In today’s world, most people carry little (if any) cash on them. While online payments aren’t new, our growing reliance on applications like Apple Pay, Google Pay, PayPal, Venmo, and Cash App, to make purchases or send money is. These apps offer the convenience of going cash- and card-free, but they also bring about some significant new security concerns. As the use of these applications becomes increasingly popular, the potential for cybercrime increases immensely.
Payments app users take heed – hackers have set their sites on Venmo, which has roughly 40 million users worldwide.
In this new scam, cybercriminals are targeting Venmo users for both login credentials and credit card information. Users receive text messages from cybercriminals pretending to be Venmo. The text message explains that their Venmo account is about to be charged, but if they want to cancel the charge, the user needs to log into their account by clicking on the link provided in the text message.
After clicking on the link, users are directed to a website that looks just like Venmo but isn’t. The site prompts them to sign in using any phone number and password combination. However, once you enter that information, you are asked to provide your personal financial information, including a bank card, in order to verify your identity.
Since the link looks exactly like Venmo’s, sharing the same colors and fonts, it is easy to assume that you need to follow the directions you are being told. However, instead of accessing Venmo through the text message’s link, access the website directly from a desktop computer. Another option is to open the application on a mobile device, as this is the most secure method of confirmation.
This is a good rule of thumb to follow for any link you receive in a text message or email. Venmo is the hot target for hackers right now, but tomorrow they might move on and try a similar scam on another platform. The safest bet is always to not click any links and go straight to the supposed source using a secure browser or application.
Proper password management is another good practice that can help ward off potential IT security headaches and data breaches. It is critical that you alter your username and password across all financial websites that you use. The reason for this is 60 percent of users have the same username and passwords for many different websites, meaning that if hackers obtain your login credentials for Venmo, they also gain access to other websites you regularly use. When it comes to managing login credentials, a great tip would be to use a password vault. One popular password vault solution is LastPass, which you can access from a web browser or an application for your smartphone.
If using a password vault such as LastPass does not suit you, consider having a complex password that contains numbers, capital letters, symbols, or all of the above. A complex password could also include a movie quote or song lyric. Avoid using letter and number combinations that can be easily socially engineered, like kids and pet’s names, birthdays and anniversaries.
If you feel like you may have been subjected to a cyber attack, officials first ask that you contact your bank or credit card lender immediately to advise them, and they can cancel your card and issue a new one. Venmo, who is owned by PayPal, also asks its users who think they might have been targeted by the recent scam to contact Spoof@PayPal.com.
If you would like to learn more about how Throttlenet can help you and your staff members identify and stay protected from attacks like the Venmo scam, ransomware, and phishing attempts, contact ThrottleNet. In addition to our managed network and IT security services, we also offer training and resources to help your team learn to defend against attacks and defuse disasters before they happen.
12970 Maurer Industrial Dr.
St. Louis, MO 63127