Press and Media

Get Coda Payments official resources for journalists. For more information, please email our press department.
Contact us
Article

Skunking the Phishers

...

We launched Codashop six years ago, and it quickly became a recognised and trusted name among gamers and purchasers of all types of digital content. In 2018 Codashop was voted the best payment service for gamers in Indonesia. In 2019, Codashop was the #3 top trending search term in the Philippines according to Google. And in 2020, Codashop recorded more than a billion site visits, setting records in each of the 30+ countries where we operate. 

On its journey to becoming a household name, Codashop also became the target of a less welcome form of attention: criminals seeking to defraud our customers. Fraudsters began setting up fake websites intended to trick customers into thinking they were making a purchase on Codashop, when in fact they were simply transferring money (or Bitcoin) to a bad actor with no ability or intention of delivering what they purported to sell. These bad actors would trick customers by using our logo and colours, and setting up their websites on domain names that resembled ours such as www.codashops.gq or www.c0da-sh0p774.tk. Here are a few examples of the websites that were set-up to trick customers:

From our front pages:

From our recharge pages:

Fake Mobile Apps:

In response, Coda did what any company that cares about our customers and the integrity of our brand (and the brands of the apps for whom we collect payment) would do:

  • we made efforts to educate customers how to identify imposters, and 
  • we reported phishing websites being operated by fraudsters that came to our attention to the payment service providers and/or the domain registrars that (typically unwittingly) enabled them. 

But fraudsters are highly motivated and work quickly. Manually detecting a phishing website, identifying its domain registrar, reporting the fraud, and waiting for the registrar to act on our information took too long, and for every website that we successfully managed to remove from the internet, one or more new ones would appear. 

We had to find a better way, and we did. 

To protect our customers and get ahead of fraudsters, Coda implemented an artificial intelligence-based service that (1) constantly crawls the web looking for websites that conduct phishing activity using elements of our brand and (2) reports such websites to domain registrars immediately via privileged relationships. 

By improving our detection and reporting capabilities, we have dramatically reduced the amount of time it takes to remove phishing websites from the internet. Hundreds of phishing websites have already been removed by this service. 

Coda has a full-time security team: phishing is just one of the threats that they work on, and this solution is just one of the tools that they have implemented. If you’d like to learn more about the security that underpins Codashop, please get in touch!