How do I know if the online payment link shared by a random person is genuine and not fraud?
I’m aware of two types of payment links shared via Email / WhatsApp / etc.
One is where you click the link and fill out your bank account details for receiving payments.
The other is where you click the link and make payments with credit card / debit card / bank account / etc.
I’m assuming you’re referring to the second type of payment link i.e. click to pay.
If so, good question.
Many of us face the same quandary in a broader context when a random person / website asks us for an OTP or for some other sensitive information like credit card details.
The operative term here is “random”. But not random as in “random person” but random as in “random point in time” or “unexpected moment” aka “out of the blue”.
Let’s say I initiate a purchase or payment transaction and I then receive a payment link via Email / WhatsApp / whatever. While the sender of the payment link might be a random person, the payment link follows logically from my prior action and is therefore not out of the blue. I’d veer towards assuming that the payment link is genuine. I’d click it to initiate the payment. But I’d also pause to read the merchant name that would appear on the page that follows. It must match the name of the party with whom I’d initiated a purchase / payment transaction earlier. If it does, I’ll complete the payment. If not, I’ll suspect a “Man In The Middle Attack” and bail out. While frauds conducted via MITM attacks are rare, they do happen.
Now, let’s say I have not initiated a purchase or payment transaction and I receive a payment link. Since the payment link does not follow logically from my prior action, it is certainly out of the blue. I will assume that the payment link is fraud and put the onus of proving it is genuine on the party that sends it to me.
Likewise, whenever somebody calls me and claims to be from my Bank / TELCO / Utility, I always ask them to prove that they are who they claim to be aka prove their credentials, before I reveal any personal information.
While on the subject, I have covered some more ways to protect yourselves from fraud in Ten Ways To Protect Yourselves From Fraud.
Disclaimer: The above approach is by no means foolproof. Don’t assume that it will work for you just because it has for me. Do your own due diligence before you follow anyone’s guidance, including mine.
Silly Warnings:
Don’t Share OTP With Anyone. Don’t Click On Links From Random Persons.