If you are even a casual user of Venmo, the peer-to-peer payment app, you could fall victim to a new scam that’s popping up around the country.
Victims report receiving a text that appears to come from Venmo, saying a sign-in to the user’s account was detected near Philadelphia or some other city.
“Not you? Tap the link to sign in now,” the message says.
If you have a Venmo account your first reaction might be to click on the link in order to prevent an unauthorized user from taking your money. It’s a normal reaction that a security-conscious consumer might have.
The link takes the victim to a fake website, made to look like a Venmo site, where they are asked to log in to their Venmo account. If they do the scammer then steals their login credentials and has full access to their account.
The message even warns recipients not to share an included code with anyone, declaring “If anyone asks for this code it’s a scam!” Scammers warning victims about scams is a relatively new tactic designed to create credibility.
How do they know?
So, how does the scammer know that you have a Venmo account? They don’t, but millions of people do so they are simply playing the odds. They understand that people who don’t have accounts but receive the text will just ignore it. They figure enough people have accounts to make the scheme worthwhile.
But how did they get your phone number? While they could generate phone numbers at random, chances are they have your number as the result of data breaches in which personal information is stolen.
This can be a difficult scam to guard against because there aren’t that many red flags and the scammers aren’t asking for thousands of dollars in gift cards. They’re after the money in your Venmo account.
Still, exercising caution will keep you out of trouble. Instead of clicking on a link in a text, contact Venmo/PayPal customer support and tell them about the text. Also, Venmo says it will never ask you for your password, PIN, or access codes via text message, email, phone call, or any other means.