As a frequent PayPal user, I wasn’t surprised to see a payment request on the app pop up. But when I read it, I knew something was wrong.
In the message, a stranger asked me to send them $699 in order to get a “refund.” While I instantly recognized the request as a scam, I still felt vulnerable; I didn’t immediately see any obvious way to flag the request as a scam, and with just one click, I could have accidentally sent this stranger a huge chunk of money.
I’m hardly alone in my worry over security when using peer-to-peer payment apps: According to a Pew Research Center survey published in September 2022, about one-third of people who use payment apps or websites say they are “a little or not at all confident that payment apps or sites keep people’s personal information safe from hackers or unauthorized users.” And an alarming 13% of people who have ever used PayPal, Venmo, Zelle or Cash App say they have made the mistake of sending money to a scam artist.
Fraud prevention experts recommend these strategies to keep your money safe.
Only send money to people you know
Generally, peer-to-peer payment apps are designed to send money between friends — not strangers. If you use them to send money to someone you don’t know, then you put yourself at risk for fraud.
“You shouldn’t send money unless you’ve met people in real life and know who you are sending money to. If you do that, and you’re careful in terms of what number you are sending money to, these apps can be a convenient, safe and efficient way to move money,” says Paul Benda, senior vice president of operational risk and cybersecurity at the American Bankers Association, a trade association for the banking industry.
Use cash and credit cards in higher-risk situations
If you need to exchange money for goods or services with someone you don’t know, the safest way to do that is through cash or credit cards, says Axton Betz-Hamilton, an assistant professor in the School of Health and Consumer Sciences at South Dakota State University and author of “The Less People Know About Us,” a memoir about identity theft.
Credit cards, for example, come with fraud protection attached. “I want that protection, so I don’t use these apps,” she says.
While stolen cash can be harder to recover, it may be covered by homeowners and renters insurance policies (up to your policy’s limit and depending on your policy).
Be wary of texts, calls or unsolicited requests
Frauds are often perpetuated when scam artists send a text, phone call or other kind of message urging you to send money, perhaps claiming you are due a refund or late on a bill.
“Fraudsters continue to get better at what they do,” says Joel Williquette, senior vice president of operational risk policy at Independent Community Bankers of America, a trade group for community banks. That includes sending emails that are almost indistinguishable from legitimate banking emails.
A cybercriminal might impersonate the IRS or FBI and ask you to send a peer-to-peer payment immediately to satisfy a debt, but Williquette says legitimate agencies will never contact you by text or call your cell phone with an urgent request for money.
“Typically, they will send you a letter,” he says, and they don’t ask for payment through apps or gift cards — another red flag.
A fraudulent payment request sent on a peer-to-peer payment app is “usually for a small dollar amount and might even look like it’s from a friend,” says Eva Velasquez, president and CEO of the Identity Theft Resource Center, a nonprofit organization.
Velasquez urges people to verify requests first by double-checking they are sending money to the correct person, adding that it’s easier to fall for scams when you’re distracted and multitasking.
Upgrade your cyber hygiene
Enabling two-factor authentication on financial accounts, adding a pin lock to your phone and using unique passwords that are at least 12 characters long can help keep you safe, Velasquez says.
In addition, she suggests setting your app privacy settings to the most private option to minimize the amount of information about you that’s publicly available.
Flag fraud attempts
According to PayPal, if you receive a payment request like the one I got, you should cancel the request without paying. Additionally, you can take a screenshot and forward it to firstname.lastname@example.org. PayPal adds that you should not reply, open links, download attachments or call any phone number included in the request.
If you mistakenly disclosed any financial or personal data to a scam artist, PayPal says you should change your password immediately, alert your bank and report any unauthorized payments to PayPal. You can also report your fraud to the Federal Trade Commission at reportfraud.ftc.gov, a government website that shares information with law enforcement.
In my case, I followed the recommended step of canceling the payment request and never heard from my scam artist again. With enhanced security steps in place, I plan to continue to take advantage of the convenience of PayPal and other payments apps — and now I know what to do next time I get an unsolicited payment request.