"Capital One P2P Payment Confirmation" Phishing Scam
Capital One customers who have received "P2P Payment Confirmation" email or SMS text message verification alerts like the one below, which claim that their accounts need to be verified should be deleted and the instructions in them should not be followed. This is because the messages are being sent by cybercriminals to frighten and trick potential victims into clicking on the links in them, which go to phishing websites that steal online account credentials.
The "Capital One P2P Payment Confirmation" Phishing Scam
Subject: Attention: Your account status change
Date: Thu 02/11/2017 22:03
From: "John Hannigan"
Visit Capital One
Sign In
P2P payment confirmation.
You have received a P2P transfer from another Capital One 360 customer.
Reference Number: 500293889369
Amount: $7,950.00
From: Capital One 360 Savings ......5016
Deliver By: Friday, November 3, 2017
For security reasons your payment has been put on hold for verification of your account Information.
please visit our Information Protection Center. to continue the verification process to confirm your account.
Thanks for Banking with us.
Capital One customers who have received messages claiming that they need to do some activity on their accounts, such always go directly to https://www.capitalone.com/ and sign into their accounts. Once they have signed in, they will be notified of security updates, notifications and other important notifications, if there are any. So, there is no need to click on a link in an email message, which may go to phishing or malicious website.
Also, Capital One customers who have already been tricked by the phishing messages, are asked to change their passwords and contact Capital One immediately, before their accounts are hijacked and used fraudulently by cybercriminals.
Check the comment section for additional information, or share what you know or ask a question about this article, by clicking the 'View or Write Comment' button below.
Note: Some of the information in samples on this website may have been impersonated or spoofed.