Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Payment App Scammers: Stay Aware and Learn to Avoid Them

Keep Your Virtual Wallet Safe

As technology rises, fewer people are carrying cash and are opting instead for debit cards, credit cards, and smartphone payment apps. While it is convenient and becoming more popular to use virtual wallets like Venmo, PayPal, and Cash App, there is a risk of potentially being scammed by someone who doesn’t appear to be who they say they are.

Virtual wallets are apps that you can download on an Android or  iPhone, so you can transfer or receive money from friends, family, and other individuals easily. These apps are linked to a bank account to transfer the funds. To do this, all you have to do is tap a button, and bam–you are ready to send or receive money.

Scammers are always looking for their next potential victim and these apps offer scammers a prime opportunity to swindle people out of their hard-earned money. In this post, we will go over how you can identify the most common scams on these apps and how to avoid them, so you don’t become their next victim.


PayPal is the oldest form of virtual wallet in comparison with Cash App and Venmo. While it’s been on the market the longest, it’s still very popular, and many users use it to carry out their transactions worldwide.

Some of the common PayPal scams to look out for include:

Shipping Address Scam

This scam involves the scammer asking a seller to ship the items that the scammer “bought” to a specific address. Once the scammer “pays” for the thing and the seller sends the product, they find out that the address is invalid, but it’s a little too late.

When the shipping company can’t find the address, they will flag the item as undelivered. Then the scammer will talk with the delivery company and give them a new address, in order to receive the shipment while pretending that they didn’t get it.

Then, the scammer will receive the item and file a complaint with PayPal informing them that the scammer never received the product. Because the buyer has no proof that the item was delivered, PayPal will refund the amount paid from the scammer back to them.

So, the seller loses both their money and their product to the scammer.

What to Do Instead

To avoid this scam as a seller, for each online sale or transaction, confirm the address yourself if you can. If not, get in contact with the delivery company yourself.

Overpayment Scam

Beware of the overpayment scam. Here the scammer will pay you more “by accident,” and they will ask for the balance to be paid back into their account.

Once the seller returns the difference, the scammer will send a complaint to PayPal saying that their account was hacked and did not authorize it.

PayPal will then reimburse the money and they will keep the money that the seller sent over because the scammer “overpaid.”

What to Do Instead

With anything involving overpayment, always contact PayPal first before sending any money back.

You’ve Won!

Scammers constantly send emails to people informing them that they “won” something, and to claim the prize, they will need to click a link.

However, when people click the link, they will be lured to a fake website that impersonates PayPal, an online bank, or another payment portal service, but will capture any personal information that is entered. These scammers might also post on social media and pretend to sell something that needs your immediate attention. If not, it’s going to expire.

If you click on the link and put in your credit card or debit card information, then most likely, the scammers will use that information to steal from you.

To Avoid This 

Always check the URL of any website to make sure that it’s official and not just a look-alike domain. If you aren’t sure, try searching for the official website on a well-known search engine and visit the site that way, rather than by clicking a link from an email or text message. If you see that it has PayPal in the URL, check very carefully to see if it’s legit.

PayPal doesn’t use the domain in specific countries or regions, and if you see co.EU or co.UK, then these websites are not authorized.

Using multi-factor authentication (MFA) whenever applicable is also a good way to keep your account safe and stop unauthorized logins with just a username and stolen password combination.


Venmo is another popular virtual wallet that you can use to send and receive money. It’s an app that you can download onto your phone, and also requires your bank information to be able to transfer funds.

Some of the scams that you may encounter while using this app include:

Buying with A Stolen Credit Card

From ecommerce sites like Etsy and Shopify, to Facebook Marketplace and Craigslist, anyone can list something for sale online.

However, these sellers are prime targets for scammers.

If you put out an ad on a site such a Craigslist or OfferUp and list Venmo as a payment option, then a scammer might respond and say that they are ready to “pay” for the item.

Using a stolen credit card, the scammer will pay you and pick up the item. Venmo will eventually discover the fraudulent transaction, which they ultimately take back from the seller’s account, but unfortunately, you as the seller have lost both the item and the money you received from the scammer.

