Peer-to-Peer (P2P) Payment Scams (Part 2)

CyberHoot recently blogged about scams involving peer-to-peer payment apps. Hackers impersonate family members on social media or marketplaces, tricking people into erroneous payments. Following this blog article, CyberHoot learned of two more mobile phone-based cash app scams growing in popularity.

Firstly, we’ll discuss the “Erroneous Payment and Refund” scam. Then, we’ll explore the “Emergency Phone Borrowing” scam. Finally, we offer suggestions for protecting yourself from these cash app scams.

Scam #1: Accidental Payment Refund Scam

Hackers infiltrate cash app accounts, draining funds and linked bank accounts. They then issue accidental payments to the account holder’s contacts, followed by messages requesting refund or repayment due to a ‘wrong account’ error.

Once these accidental payments are reported, they are reversed by the bank. Meanwhile, your reimbursement has been transferred to a hacker’s burner cash app account and withdrawn, leaving no trace.  They are playing on your good nature and trust of the people you have transacted with in the past.

Hackers gain from refunds, the breached cash app balance, and linked bank account funds. This scam is lucrative with minimal risk of capture. Prevention measures, which we’ll discuss shortly, apply to both this refund scam and the “Emergency phone borrowing scam” we discuss next.

Scam #2: Emergency Phone Borrowing

Hackers approach individuals near stores, cinemas, and other public places. Their phone is dead and they have an emergency like a dead car battery, being out of gas, or some other credible emergency. Upon handing over your unlocked phone to help, the scammer accesses your cash app (Zelle, PayPal, Venmo, or Cash App) and transfers your balance to a burner cash app account.

Both scams exploit your good nature and hope you’re blissfully ignorant of these increasingly popular financial attacks. However, knowing about these scams isn’t enough; you must take protective steps.

Protective Measures to Prevent Cash App Scams

By following these protective measures, you’ll be able to continue being a kind helpful citizen, without putting yourself at financial risk.

Verification: Always verify with the sender if you receive unexpected cash app funds. Never refund without a verbal or in-person confirmation.

Logout Security: Log out of cash apps when not in use. Although apps encourage staying logged in, logging out hinders opportunistic hackers.  Tip: If you’re using a Password Manager, you can quickly and easily log into any cash app with strong authentication only when you need to.

Funding Source Caution: Consider linking a credit card, not a bank account, as your backup funding source to your cash app balance. Credit cards often offer better protection against fraudulent activities.

Transfer Cash App Balances to your Bank Account:  should your cash app be compromised for any reason, the balances held in them are not insured by the app developers.  Any money removed fraudulently from your cash app is essentially gone.  Transfer all funds to your bank account in order to prevent their theft.

Emergency Phone Use:  instead of handing your phone over to someone, offer to make the call for them.  Be firm and unwavering that you will not give your phone over to anyone, but you are willing to assist by making a phone call.  There are many other social engineering scams people use to get you to give them your phone.  Never do it!

Conclusions:

Stay vigilant with personal finances on cash apps. Confirm refunds verbally or in person. Instead of lending your phone, offer to make the call yourself. If refused, politely decline to help. Always log out of financial apps to require authentication for transactions.

Bonus Tip: Know your phone’s emergency shutdown process. Most devices require strong authentication after rebooting, rendering them useless to attackers.