Mobile payment apps are on the rise. They are fast, easy to use, and convenient—you can do everything with a few taps on your smart device. But as they become popular for users, they also become popular for scammers, because, as the FCC points out, “unlike traditional banks and credit cards, payment app services often lack the same fraud protections.” In fact, payment apps have rates of fraud that are three to four times greater than credit and debit cards.
From puppy scams to fake giveaways, payment app scams have increased in both creativity and number over the past few years. In a recent interview, Better Business Bureau CEO Steve McFarland explained the magnitude of the situation: “At the BBB we get over 1,000 complaints per day…there are scammers galore now on the internet and we’ve seen an exponential increase in scams.”
In this post we’ll share details of the most common payment app scams, so you know exactly what to avoid, as well as what to do if you ever find yourself a victim of one of the fastest growing areas of fraud in the world.
What is a payment app?
A payment app is an application on your smart device (smartphone, apple watch, iPad, etc) that allows you to send money from your account to another, whether that is a business or another person. These apps have gotten increasingly popular in the wake of the pandemic. In fact, according to eMarketer, the top apps for P2P payment (peer to peer, direct from one person another) will have $1.152 trillion transactions sent by the end of 2023. You can use these apps to send money directly to family, friends, and individuals for services, as well as make purchases at a growing number of businesses.
The most common apps in the US include Venmo, Zelle, and Cash App. To use most apps, you simply need to download them on your device, create an account with them, and connect them to one of your existing financial accounts. (Zelle, on the other hand, is just a matter of downloading the app and linking to your pre-existing account, if you already bank with one of its banking partners).
Though some apps don’t require a bank or credit card account to receive money (and then send it to someone else after you receive it), you can’t send more money than is currently in your app’s account balance, and you can only use that money to pay people and businesses that accept that particular app (and you also can’t you receive the protections associated with having an account through a financial institution—more on this later). Additionally many apps charge you to use a credit card, but are free if you use your bank account.
How Scammers utilize Payment Apps
As with any new financial development, scammers have found ways to take advantage of consumers and attempt to trick them into granting access to their payment app, and in turn, financial accounts. There are numerous ways that scammers might try to gain access to your money—some that are used across all apps, and some that are developed for specific apps. We’ll detail both kinds below.
Common Payment App Scams
The Better Business Bureau names some common methods scammers use to try to take money from app users, including: using fraudulent payment methods, canceling payments before they clear, overpaying for items and then requesting a refund of the difference, and using fake emails to gain access to accounts. Scammers may also try to get you to buy bogus goods, or outright steal your login information. These methods are found on all payment app platforms around the world, so be aware of them, no matter what app you use.
Buying and Selling
The FCC strongly discourages the use of P2P apps for buying and selling goods because many apps don’t offer payment protection for users and scammers take advantage of this fact. Be wary of sending payments to strangers online for goods as scammers often list bogus goods for sale—even puppies—never following through with the item after you’ve paid them.
If you are the ones selling an item online, scammers may attempt to purchase it using a fraudulent payment method: either a stolen credit card or payment app account. After they receive the item (usually a more expensive one to make it worth their trouble), the fraudulent payment will either fail to clear or will be taken from your own account.
Similarly, a scammer may cancel the payment on their own after they receive the item, but before their payment clears, leaving you both without payment or goods. Another way scammers may use payment apps to defraud you is to overpay you for an item. They will then request you to send them the difference (often in cash), along with the item they purchased. Scammers sometimes do this with a stolen credit card—a double scam!
Phishing and Smishing
With ‘phishing’, scammers will send fake emails, with ‘smishing’, they’ll send fake sms (text messages) or private messages on social media. Either way, these fraudulent communications, which often impersonate customer support, will attempt to get users to give up their account information.
