Peer to Peer Payment Payment Services (P2P) such as Zelle, Venmo, ApplePay, PayPal, Square Cash and PopMoney are popular ways to quickly and conveniently send money electronically from your credit card or bank account. These services also provide easy ways to be scammed and unlike scams targeting your credit cards directly, you may not have as much protection under the law to get your money back if you do get scammed.
Sadly Money Crashers did a survey of users of P2P services and found that 52% of users were not even concerned with the security of these payment apps, which is disconcerting considering many instances of fraud involving these services.
Recently, Nausheen Brooks and Darlene Chelsey were each scammed out of $3,500 when they received text messages that appeared to come from their bank, Bank of America asking them to verify purchases. Of course there were no purchases and it wasn’t Bank of America contacting them. After responding to the text messages, they were called by scammers posing as Bank of America employees. Through “spoofing” their Caller ID was able to be manipulated to make it appear as if the call actually came from Bank of America. The scammer told the women that withdrawals had been made from their Zelle accounts, but that all they needed to do to remedy the situation was use their mobile banking apps to transfer money back to themselves. While this does not seem particularly logical, the frightened women complied only to quickly find out that their Zelle accounts had been taken over by the scammers who promptly emptied the accounts.
While law enforcement does not know precisely how their accounts were taken over by the scammers, most likely they used the same password on multiple sites including some where data breaches enabled scammers to find out their Zelle passwords. They also failed to utilize dual factor authentication to protect themselves if their password was ever compromised.
Before signing up for any P2P service, you should familiarize yourself with their fraud protection rules. In the fine print of many P2P services, you may find that you have little, if any, protection if you use the account to purchase something that ends up to be a scam. While PayPal offers significant protection from fraudulent transactions, Cash App, Zelle and Venmo, for example do not offer such protection, which is why these services should never be used for commercial transactions, but only to transfer small amounts of money to people you know. In order to protect your account from being hacked and being taken over by a scammer who could access your credit card or bank account, you should use a PIN or other dual factor authentication whenever your particular service provides for it. Linking your P2P service to a credit card is a good choice because if your account is tied to a credit card, you should be able to get the amount fraudulently taken refunded from your credit card company in accordance with federal law. If your account is tied to a bank account, you may be able to get the money refunded only if you report it immediately pursuant to the Electronic Transfer Act. However, any delay in reporting the fraud from your bank account could cost you dearly. In the cases of these two victims, Bank of America did cover their losses.
To avoid having your Zelle or other P2P accounts from being taken over by hackers, never provide your username, password or PIN in response to any email, text message or phone call unless you have absolutely confirmed that the request for this information is legitimate, which it never is. You can confirm this by contacting your bank or other company by calling them at a telephone number you know is accurate. Here is a link to use to activate dual factor authentication on your Zelle account. https://www.zellepay.com/pay-it-safe/resources-and-tips
For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the http://www.scamicide.com website and click on the tab at the top of the page that indicates “Coronavirus Scams.” Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.
If you are not a subscriber to Scamicide.com and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address where it states “Sign up for this blog.”