Scam Alert – Direct payment apps like Paypal, Venmo and Zelle are being used increasingly by scammers to steal your money, your identity, or both, including taking advantage of online shopping by impersonating banks and other well-known companies.
In addition to the phony look-alike branded emails, I also receive emails from people I know asking me pay something for them and they will reimburse me.
Yea, right. A friend of mine was scammed out of $920 recently by just such a phony email.
It is obvious these are scams because they are from addresses which do not belong to the folks I know, in my contacts list, scammed and phished and “spoofed” to look like you or I know them.
These are from unknown addresses, sometimes ending with a dot-BG (Bulgaria), dot-NG (Nigeria) and other countries where nobody I know is living or even visiting – likely not you, either.
Like you, I also receive emails from senders I don’t know, telling me a subscription to something like Geek Squad has been renewed for many hundreds of dollars, and I should verify by clicking here (link).
They are all scams.
P2P Frauds and Scams are Different
Fraud involves someone accessing your account without your permission and completing unauthorized transactions. Banks, credit card companies and even retail companies will protect you against fraud.
Scams involve being tricked into authorizing a transaction or sending a payment. It’s important to remember the difference, as scams rarely provide the same protections as fraud.
Fraudsters may claim to represent a fraud department or merchant – or even the IRS – and ask you to confirm information such as your account username and password or Social Security number. If you share this information, the criminals can create a P2P account with your information, steal your identity, and gain access to your accounts.
Scammers usually pose as a legitimate business – or even a close personal friend – to request a P2P payment for a product or service. Once they receive your money, you won’t receive what you paid for, or be re-imbursed, and they disappear.
Tips to Avoid P2P Phishing Frauds and Scams
Check the address and signature of the sender before you reply. That is the single most important thing you can do to avoid becoming a victim – my friend did not do that and it cost her $920.
Repeating for emphasis – Check the address and signature of the sender before you reply, since this is perhaps the important tip for avoiding P2P phishing frauds and scams.
P2P payment apps generally do not allow you to cancel a transaction, so treat payments like cash. Send money only to those you know and trust – and whose emails you have checked.
My friend was scammed out of $920 by a sender in dot-BG (Bulgaria) with an urgent request to pay an invoice for me, since – according to the scam email – I was traveling and not able to pay myself immediately. The scammer emailed that I would reimburse my friend when I returned.
My friend knows I travel a lot, and apparently did not think twice about helping me – exactly why my friend is a longtime friend.
My friend also did not recognize that the email was signed with my full name, rather than just my first name or even my nickname, both of which I normally use, and which the phishing spammer would not know.
No Protection From P2P Companies
Peer-to-Peer (P2P) payment apps are great – they allow you to make quick and simple mobile payments to friends, splitting a restaurant or hotel bill with those friends, supporting a street performer or band, even receiving payment from or paying a client. But –
P2P has become popular with scammers who know that P2P is not covered by US consumer protection laws, and there is little recourse or no for getting your money back. They win, you lose.
PayPal, Venmo and Zelle consider it your problem – not theirs – even though they allowed their companies and services to be used by scammers using phony phishing email addresses.
That is simply wrong, and should not be allowed to continue.
Congress needs to pass P2P consumer protection laws, similar to laws that protect us users from banking scams and credit card scams. But –
If Congress cannot agree on the debt limit, gun control or immigration laws, Congress is unlikely to do anything about this growing consumer fraud in the near future.
Until then, it is a clear case of consumer beware.
P2P payment scams can involve phony romantic prospects, fraudulent investment schemes and more, including what looks like a legitimate emergency from a friend – like my friend who was scammed out of $920.
At a glance, peer-to-peer (P2P) payment applications appear to be the perfect solution for effortless money exchange between friends and family, whether you are splitting the bill at a restaurant or paying half for a hotel stay.
These apps — including PayPal, Venmo, Cash App and Zelle — allow users to send money to others within seconds, usually by connecting either a bank account or a payment card.
P2P payment technology, while convenient, comes with several inherent risks.
Scammers prefer using tools that are easy to use. The combination of email and P2P technology makes it an easy and attractive exploitation method.
Keep reading to learn more about how these features cause significant threats to ordinary everyday users, and strategies to help you avoid becoming a fraud victim – like my friend.
How P2P Payment Apps Work
Essentially, a P2P payment is a digitized and direct cash exchange.
Users connect payment cards or bank accounts to their P2P payment platform of choice, after which they can send money to other users directly and within seconds.
Money received can usually be stored in a digital wallet provided by the app or transferred directly to a bank account, which may take a few days.
P2P payments are typically made via mobile phone apps, but most platforms can be accessed through a computer, too.
Scammers usually use a specific amount – like $920, rather than $900 – to make it look more real. Or, maybe it’s to cover the transaction fee to convert into Bulgarian or Nigerian money, where the scammers live.
P2P payment scammers leverage the convenience and sparse consumer protections associated with P2P payment apps to dupe users into parting with their cash.