There are lots of ways scammers can get this done. In some forms, they’ll send a link that directs you to something that looks like an official page for that platform—if you log in to your account with your username and password, you give scammers everything they need to log in to your account, too. Reader’s Digest outlines a number of additional scam messages, from ones telling you that you need to claim a prize or government refund to the more nefarious: your child has been injured and you need to send payment for their treatment.
Unfortunately, savvy scammers have also found ways to work within the vulnerabilities of specific apps to steal users’ account information and money. CashApp has its own guide to avoiding scams on its platform, but here are some common scams common on Cash App to watch out for:
Using social media, scammers will advertise that they “flipped” their money by sending a smaller amount to someone, and then receiving a larger sum in return—trying to get you to do the same. Unfortunately no such money-making program exists. Instead, users will probably never see their money again. However, according to Make Use Of, there is a variation of these scheme where you might get something back at first: “Some scammers have been known to offer their victims a smaller "flip" of $2 to $20 that works in the first instance…After the trust is gained and a much bigger amount is sent, the scammer stops responding to the user's messages.”
Fake #CashAppFriday Giveaways
There are official Super CashApp Friday prizes given away every Friday. Scammers have mirrored these official giveaways, posting on social media sites like Instagram and Facebook using the official tag, and asking for users to send money or their login information in order to win. The Daily Dot details how these popular scams work, and shares some sad examples of their aftermath as cautionary tales.
Like Cash App, Venmo has its share of tailored scams and also lacks significant payment protections for its users, leaving them more vulnerable than many traditional banking methods. Because transactions are also public as default (unless you change the setting), scammers can even know your personal payment history and use it to gain your trust or swindle you. Venmo offers its own page devoted to the most common scams on its platform. Here are a few examples.
Mistaken Deposit Scams
In this scam, money appears in your account from a stranger, followed by a message saying that the transaction was an error, and asking for you to send it back. Venmo is especially vulnerable to this scam because their own customer support suggests that users do this very thing if they send an accidental payment! So how do you know if a request is valid or invalid? Simply put, you don’t. Because of that, don’t send the money back right away, and don’t deposit it in your account. You can reach out to Venmo’s customer service, instead, and, if it truly was an error, Venmo’s customer service will reach out to you on behalf of the sender, too. If the payment was made with a stolen credit card, sooner or later that money will disappear from your account.
How it works: you get a money request from an account that looks to belong to a friend or family member—the profile picture is the same, at first glance the name appears to be as well. Maybe it looks similar to a transaction you’ve recently had with that same person, like rent or repayment for takeout (remember, your transactions are often public!). Or maybe it’s a desperate plea for financial help. Either way, whenever you get a request from someone that you weren’t expecting, pay close attention to that username. For more information on this scam, and how to avoid it, check out the Better Business Bureau’s article, Don’t Send Money to Fake Friends on Venmo.
Common Zelle scams often feel familiar to the many scams listed above, from bogus internet sales to credit card fraud to cash flipping. But because Zelle is a payment app that is owned jointly by a number of major financial institutions—Bank of America, Truist, Capital One, JPMorgan Chase, PNC Bank, U.S. Bank, and Wells Fargo—one way that scammers can gain the trust of their victims is to impersonate their actual financial institution. The kicker is, if you use one of these financial institutions, you don’t even need to use a Zelle account to be conned. Here are two ways that you could become a victim to these scams.
While we’ve talked about smishing above, there is a specific kind of smishing that appears to come from a customer’s financial institution that can get consumers to fork over their login credentials without ever giving away their passwords. As Krebs on Security explains, in this particular scheme, the scammer will send a text message that looks like a fraud alert from the users’ actual bank. They will be asked to confirm or deny a charge by texting “YES” or “NO”. Minutes later, the scammer will call and ask for their username. Here’s where it gets tricky: once they have your username, they can reset your password with your help over the phone, gain access to your accounts, and transfer money to their own Zelle account.
