Back to you.co

How do phishing and merchant scams occur?

How do phishing and merchant scams occur?

Phishing and merchant scams involve tricking users into providing sensitive card details or authorising transactions under false pretences. These scams have evolved in recent years, often leveraging social media, misleading websites, and fake OTP prompts.

Types of Merchant and Phishing Scams

Scam Type Description Red Flags to watch out for
Declined Transaction Scam Fake online shopping sites prompt OTPs, then show "payment failed", pushing users to re-enter details. Scammers collect card and OTP data repeatedly.
  • Accessed via social media ads promoting deals, sometimes too good to be true

  • Creates fake urgency to push users into quick checkouts

  • Requests for OTP that don’t match the user’s action (e.g. Apple Pay OTP received when a payment is made)

  • Suspicious-looking OTP pages or unusual payment flows

  • Repeated checkout failures, prompting users to retry or enter another card
Phishing Scam Impersonating official websites or channels by targeting individuals using emails, aiming to trick victims into clicking links and providing sensitive data
  • Suspicious links or email domains (e.g. odd URLs or misspellings)

  • Sometimes poor language quality – broken English, inconsistent fonts, or grammar errors

  • Lack of personalisation – generic greetings or vague instructions

  • Unusual urgency – pressure to act quickly, even after payment

  • Mismatch between OTP request and user action

  • Fake-looking OTP or payment pages

  • Repeated payment failures, often prompting users to retry with another card
Social Media Scam Using spam emails and/or using social media platforms such as Facebook, Instagram, and TikTok to advertise their website and attract potential victims
  • Pop-ups or hidden subscriptions on the site

  • Overly broad product range with no clear focus or specialisation

  • Unclear or overseas-based customer support

  • Prices that seem unrealistically low
Online Shopping Scam Fake websites that sell products at unrealistically low prices. Victims either receive nothing or poor-quality knockoffs.
  • Unverified or newly created social media pages

  • Links lead to obscure or suspicious websites

  • Extreme discounts with countdown timers or urgency triggers

  • Lack of genuine reviews or fake video testimonials

  • Only one vague contact method (e.g. a single email)

  • Poor site quality – broken English, inconsistent fonts, or copied policies

  • Unrealistic product range or fake business details
Hidden Subscription Scam Victims sign up for free trials or samples and are unknowingly enrolled in difficult-to-cancel recurring billing.
  • Small upfront charge to bait users into signing up

  • Misleading buttons that hide subscription terms

  • Unclear or missing terms and conditions
Travel Visa Scam Fake visa application sites that charge high fees or sell your information.
  • URLs that don’t end in .gov or official domain suffixes

  • Unexpected or inflated fees not in local currency

  • False promises of expedited approvals

 

Here's how these scams work:

  • The Bait: Scammers create fake advertisements on social media or search engines, leading unsuspecting users to counterfeit e-commerce websites mimicking legitimate platforms.
  • Data Phishing: Victims are prompted to enter their card details to complete a "purchase," where scammers steal this information. They may even display a fake two-factor authentication (2FA) confirmation page to appear secure.
  • Card Exploitation: Scammers use the stolen details to link the victim’s card to mobile wallets like Apple Pay or Google Pay. Submitting card information unknowingly permits scammers to add the card to their device.
  • Rapid Transactions: Once linked, scammers use the wallets to make unauthorised purchases, often depleting accounts within minutes. Most of these transactions originate overseas.

⚠️ Note: YouTrip does not send OTPs for transaction confirmations. Instead, you must swipe within the app to approve 3DS authorisation.


How YouTrip Helps Protect You

  • 🔔 Instant alerts: Get real-time push notifications for all transactions and mobile wallet link attempts
  • 🔒 Card lock: Instantly lock your card from the YouTrip app if you notice suspicious activity
  • ⚙️ Custom limits: Set transaction limits

If you notice an unfamiliar transaction in your account, read our FAQ article What should I do if there are unrecognised transactions in my YouTrip account? on what you should do next.

If you are a victim of fraud or scam, read our FAQ article What do I do if I'm a victim of fraud or scam? on what you should do next.

If you're certain that you did not make the transaction, temporarily lock your card using the YouTrip app and contact us via fraud-reporting@you.co immediately, or call us at +65 6904 9334 instead.

Fraud & Scam

See more