3 Common Ways That Hackers Use Zelle, Venmo, PayPal and other P2Ps to Steal Money


Peer-to-peer payments (P2P) like Zelle, Venmo and Paypal have become a common way for people to pay friends, family, and others they trust. Unfortunately, many hackers also use P2P to steal money.


Here are three common P2P scams to watch for so that they don't happen to you:


1. Scammers will send texts indicating that they're from your financial institution. The message will read something like this:


Did you attempt a Zelle payment for the amount of $1,000.00? Reply YES or NO or 1 to Decline Fraud Alerts.


Those who reply will soon receive a fraudulent phone call with a spoofed caller ID that appears to be from their financial institution. To "confirm their identity," the fraudster will ask for their online banking username and will then ask the person to read back a code sent via text or email. Unbeknownst to the victim, the code they received was from the hacker initiating their online banking's "forgot the password" feature. Once the hacker has the code, they can log into the victim's financial account and cause havoc from there.


2. Scammers will pretend like they mistakenly sent you money and ask you to pay them back. With this scam, the hacker will say that they meant to pay someone else, but accidentally sent you the money instead, and request for you to pay them back. After you’ve “paid them back”, the money they put in your account will likely disappear because it will have been flagged as a fraudulent credit card transaction.


3. Scammers will use a P2P service to pay you for goods that you posted on Facebook Marketplace or Craigslist. Similar as the "mistake money" scam, the fraudster will use a stolen credit card to pay you and once the payment has been flagged as fraudulent, it will likely be deducted from your account - after they've already picked up the item that they bought from you.


You can report P2P scams to the Consumer Financial Protection Bureau (CFPB) by sending an email with a description of the incident to BigTechPaymentsInquiry@cfpb.gov. To help flag the email as a scam alert, you should make the subject line of the message "CFPB-2021-0017."