Afterpay users are being targeted by a new email scam, as spending ramps up in the lead-up to Christmas.
The email – flagged by MailGuard – has the subject line: “Your last Afterpay payment was declined”, with the sender name: “Afterpay – Support”. Despite this, the email address itself is associated with USPS.
The email uses Afterpay’s pastel green logo and branding, which could trick Aussies users.
According to MailGuard, the scammers tell customers their “Afterpay account is currently restricted from spending” and their last payment was unsuccessful. It then asks them to retry the payment.
“After clicking the button to ‘Retry payment’, the recipient is taken to a phishing site, which closely resembles the Afterpay login portal,” MailGuard said.
“They are asked to enter the email address and password associated with their account. The only differentiating factor is the URL, which is not connected with Afterpay.”
The user is then asked to undergo a two-factor authentication process, with a verification code sent to their mobile. Later, they are asked to update their payment details and to enter their credit card number, expiration date and CVV.
“These details will also be stored for later use or sold on the dark web,” MailGuard warned.
Lastly, the user is asked to enter a…