You cannot do much in this scenario aside from reporting the issue because you didn’t know that the person was using a stolen credit card. The best way to avoid this type of scam is to simply not accept Venmo payments from anyone you don’t know and trust.

Text Phishing

Text phishing, also sometimes called Smishing (short for SMS Phishing) is similar to email phishing: a scammer emails many people a message trying to convince them to click a link to visit a website, and when they input their password, credit card or banking information on the fake site, the scammer will steal it.

In a text phishing scam, the scammer will send a text message using Venmo’s font and colors to make it seem as if the message came from Venmo customer support. The message will ask the person to put their information into a fake Venmo site, supposedly to verify their account.

If you fall for this and put your credit card or bank information, the scammer will now have access to steal from your bank account.

What to Do

Do not click on any links in text messages to verify an account that requires you to put in your bank information. Instead, contact Venmo support and ask them if they need to verify your account, and only use the official app to enter any financial details.

In-Person Venmo Scam

Here you will encounter a scammer face to face. They will randomly come up to you ask if they can use your cell phone. They might also give you the sob story as to why they can’t use their own phone.

If you give them your phone, they will pretend to make a call, and when no one picks up, they will ask to text a friend or family member from your phone.

Instead of sending a text, they will open the Venmo app and quickly transfer funds from your account to theirs.

What to Do

If you fell victim to this scam, contact Venmo support immediately and explain the situation. They might refund the money or ask you to contact your bank or the police. Always be attentive to who you let use your phone, or if you feel that someone actually needs help, offer to make the call for them but don’t hand them your phone.

You can also enable FaceID and PIN if you have an iPhone, which should stop anyone other than you from being able to access the Venmo app on your device. On an Android, you can enable various verification methods including a fingerprint, iris scan or PIN.

Account Duplication

Scammers have started targeting individuals for scams by duplicating the accounts of the intended victim’s friends or family members on Venmo. They use the same picture as the victim’s friend or loved one and make their username almost identical to theirs. Then, they request funds from the victim using the lookalike account.

As an example, let’s say you get a message through Venmo from an account that appears to be your sister’s name with the same picture as your sister’s account. She requests money from you with a note stating she was at the grocery store and forgot her wallet. Without thinking twice, you send the money, but instead of going to your sister, it goes to the account of a scammer and you never see that money again.

What to Do

To help reduce the risk of being caught up in this scam, Venmo users should take a closer look at who is requesting the money and see if the username matches up. Also, if it is someone who is close to you, call them directly to make sure the request is legitimate.

Cash App

If you’re looking for an easy-to-use and understand virtual wallet, then Cash App seems to take the throne.

However, it’s not immune to scams. Here are a few of the most common:

Fake Cash App Support

Many scammers pretend to be Cash App support members, where they will try to access your information.

Cash App doesn’t directly link to their customer service department, which the scammers are using to their advantage.

Once they see that you might be a good mark for this scam, they will ask you to download a screen sharing app on your phone or computer to access it, and they will begin to “help you” with your Cash App issues.

However, in reality, they are just stealing your information.

What to Do

As mentioned, Cash App doesn’t directly link to their customer service department, so if someone contacts you pretending to be them, don’t continue the conversation and report this issue to Cash App.

The Giveaway Scam

There is a popular event on social media where the official Cash App account hosts sweepstakes to win cash prizes, known as “Super Cash App Friday”.

To enter this sweepstakes, Cash App asks its users to share a post and follow to be entered. However, scammers are always watching who enters the giveaway, and they create fake accounts and then send messages to each of those people, informing them that they’ve won.

However, you didn’t win anything! The scammers will ask you to send a small amount of money first to verify that it’s you so you can claim the large cash prize.

After you send the money, they will block you, and you will never hear from them again.

To Avoid This

Cash App will never ask you to send them money to confirm your identity. If you get a message saying that you need to send them money, quickly report the sender.

Stay aware of scams and don’t lose your money!

By educating yourself on these scams on some of the popular virtual wallets, you will stand a better chance against online scammers and protect your information.  Using strong passwords that aren’t reused on other sites, taking advantage of MFA, and analyzing transactions and offers more closely allow you a better chance at not becoming a victim of these types of scams.