“We lost our startup capital, partly due to a phishing attack and partly due to security and ethical flaws on Payday”
“When it happened, I had an adrenaline rush and thought to myself, I’m done for. I’m a tech bro. So, instantly I knew it was a phishing attack. I tried to login in but my password had been changed by the hijackers. I initiated a reset password immediately but my balance was zero when I logged in. Within five minutes everything was gone. It happened so fast,” Joshua Igba narrated to Technext.
Joshua’s story of “doomsday” begins on March 25, 2023, two days before Payday opened a Telegram channel on March 27 to resolve complaints and bring the platform closer to users. He and his team had earlier considered Payday as a reliable alternative to Access Bank’s dollar card that wasn’t working.
So, he opened an account with Payday.
By 8 PM, “We lost our startup capital on the Payday app, partly due to a phishing attack and partly due to security and ethical flaws on Payday.” But, his team were not going to shrug their shoulders over this.
So, on June 19, he says he arrested a suspect, but “between these two dates, Payday’s team failed me and abandoned me. Only Favour (Payday’s founder) was responding. I don’t know what all Payday employees are doing to have abandoned me.“
He still does not have his money to date.
“Patronise them at your own risk.”
In an April 5 post titled Stay Away from PaydayApp If You Value Your Sanity, Nairaland user, @abhosts, narrates how his $500 “is in limbo” because he funded his virtual dollar card and all the transactions were declined and he kept getting the response: “insufficient funds.”
“After two weeks of back and forth with their support,” the customer care representative asked the user to refresh his memory about the complaint, as he forgot. “This looks unreal,” @abhosts wrote.
A response by another user reads that Payday is a “source to dupe unsuspecting customers…they work hand in hand with fraudsters on Twitter, sharing phishing links which they claim they know nothing about.”
“The app has a lot of bugs”
Speaking to Technext, a user and cybersecurity expert [name withheld] says the Payday app only has a lot of bugs, as she has used the platform to make purchases from foreign marketplaces.
“Payday are no scammers,”
Narrating his experience still in April, Nairaland user, @Deeprooted, says he funded his account and initiated payment but was declined.
“After several fruitless attempts, I then decided to get my money back to the local currency. Na there I come sabi says I don buy market oh!”
Still, on bugs, Payday users say the app always updates (which may be the company’s response to bugs), but there are no prior announcements before disabling major features that led users to the platform in the first place.
How are monies disappearing from the users’ accounts?
There are about three ways unauthorised withdrawals can happen on Payday:
Phishing (which has been mentioned by some of the victims): This is a type of social engineering attack where the attacker sends a fraudulent message or email that appears to be from Payday. The message or email may contain a link that, when clicked, takes the victim to a fake Payday website that looks like the real thing. Once the victim enters their login information on the fake website, the attacker can steal it and use it to log into their real Payday account and make unauthorised withdrawals.
Malware: This is software that is designed to harm a computer system. Malware can be installed on a computer through a variety of ways, such as clicking on a malicious link, opening an infected attachment, or downloading a file from an untrusted source. Once malware is installed on a computer, it can steal personal information, such as login credentials, and use it to make unauthorised withdrawals from Payday accounts.
Data breaches: This is a security incident that results in the unauthorised access, disclosure, or destruction of sensitive data. Data breaches can happen to any organisation. If a data breach occurs, it is possible that hackers could steal customer login credentials and use them to make unauthorised withdrawals from customer accounts.
From Technext’s background check, phishing has been the most prominent, but that is just an external discovery.
On its part, Payday says it uses fraud protection measures to detect and prevent fraudulent activities, including “monitoring account activity for suspicious transactions, setting up alerts for unusual activity and using machine learning algorithms to identify patterns of fraudulent behaviour.” However, fraudsters have had field days with users’ monies.
Payday has waved the red flags, severally
By March 2023, the Payday team, on its Telegram channel, had started announcing that “Payday will not ask you for your personal details or ask you to click on any link.” But, “We need you to stay patient while we work on issues.”
One of the issues, Payday wrote, was happening across the banking system, “so, when you do a top-up to your Payday account and it doesn’t reflect immediately, please be patient for at least, 24-48 hours.”
The message reiterated that Payday will not ask you to click any link and issues are always escalated within 30 minutes/one hour.
In an April 5 post, Payday published a statement asking its users to avoid “fraudulent Instagram and Twitter pages using the image of our co-founder and COO, Yvonne Obike, to defraud customers.
“We please urge customers who are approached by these fraudulent accounts not to engage them and report/block the accounts,” Payday wrote.
Credit:Technext