Payment apps like Venmo and its owner, the San Jose-based PayPal, provide consumers with relatively low-friction methods to exchange funds. That convenience can come at a cost, as they also present potential target-rich environments for scammers adept at bypassing app security in novel ways. The latest grift? Sending victims money, seemingly by mistake.
In a report published Tuesday, Los Angeles Times Utility Journalism editor Jessica Roy detailed the “money by accident” scam. It’s been around for a while but endures because it cleverly slips past many people’s psychological defenses.
It works this way: A message appears in Venmo saying something like, “Whoops! Please send it back!” Checking your account, you see a few hundred dollars. Realizing it could be an honest mistake based on a typo in the recipient’s screen name, an honest person might reflexively send the money back. But, unfortunately, that’s where things go wrong.
If the “mistakenly” sent money came from a scammer, it came from someone using a stolen credit card to set up a Venmo account. The stolen card is used to send the funds to the mark. If the unsuspecting receiver turns around and sends it back, the scam account deletes the credit card and subs in a new card that funnels money into that person’s actual account. Then, when the stolen money is eventually removed from your own Venmo, you are down a few hundred bucks out of your pocket. Roy notes in her LAT article that this scam happens partly “due to an issue with Venmo’s user interface: There is no way to manually decline, refuse or cancel a payment.”
What do you do with unexpected, unsolicited Venmo payments from sources you don’t know? Nothing. It’s tempting to take advantage of any unexpected windfall or help someone out of their mistakes but resist the impulse. Venmo’s help section says to contact support instead. Then, if you’re sure the sender is suspicious, you can block that account.
Venmo is a vehicle for scammers because it’s just the most popular payment app. While Consumer Reports rated Venmo safe in a 2018 survey, it ranked Apple Pay the safest of all such apps, with Venmo a close second, followed by Cash App, Facebook Pay, then Zelle.
Unfortunately, “money by accident” is far from the only con on payment apps. LA-based Katya Gozias is an investigative, business intelligence, and risk mitigation professional and the Managing Director at global compliance, security, and investigations firm Guidepost Solutions. She tells dot.LA that “Unfortunately, these scams are a continuation of already existing advanced payment fraud schemes.”
Those who fall victim to such con jobs shouldn’t feel too bad. According to Gozias, “Past fraudsters have even impersonated debt collectors and convinced attorneys to help collect purported debt, offering a percentage of amount collected to be deposited into their IOLTA accounts only to have these fake checks bounce and have the lawyer responsible to the bank for any withdrawn funds.”
Gozias adds that “Social media moms’ groups are rife with references to Zelle, Venmo, and other scams related to marketplace sales. The latest play is to have what appears to be an interested buyer ask for the seller’s contact information to send a verification code to ensure that the seller is not a scammer. Others receive a call purportedly from their own number (spoofed by scammers). All are phishing attempts.”
Jessica Roy notes in the Times that the dark web plays a role in such con games, and Gozias adds that personal “information is cheap and readily available for purchase in bulk on the dark web.”
“Fraudsters reach out en masse in hopes that one or two gullible people will fall for their trickery,” Gozias says, and the “only antidote is awareness and vigilance. If something seems off or too good to be true, it probably is."
The Federal Trade Commission (FTC) has a thorough page advising consumers on how to avoid getting scammed. It offers a bullet list of some common sense things to remember:
- Never send payments to claim supposed sweepstakes or lottery prizes.
- You never give out your account credentials to anyone.
- Use PINs or multi-factor authentication.
- Ensure you’re sending money to the right person by checking their details (Venmo screen name, for example).
- Double check with anyone you know who sends an unexpected money request to ensure it’s really from them and not a hacker.
Any time you're unsure about a transaction using one of these platforms, contact the person you are dealing with directly or contact the app’s customer service for assistance.