions appear on it, we should immediately contact our bank branch;

5. Be careful.Let’s provide our data only where it is really required. The less we share, the less chance of hackers taking over the information;
6. Careful clicking on links and attachments in emails. Links can lead to fake payment gateways, and infected files can take over the device or steal data.