These scams generally involve a bad actor who manipulates P2P app users into sending money to a fraudulent recipient for a deceitful reason. Unfortunately, direct payment networks like multi-billion-dollar PayPal consider that to be your problem, not theirs.
Imposter scams: A bad actor poses as someone trustworthy — from an IT specialist to a family member or friend — to convince a payer to send them money. This is a wide-ranging scam category that encompasses several other specific tactics. That’s what victimized my friend.
Romance scams: A bad actor poses as a prospective dating partner and requests cash from the user for reasons that often play off the user’s desires. For example, the scammer may ask for cash to book a flight to visit the email recipient, and then – of course – disappear with the money.
Overpayment scams: A bad actor “overpays” for something the user is selling, usually with a bad check. The scammer then asks the seller to refund the difference via P2P payment.
Investment scams: A bad actor tricks the user into sending money for an investment scheme that doesn’t exist. The scammer may promise unrealistic high returns on the intended victim’s investment to entice the victim to part with their funds.
While these scam types vary in approach, they all share the same goal: the use of fraud to deceive an unsuspecting victim and take their money.
Scammers may also take a more roundabout approach by scamming the user out of their P2P payment app login details (likely via phishing or another social engineering strategy) rather than requesting money outright.
To best protect yourself, think of P2P transactions as you would physical cash payments:
- Once you send money via a P2P app, consider it gone.
While P2P technology is convenient, use it with caution. Remember the following tips every time.
Check the sender’s address before you respond
Never mind that it looks like it is from a client or a friend. Check that the sender is not “cloaking” your name and/or not sending from .BG (Bulgaria) or .NG (Nigeria) or some other country known for online scams.
Do not respond and never pay on your phone, where it is easier to make mistakes than on your desktop or laptop.
Send money to parties you know and trust
Send money only to people and organizations you know and whose email addresses you have verified. Remember, money sent to the wrong recipient is not likely to be recovered.
Stick to trusted phone numbers and email addresses
Scammers often attempt to impersonate someone you know. A scammer may message you on social media under a recognized name of a friend and ask you to send them money.
If the request is odd and you don’t recognize the number, this is a red flag. Do not send the payment. Always verify first with your friend through previously established connections..
Beware of unusual or urgent requests
Scammers often attempt to create a sense of urgency by inventing fraudulent tales of emergency situations.
If a story seems suspicious or out of the ordinary, you are likely dealing with a scammer or fraudster. My friend did not recognize that the fraudulent email was signed with my full name – not the way we share emails and texts.
Avoid offers that seem too good to be true
Along with investment scams, P2P fraudsters frequently offer prizes, such as lavish vacations or lottery wins, and request a P2P payment to claim the prize.
Don’t fall victim. If you receive an offer that seems too good to be true, alert the P2P platform support team, and do not send your funds.
Implement security settings
Take advantage of app security settings.
Features like two-factor authentication can help protect your information, while fraud alerts may come in handy if you think your P2P login information has been obtained by a phishing or scamming fraudster.
Avoid making payments through unsecure networks
Avoid unsecured Wi-Fi networks — especially in public like airports, parks, even local library systems — while sending payments.
Unsecured internet connections open the door for tech-savvy bad actors to access sensitive information with which they may be able to access your payment accounts.
Use unique passwords for P2P accounts
Use different passwords for P2P apps and other sites, avoid sharing your passwords with others, and consider a password manager tool if you have trouble remembering passwords.
Let your financial institution help
Register for fraud alerts with your bank and with issuers of your credit card. Financial institutions such as Charles Schwab offer fraud alerts which automatically notify you of activity.
Always contact your financial institution immediately if you suspect something is wrong.
What to do if you are a P2P Victim
If you suspect you’ve been a victim of a P2P fraud or scams, follow this checklist
- Contact your financial institution to report the matter.
- Contact the P2P company if you made the transaction using a company’s app – especially if the sender used a phishing or scam email to impersonate another sender.
- Report the crime to your local police, your state Attorney-General, a local consumer advocacy group, and the FBI’s Internet Crime Complaint Center.
- If you authorized a payment mistakenly, there may be limits on what can be done to get your money back. But reporting the matter can help you to understand what options may be available.
Good luck – and let us know if you’ve been a victim of a P2P and the problems you are having getting your money back.
ecoXplorer Evelyn Kanter is a journalist with 20+ years of experience as a newspaper and magazine writer, radio & TV news producer & reporter, and author of guidebooks and smartphone apps – all focusing on travel, automotive, the environment and your rights as a consumer.
ecoXplorer Evelyn Kanter who has been investigating and reporting on scams and frauds since being an investigative consumer reporter on ABC News and WABC-TV Eyewitness News in New York City in the 1970s and 1980s.
ecoXplorer Evelyn Kanter currently serves as President of the International Motor Press Assn. (IMPA) and is a former Board Member of the Society of American Travel Writers (SATW), and is a former Board member of a similar professional organization for travel journalists.
Contact me at email@example.com.
Copyright (C) Evelyn Kanter