Venmo, Cash App, and PayPal scams: How to stay safe

Tips & tricks
5 mins
Dollar sign in a triangle.

Peer-to-peer (P2P) mobile payment services such as Venmo, Cash App, and PayPal have exploded in popularity thanks to their convenience and ease of use. It’s very simple to transfer money to friends and family with just a few taps on your phone. 

But as these apps gain ubiquity in North America, they’ve attracted the attention of nefarious actors too; some users have lost tens of thousands of dollars due to social-engineering scams. It’s important to recognize the warning signs of a potential scammer and block them immediately.

[Get tips to protect your data. Subscribe to the ExpressVPN Blog Newsletter.]

Let’s take a closer look at common mobile-payment scams and ways for you to avoid them.

1. Phishing scams

One of the most common ways of initiating a scam is through a fake SMS. These are also referred to as “smishing” attacks as they encourage a user to click a malicious link through an SMS. 

The message usually offers some sort of financial benefit that requires you to enter your personal information. The page itself will also try to closely impersonate that of the official payment app. However, it’s controlled by a hacker in search of your information. Once you enter details such as a credit card number or other identifying information, it can be used for illegal transactions or sold on the dark web.  

Phishing scams can also occur in the form of a malicious email. The same principle applies; phishing emails lure you into parting with your personal information either by impersonating someone you know or the payment app itself. 

How to avoid phishing and smishing scams

PayPal warns against phishing attacks saying that if you receive an offer or a deal that “seems to be good to be true” then it probably is. It reminds you that apps will only contact you from their official email address and never ask for your personal information. 

Ultimately, the onus is on you to carefully scrutinize any email or text message asking for personal details. If you receive such correspondence, it’s probably best to delete the message and block the sender. If you have a feeling that the request might be legitimate, be sure to check with customer support first.

2. Credit card reverse-charge scams 

A credit card reverse-charge scam can occur when you’re attempting to sell something on an online marketplace such as Craigslist. 

The interested buyer reaches out and offers payment via Venmo. They make the payment and you proceed to ship the goods. A few days later you get a notification that the credit card company has reversed the transaction due to it being via a stolen card. 

Venmo’s official stance is that it’s purely a payment service between friends and family and is not meant to be used for business purposes. It doesn’t offer any sort of seller or buyer protection unless specifically registered for a business account. PayPal does offer protections but it usually sides with the seller in the case of a dispute. 

How to avoid credit card reverse-charge scams

If you’re selling a one-off item on an online marketplace, then it’s better if you ask for cash instead of an online payment. You could also request that the buyer send you a wire transfer from their bank account to yours instead of through a third-party app. 

3. Excess-payment scams

Many mobile payment apps warn against such scams. In this situation, a potential customer of your store “accidentally” wires you more money than they should have. For example, it’s possible that you’re selling an item online for 200 USD but receive a payment of 2,000 USD instead.

The person in question contacts you and says they sent the extra cash in error, asking to refund the 1,800 USD difference. You proceed to do so and ship them the product they asked for. A few days later you find out that the payment method used was fraudulent and you’ve lost the money as well as the item shipped.

How to avoid excess-payment scams

The chances of a legitimate buyer overpaying you, especially by a large amount, are almost zero. If you receive such a transaction, we recommend that you cancel it altogether and refrain from transferring the monies to your bank account. 

4. Fake-charity scams

Individuals and corporations in the U.S. donated nearly half a trillion dollars to charity in 2019, so you can be sure that scammers are eyeing this pool of cash, too. Charitable donations usually spike after a natural disaster, refugee crisis, or war. They’re also quite prevalent during the holiday shopping season

Fake-charity scams work in a similar fashion to phishing scams, except that they don’t try to impersonate someone you know or trust. They’ll likely ask you to make a one-time donation to help victims of some unfortunate incident, except the cash will end up in the scammer’s account. And you won’t be able to get a tax deduction, either.

How to avoid charity scams 

If you come across an email or text message claiming to be from a charity that you don’t recognize, then be sure to check out its credentials first. Charity Navigator and Charity Watch are two independent charity watchdogs that testify to the validity of the non-profit organization. Another red flag is if the charity in question does not have a website or any mentions of its work online. That means it’s very likely a scam.

Further tips to avoid financial scams

In addition to the above tips, there are some extra steps you can take to further boost your security.

Set up two-factor authentication

Two-factor authentication (2FA) adds an extra layer of security to your account by making you validate your identity beyond just the standard username/password combination. It can help guard against data theft such as if your mobile payment account has been compromised by hackers.

Use a VPN

VPNs set up an encrypted tunnel and route all your internet traffic through it, keeping your personal information safe and away from prying eyes. Use a VPN if you connect to public Wi-Fi frequently or even for everyday use. It adds security to all your devices, including phones, laptops, and tablets.

Always set up a strong password

Strong passwords entail a combination of alphanumeric characters and aren’t tied to any personal information. Never use your name or birthday in a password since you’re increasing the chances that it might be cracked. What’s more, try to set up a different password for each app or site you visit. Our random password generator can give you a good one.

Have you ever been the victim of a financial scam? What would you have done differently? Let us know in the comments!

Read more: Phishing and spearphishing explained

I like to think about the impact that the internet has on humanity. In my free time, I'm wolfing down pasta.