Even though the holiday season is coming to a close, the post-holiday sales are a tempting reminder of
just how easy it is to be separated from your money. Especially with the ease of online payment
platforms like Zelle, Apple Pay, Venmo, and Cash App. It’s estimated that almost half of the country -
148.8 million people - use a payment app. Unfortunately, these platforms trade convenience for
security. If you’re using a payment service for personal or professional transactions, read up on the
best strategies for protecting your information from cybercriminals and fraud.
How to Protect Yourself from Payment Scams
Payment Services: A Rapidly Growing Attack Surface
For many people, payment services are an integral part of their daily operations. And this necessity
makes them vulnerable to opportunists. One of the more prominent targets, Zelle, has seen a massive
uptick in fraud over the past two years. Zelle integrates with many financial institutions, such as Bank of
America. Seven of these banks reported +190,000 fraud cases in the past 18 months, totaling $213.8
million. Of those cases, only 3,500 resulted in reimbursement for a Zelle customer. The impact on
individuals can be devastating - one woman in California lost $18,000 dollars in a single scam. So what is
it about payment services that make them so vulnerable?
To start - there is a serious lack of awareness around just how vulnerable these platforms are. Many
people assume that because these services integrate with their financial institutions, they are inherently
secure - or as secure as their banks may be. Unfortunately, this is not always the case. Sending money
through platforms like Zelle or Venmo only requires a phone number or email address. Verification, such
as multi-factor authentication, may require additional set-up. Since these payment platforms link directly
to your sensitive financial information, they act as a key vector for individuals looking to exploit your
data. Most payment service scams try to extract your Zelle, or other platform, details as a backdoor into
your banking information. Scammers have been known to solicit usernames, passwords, and PINs
through phony emails and text messages.
Six Common Scams to Watch For
- Fraud Alert Scam - these scams occur when a cybercriminal impersonates your bank’s fraud
department. They may call asking you to confirm details about your account or personal information,
including your username, password, and credit or debit card information. From there, they may extract
money from an existing account or open a new one by impersonating you. This identity theft starts with a payment platform and can quickly spread to other facets of your digital presence. - Suspicious Activity Scam - much like the fraud alert scam, these attacks involve fake “suspicious
activity” warnings delivered by a call or text. The message may ask you to confirm your account
details, reverse a transaction, or send money to yourself. Unfortunately, these transactions only line
the pockets of the perpetrator. - Accidental Payment Scam - sometimes, a scammer will “accidentally” send money to your mobile
payment app. Usually, this money has been acquired through a stolen credit card or compromised
account. They will then ask you to send the money back - money that you can’t recover (unlike a
charge made on a stolen credit card). - Work-from-Home Scam - these scams are more involved, but have proliferated during the transition to
remote work. In this case, scammers try to capitalize on new hires. They pose as legitimate
businesses, and ask their new hires to deposit a fraudulent check. Upon doing so, they will ask the
employee to transfer part of the funds to another account. - Fake Emergency - this in-person scam occurs when someone fakes an emergency and asks for access
to a bystander’s phone. They will then use the opportunity to transfer funds from the bystander’s
mobile payment app to one of their accounts. - Business Impersonation Scam - scammers may pose as legitimate businesses that accept mobile app
payments. However, their virtual storefronts are a ruse, and you won’t be seeing your order or money
again.
Remember, your bank or credit union will never call to ask for sensitive information over the phone. And
Urgent requests are almost always a red flag. If you receive a request for personal or financial
information, you should reach out to your bank directly to alert them to a scam. More likely than not,
other customers are also being impacted. A final recommendation - treat mobile payments the way you
would cash. Applications like Venmo and Zelle have virtually eliminated the time it takes for money to
exchange hands - but that doesn’t mean you should treat them any differently than your other payment
sources.
What Services Are Available to Help?
We recommend the following identity services to help protect your financial and PII from lurking
scammers.
- Lifelock - this identity theft protection service offers a wide range of monitoring and alert tools to
protect your information from theft. Antivirus software and virtual private networks (VPNs) can help
eliminate threats from malware, which is malicious software that serves to exploit weaknesses in your
personal and corporate networks. Lifelock also provides dark web monitoring, which scans the
dark web for indicators that your credentials have been compromised in a cyber scam. - Aura - another all-in-one security solution that specifically targets identity theft, financial fraud, and
online scams. Aura features many of the same features as Lifelock, but also includes a robust
password manager. In the event that one of your online accounts is compromised, Aura will send a
notification so that you can mitigate the threat. Aura is a more proactive solution for managing digital
threats. - IdentifyForce - this solution targets identity theft through comprehensive monitoring services. They
use real-time alerts, thorough detection technology, and identity recovery to keep customers safe.
If you are interested in learning more about these solutions, or comprehensive enterprise monitoring
solutions such as iCorps SOC-as-a-Service, reach out for a free IT consultation.