Venmo, the payment transfer app owned by PayPal with over 40 million users, is being leveraged in a phishing campaign. Users are receiving texts that state their Venmo account will be charged if they do not log on and decline the charge. A login page is provided that asks the targeted user to input their phone number and password, but a valid password is not necessary as users were able to continue on without providing the correct password. Further verification is requested, and users are then asked to enter their debit card number amongst other personal information. Scammers are using a similar font and color scheme that is seen on the legitimate Venmo page. Venmo has been made aware and they assure they are taking all the necessary steps to mitigate the issue. A company spokesperson said Venmo “never sends our users emails requesting information (of) this nature.”
Analyst Notes
Users who think they may have fallen victim to this scam should reach out to their financial institution immediately, or they can contact Venmo or PayPal directly. The company has requested that users reach out to [email protected] if they think they’ve encountered a scam involving Venmo or PayPal. Users should avoid payment transfers with unknown parties, especially when attempting to pay for a good or service they have not received yet.
