Cyber Soldier | Software Engineer

17 May 2020

How I barely escaped a 50000PKR cyber fraud?

by Najam Ul Saqib

On the night of 16th May 2020 I got approached by a person online (as I do freelancing so I often deal with international clients), he was from Morocco he asked me that he wants me to make a bank transaction to one of his clients in Pakistan of 50,000PKR and for that he'll pay me 550$, when I asked the reason that why isn't he paying his client himself, he said that the client needs money instantly but client's Payoneer is not working well so he wants me to send his client money through the bank that's the reason he is ready to pay some extra bucks so that his client receives the money on time, that was a pretty good deal for me. I obviously asked him that first, you'll send me 550$ once I receive money from you I will make the bank transaction, he instantly agreed and asked me for my Payoneer ID.

I gave him my Payoneer ID, he asked me to wait for 5-10 mins to receive money in my Payoneer and well right after the mentioned time, he sent me a screenshot from his laptop, that was a legit Payoneer page, with the current transaction with my email and 550$ mentioned on it. But when I checked my email and Payoneer I had not received even a single penny. When I asked him, he said that it's Saturday so transactions take time, look it's completed from my side and I shared the screenshot with you as well. 

The screenshot he shared looked original, but I asked him to wait because I have received nothing, now he started to get violent that he wants the transaction to be done immediately that's why he trusted me so I should transfer 50000PKR to his client residing in Pakistan as well. Meanwhile, I received an email from Payoneer that I have received 550$ in my Payoneer account, I took a sigh of relief. But to double-check the case, I opened my Payoneer, and strangely enough, there was no amount in my Payoneer. I was confused about what is going on with me. 

It was pretty normal, that Payoneer takes time to load balance in your account but it appears in transaction pending section anyways, but there was absolutely nothing there. On the other hand, that person consistently asked me to make the transaction because now I have received the email from Payoneer as well.

I along with my brother decided to check the mail I had received from Payoneer just then if it looks fake or some phishing mail. and compared it with the previous emails I have had received from Payoneer in the past. Look at both of them yourself. Both were received from, both were encrypted and secure. Both were 99% the same in the layout as well. I couldn't find anything suspicious in the email I received from Payoneer. So I thought that I have received a mail from Payoneer's valid email ID and that should be enough proof. Payoneer itself cant do fraud its a big company and I should now make the transaction to the client as promised. 
550$ Email
550$ Email
Email Header of Legit Payoneer Mail
Email Header of 550$ Email

100% Legit Email (Received in Past)

I opened the app on my mobile to send money and was about to send but my brother persisted that I should look at the email once again and not send the money now. Well, it was a weird and stressful situation with that person constantly calling me to make the transaction, I receiving a legit-looking mail from Payoneer and no money showing up in Payoneer. It had happened with me in the past when Payoneer took some time to show balance in my Payoneer account so I thought this situation same as that. But upon a final investigation of the email, we found something bit unusual in the email I received from Payoneer stating 550$ money.
Original Email

550$ Email

The 550$ Payoneer email had a question mark logo on it with a message showing up "Gmail couldn't verify that actually sent this message (and not a Spammer)", I checked all the previous emails I once had received from Payoneer but none of them had this message on them. Woah, just when I was about to lose 50000PKR, by the grace of God, somehow I peeked onto this message by Gmail, (I don't know if Gmail was doubtful about the email then why it ended up in my inbox and not spam folder).

I asked the person that the email I received from Payoneer looks suspicious and now he got absolutely furious, trying to put on pressure and threatening me that he'll report me to the freelance community and Payoneer as a spammer, and then he blocked me.

To summarize it, I have never experienced such a real-looking social engineering attack before, as you can see yourself the two emails look exactly the same. There was just a minor difference between the emails which a person might ignore and not consider. If that message wouldn't have appeared from Gmail then I might also have ignored the Question Mark and made the transaction.

I intentionally have not blurred the email address of that scammer to expose him. I have contacted Payoneer on this and will update this article once I hear from them. Thanks and stay safe from such frauds. 

tags: phishing - social Engineering - cybercrime