Police warn about Venmo app texting scam that targets banking data

Phishing scam disguising as Venmo application is redirecting users to a fake website collecting personal and banking data

Text messages with phishing links where fake Venmo login process continues targets users' data. Massachusetts police has warned Venmo users about a new phishing campaign that involves text messages with links to fake login pages.^[1] The scam is targeting users of the popular mobile payment application that has almost 40 million customers across the world. All of them can receive the text message at some point and become a victim of the phishing scam.

According to report^[2], text message disguising as a notification from Venmo delivers alerts stating about a quick way to recover the account. The sender also claims that charges may apply if the victim postpones the login procedure. The message also includes the link to perform required actions.

However, when you go to the provided page and try to login with your phone number and password, the verification is required. To verify that you are what you claim, you are asked to provide your bank card number, and other financial or even personal information.

Unfortunately, the scam is using Venmo logo, colors, and fonts of the real app, so there are numerous people who have revealed their personal data to criminals. Don't follow the link provided in the text message, go to your Venmo App instead when you get anything like this. Try to contact your bank or credit card provider if you already entered the required banking data.^[3]

Stolen personal data gets used in secondary scams

According to the provided report, the person from the Police Department tried to make a research and entered a phone number and password to the particular Venmo account. No matter that the password was not the right one, the page still allowed to proceed with verification. This fact is indicating that scammers are only seeking for banking credentials, personal details, not the Venmo logins.

When the password, phone number, bank card number, other passwords, personal data get entered on the page, the data goes to hackers' server for the later use. In most cases, such credentials help to make easy money and withdraw funds from various user profiles to hacker-owned accounts.

Personal information and Venmo or PayPal, which is the owner of this platform, logins are valuable among cyber criminals.^[4] You can run into serious losses if scammers managed to make transactions to their own accounts or misused your personal data like emails and account passwords.^[5]

Reverse money loss

When hackers manage to obtain your credentials, it is common to get your money stolen from such accounts. However, this is a more simple form of scam that users are aware of. A different version of an outcome exists when the victim of such a fraud receives a large amount of money from the person they don't know and then crooks contact the person to get those funds back.

The amount often goes up to $1000 or $1500, so the person is convinced to accept the transaction.^[6] Once the payment is approved, criminals can claim to Venmo that the transaction was made by mistake and the large amount is received twice, from the platform and the victim.

What you should learn from this is to avoid opening links from text messages, even when the sender is stating that he or she is representing the company or server you use. Keep in mind that Venmo and other companies have stated that they are not sending emails or text messages requesting such personal information. Also, don't accept money from people you don't know. Such transactions can be fraudulent, and there is no information where the money came from.