While most phishing emails are easily filtered out as spam by service providers like Google’s Gmail and Microsoft’s Outlook due to their dubious origins, this particular email carries all the necessary credentials to bypass all filters, simply because it is being sent from a bulk email service that has been pre-approved by iPay88.
A closer look at the email headers confirms that the phishing email originated from elasticemail.com, one of the two email services approved by iPay88 to send out emails to their customers and merchants. We have independently compared and verified legitimate emails and receipt mails sent out by iPay88 from both these email services even as far back as early 2019.
The email itself claims that there is an updated User Agreement Policy implemented by iPay88 that is required to ‘protect our client’s personal data’. As such, recipients of the email are encouraged to complete the verification by visiting ipay88.org, a fake phishing site set up to collect details as well as credit card information from unsuspecting users.
iPay88 however, via a posting on their Facebook page, has denied that they have suffered any breach, and are instead blaming it on scammers who are randomly sending out emails based on scraped addresses from email lists. We have reached out to iPay88 for more information on their claims.
If you’ve inadvertently keyed in your details at the ipay88.org phishing site, we urge you to immediately contact your bank to inform them that your card has been compromised and request for a replacement card.