How do phishing and merchant scams occur?
Phishing and merchant scams involve tricking users into providing sensitive card details or authorising transactions under false pretences. These scams have evolved in recent years, often leveraging social media, misleading websites, and fake OTP prompts.
Types of Merchant and Phishing Scams
Declined Transaction Scam (tap to see more)
-
What is this?
Fake online shopping sites prompt OTPs, then show "payment failed", pushing users to re-enter details. Scammers collect card and OTP data repeatedly.
- Red flags to look out for:
- 1. Accessed via social media ads promoting deals, sometimes too good to be true
- 2. Creates fake urgency to push users into quick checkouts
- 3. Requests for OTP that don’t match the user’s action (e.g. Apple Pay OTP received when a payment is made)
- 4. Suspicious-looking OTP pages or unusual payment flows
- 5. Repeated checkout failures, prompting users to retry or enter another card
Phishing Scam (tap to see more)
-
What is this?
Impersonating official websites or channels by targeting individuals using emails, aiming to trick victims into clicking links and providing sensitive data.
- Red flags to look out for:
- 1. Suspicious links or email domains (e.g. odd URLs or misspellings)
- 2. Sometimes poor language quality – broken English, inconsistent fonts, or grammar errors
- 3. Lack of personalisation – generic greetings or vague instructions
- 4. Unusual urgency – pressure to act quickly, even after payment
- 5. Mismatch between OTP request and user action
- 6. Fake-looking OTP or payment pages
- 7. Repeated payment failures, often prompting users to retry with another card
Social Media Scam (tap to see more)
-
What is this?
Using spam emails and/or using social media platforms such as Facebook, Instagram, and TikTok to advertise their website and attract potential victims.
- Red flags to look out for:
- 1. Pop-ups or hidden subscriptions on the site
- 2. Overly broad product range with no clear focus or specialisation
- 3. Unclear or overseas-based customer support
- 4. Prices that seem unrealistically low
Online Shopping Scam (tap to see more)
-
What is this?
Fake websites that sell products at unrealistically low prices. Victims either receive nothing or poor-quality knockoffs.
- Red flags to look out for:
- 1. Unverified or newly created social media pages
- 2. Links lead to obscure or suspicious websites
- 3. Extreme discounts with countdown timers or urgency triggers
- 4. Lack of genuine reviews or fake video testimonials
- 5. Only one vague contact method (e.g. a single email)
- 6. Poor site quality – broken English, inconsistent fonts, or copied policies
- 7. Unrealistic product range or fake business details
Hidden Subscription Scam (tap to see more)
-
What is this?
Victims sign up for free trials or samples and are unknowingly enrolled in difficult-to-cancel recurring billing.
- Red flags to look out for:
- 1. Small upfront charge to bait users into signing up
- 2. Misleading buttons that hide subscription terms
- 3. Unclear or missing terms and conditions
Travel Documents Scam (tap to see more)
-
What is this?
Scam websites that pose as official government platforms for visa applications or passport renewals. They charge inflated fees, collect your personal data, or never deliver the promised service.
- Red flags to look out for:
- 1. URLs that don’t end in .gov or official domain suffixes
- 2. Unexpected or inflated fees not in local currency
- 3. False promises of expedited approvals
- 4. Third-party ads or pop-ups steering you to “apply now” outside of the official site
Here's how these scams work:
- The Bait: Scammers create fake advertisements on social media or search engines, leading unsuspecting users to counterfeit e-commerce websites mimicking legitimate platforms.
- Data Phishing: Victims are prompted to enter their card details to complete a "purchase," where scammers steal this information. They may even display a fake two-factor authentication (2FA) confirmation page to appear secure.
- Card Exploitation: Scammers use the stolen details to link the victim’s card to mobile wallets like Apple Pay or Google Pay. Submitting card information unknowingly permits scammers to add the card to their device.
- Rapid Transactions: Once linked, scammers use the wallets to make unauthorised purchases, often depleting accounts within minutes. Most of these transactions originate overseas.
⚠️ Note: YouTrip does not send OTPs for transaction confirmations. Instead, you must swipe within the app to approve 3DS authorisation.
How YouTrip Helps Protect You
- 🔔 Instant alerts: Get real-time push notifications for all transactions and mobile wallet link attempts
- 🔒 Card lock: Instantly lock your card from the YouTrip app if you notice suspicious activity
-
⚙️ Custom limits: Set transaction limits
If you notice an unfamiliar transaction in your account, read our FAQ article What should I do if there are unrecognised transactions in my YouTrip account? on what you should do next.
If you are a victim of fraud or scam, read our FAQ article What do I do if I'm a victim of fraud or scam? on what you should do next.
If you're certain that you did not make the transaction, temporarily lock your card using the YouTrip app and contact us via fraud-reporting@you.co immediately, or call us at +65 6904 9334 instead.