In recent days dozens of Argentine users reported having been hacked into their accounts Payoneerthe virtual wallet that allows you to make online payments in different currencies and that gained popularity among “freelancers” who provide services abroad to receive money without having to settle payments at the same time. official exchange rate.
According to reports, the victims had been defrauded through a technique known as phishing or identity theft, widely used by cybercriminals to fraudulently obtain confidential information from users. The attack was apparently carried out through sending text messages (SMS), related identity verification system.
Virtual scams are growing through Instagram and Tik Tok
This was reported by the people who were hacked, first through the social network Reddit and then making complaints through “X” (ex Twitter). “You have received a payment from Payoneer for the value of USD 500, to accept it click on the link” and “This is your verification code, If you did not request it, visit the link“were some of the messages they said they had received.
“There are several reports of emptying of funds in Argentine accounts in Payoneer, a provider used by many to receive and store dollars they receive from abroad,” said journalist and programmer Maximiliano Firtman through a post on his social networks.
“There could be smishing, identity theft and some vulnerability via SMS,” he added. It should be clarified that the smishing is a type of attack that uses fake text messages to trick users into download malicious programs.
Movistar’s statement
The events caused the company Movistar issued a statement, explaining that “is not responsible of messages” sent by third parties.
“Movistar learned through publications on social networks that clients of the Company, who have accounts on the Payoneer platform, would have been scammed through receiving SMS that, through maneuvers of smishingthey captured his credentials from the aforementioned platform,” they indicated.
Movistar statement.
Along these lines, they clarified that, in any case, they have “taken preventive measures with those numbers from which some customers have reported having received such communications.” In addition to this company, hacks were also reported to customers of Clear, Tuenti y Personal.
At the moment there was no official communication from the side of Payoneeralthough they would have lost thousands of dollars in the affected accounts. At the same time, there is also the case of a user who had a total of $60,000 through cyber attack.
Although no further information is known about how the hack could have been committed, the main theory points to a active smishing campaign against the New York-based financial services company, using a fake domain called “alertaspayoneer.com”which has already been deregistered, already possible leaked database.
FP