Scammers are always looking for fresh meat and they’ve found a big juicy steak in the world of P2P (person-to-person) cash apps. Yep, Venmo, Zelle, and CashApp, apps that allow people to buy things and pay people back.
Typically, doing that isn’t a big deal, but with a half-billion people using those tools, scammers are quickly finding ways to line themselves up to be one of the people who’s on the receiving end of a money transfer.
When ConsumerAffairs reviewed the CFPB’s complaint database, there were hundreds of sad narratives from people who claimed they fell victim to a P2P scam, only to find themselves with no protection and no way to recover what they lost.
There were situations where the bank said the transaction couldn’t be reversed or canceled, where Zelle said it would “file a claim” but couldn’t promise much else, and lots – LOTS! – of event tickets that were paid dearly for, but never showed up.
Fraudsters are also starting to pose as family members in trouble and asking for money for an emergency or using a cash app to tell a target that they’ve won a prize or a sweepstakes, but they have to pay fees to collect it.
Don’t bank on it!
The Federal Trade Commission (FTC) says it’s observed scammers using Zelle to pose as someone’s bank, then telling the target that there’s a problem with their account.
To “protect” the account, the scammer gives them step-by-step instructions on how to transfer money from their bank account into a new account in the target’s name. However, that new account belongs to the scammer, so after the target transfers money, it disappears.
If someone contacts you posing as your bank, call the bank and verify that, too. But don’t call the number that the person on the other end is giving you. Instead, look up the number of the branch and call them directly to make sure the request – and the person making the request – is legit.
“And know that your bank will never contact you to tell you to transfer money or to ask for personal information or passcodes,” said Amy Hebert, consumer education specialist at the FTC.
Despite what Congress would like to happen, if you get caught in one of these P2P scams, remember it was you who cut this deal and the bank was simply the conduit. As much as you would like the bank to jump on its steed and go chase after the bad guy who pulled off one of these P2P scams, banks simply don’t have the time to do it. And getting the bank to put your lost money back in your account? Good luck.
The cure for staying secure
ConsumerAffairs asked cybercrime experts to recommend some steps that cash app users can employ to stay secure. Here are their suggestino:
Two-factor authentication. “Many P2P payment services offer multi-factor authentication, which requires users to enter a code sent to their phone or email in addition to their password,” Cybercrime Support Network (CSN) told us. "This adds an extra layer of security to the account.”
Don’t know the person asking you for money? Then, don’t send ‘em any!
“P2P payment users should only use payment services to send money to people they know and trust. We recommend they carefully review transactions before sending them, as many of these transactions cannot be canceled or refunded,” CSN said.
Be careful with QR codes. QR codes can be generated for just about anything, so why not a cash app scam? Shalabh Mohan, Head of Product, Cloudflare Area 1, says scammers are known to send emails embedded with QR codes with a deceptive message such as, "Your friend has just sent you $X, click the QR code to collect the payment!"
If you click on that code, though, you could be whisked away to a fake payments app page and be asked for credentials to log onto the payment app.
"With this information, the threat actor would now have access to the user's payment account, along with the potential to cause damage beyond just the immediate fake transaction," he said.
Should you use Apple Pay or Google Pay instead?
Maybe you should rethink the whole P2P app thing and go for a “wallet” app, instead. Jason Wise, the chief editor at EarthWeb, told ConsumerAffairs that wallet apps like Apple Pay and Google Pay have robust security measures that are worth considering.
“By employing biometric authentication and tokenization, they add an extra layer of security that can be more challenging for fraudsters to penetrate,” he said.
”This doesn't mean they're completely foolproof, but they often provide a more secure alternative to traditional credit cards.”
Wise’s comment about not being foolproof should be taken to heart if you’re thinking about using the Apple Cash feature inside Apple Pay.
Jory MacKay, cybersecurity writer and editor at Aura, said that “Criminals target Apple Cash because it’s a peer-to-peer digital wallet that doesn’t offer buyer protection. While federal laws cap your liability for credit card fraud at $50 and many companies offer $0 liability policies, those same laws don’t apply to digital payment systems like Apple or Google Pay.”
And just like with a bank, “If you send a scammer money over Apple Cash, it’s essentially gone — you can’t initiate a chargeback or request a refund, making every transaction a potential risk,” MacKay said.