Venmo users are being targeted with the latest scam. Users are receiving text messages that are modeled after the Venmo website. In the latest TNTV Alert, sales director, Chris Montgomery, discusses how you can make sure you are protecting your personal information as well as your username and password along with what you should do if you think you have been a victim of this attack.
Video Transcript
My Name is Chris Montgomery, and welcome to this TN Alert.
If you're anything like me you probably doesn’t carry much cash these days and depend on applications or just your debit card to send money or make purchases, but as the use of these tools becomes more prevalent so does the potential for cybercrime.
Today’s alert is specific to an application that has been gaining traction for the past year, Venmo.
In a new scam, cybercriminals are using to collect your credit card information, as well as your login credentials.
How Does the Scam Work?
The scam works in the following way:
- Cybercriminals send Venmo users text messages that share the same colors and fonts of the mobile payment application. These text messages state that they are about to be charged, but if they would like to cancel the withdrawal they can log into their account.
- The text then directs users to a website via a link that looks exactly like Venmo’s. Once there the website allows users to sign in using any phone number and password combination but asks for personal bank information including a bank card to verify the identity of the user.
How to Prevent Being Scammed
If you receive a text message from Venmo like this, users are advised to go to the website directly via their desktop as opposed to the link contained in the text message, or simply open the app on their mobile device, as this is the most secure method of confirmation.
In addition, this illustrates the importance of verifying your username and password across all financial websites you frequent. The reason is that 60% of users use the same username and password across all or multiple sites, but what this really means is if they have your login credentials for Venmo, they could have them for every site you frequent.
How to Manage your Login Credentials:
- A tip for managing your login credentials would be to use a password vault such as LastPass to house this information.
- If you rather not use a service like LastPass, consider having a complex password one that contains capital letters, numbers, symbols, and a combination of all three for your financial website, while having a more simplistic password for a site like Facebook.
- An easy way to create a complex password is to use a movie quote or a song lyric including all punctuation & capitalization throughout.
What to do if you Think You are a Victim:
If you feel you have been subjected to this type of attack, officials ask that you contact your bank or credit card lender immediately to advise them so they can cancel your card and issue a new one. In addition, Venmo, which is owned by paypal, asks that users that think they may have been targeted by scamers posing as Venmo to contact spoof@paypal.com.
If you would like to learn more about how ThrottleNet can provide training to your users on how to identify and protect against attacks like these, please contact us today!