In another version of this scam, users will also get texted about possible fraud from someone posing as their bank, but this time on the follow up call, the scammer will ask you to send money to your own Zelle account. In the meantime, they’ve linked your Zelle account to their own bank account and can then transfer the money right to themselves. Stacy Cowley and Lananh Nguyen in the New York Times explain how one man, Justin Faunce, lost $500 to this con:
Behind the scenes, the thief had linked his account, which was also at Wells Fargo, to Mr. Faunce’s phone number. To use Zelle, customers must link either their email address or their phone number to their Zelle account. Mr. Faunce did not have his Zelle account linked to his phone number. That allowed the scammer to claim Mr. Faunce’s number and attach it to his own Zelle account.
If you are a customer of any bank that partners with Zelle, not just Wells Fargo, you could be susceptible to this scam.
Ten Ways to Protect Yourself from Payment App Scams
Being aware of common examples of scams associated with payment apps—knowing what to watch out for and what activities are most suspicious—is probably the most important thing you can do to prevent yourself from falling victim to these crimes. Here is a more concise summary of the top things you can do to protect yourself from payment app fraud:
- Make sure any offers or awards on social media come from verified app accounts.
- Remember, you never have to transfer money to receive money from an app—if you are asked to do this, reach out to customer service.
- Also, keep in mind that payment apps will never ask you to verify your user name or login information. If you do get asked by someone who seems to represent the app, reach out to customer service directly.
- Before sending money to a business that you found online, verify that they are legitimate through the Better Business Bureau.
- Don’t respond to unexpected payment requests from friends unless you verify the request outside the app (call, text, or email them).
- Think twice before sending large payments using unprotected payment apps. Alternatively pay a little extra to use a credit card on the same app for that added level of protection from your credit card company.
- Don’t fall for get-rich-quick schemes. If it seems too good to be true—like cash flipping—it is.
- Make your transactions private so scammers don’t have a behind-the-scenes look at your spending habits.
- Never “refund” an overpayment or accidental payment unless you know the person who initiated it and have verified the error in person.
- Don’t enter login information on websites linked from emails or other messages. Go directly to the app yourself to check for messages from customer service.
This quick guide from the Federal Trade Commission (FTC), Mobile Payment Apps: How To Avoid a Scam When You Use One provides even more advice on how to protect your assets when using a P2P app. And for general information on how to avoid financial fraud of all kinds, check out Palisades Credit Union’s own useful guide, How To Recognize And Protect Yourself From Scams.
Report Mobile Payment Fraud
If you are the victim of mobile payment scams or fraud, there are some recourses for you. First, you’ll want to reach out to your financial institution. In some cases, you might be at a loss. But in other cases, you might be protected. Only your financial institution will be able to tell you for certain, based on your case.
Second, there are a number of places that you can report the activity:
- FBI: Internet Crime Complaint Center
- FTC: Fraud Report
- Fraud.org: File a Complaint
- Report a Scam or Contact Support on Zelle
- Dispute a Purchase, Report an Unauthorized Payment, or Contact Support on Cash App
- Report Fake or Suspicious Emails or Contact Support on Venmo
Even if you aren’t able to get your money back, reporting the activity can help protect future victims of payment app scams and fraud.
Practice Safe Online and Digital Payments
It isn’t possible to eliminate all risk when it comes to the latest financial technologies, but being a savvy consumer can help you avoid many of the common pitfalls of payment apps. As the New York Times explains, “many people are unaware of how vulnerable they can be to losses when they use these services in place of banks.” Taking the time to learn how to safely manage your financial accounts online is an essential protective measure. And if you are looking for a convenient online banking platform with the security of a bank and the convenience of a direct-pay app, see what services your own financial institution has to offer.
At Palisades Credit Union members can safely and conveniently pay a person or business through our online and mobile banking platform. Simply select “Pay a person” from the online payment center, or click the “Pay a Person” widget on the homepage to send payments via email or text, direct deposit, or mailed check. To take advantage of this service, enroll in online banking today!
« Return to "Blog"Go to main navigation