Securing Our Communities: Peer-to-Peer Payment Scams

Each week, the NTIC Cyber Center highlights a different social engineering scam impacting individuals and communities within the National Capital Region. We encourage everyone to share this information with friends, colleagues, and loved ones to help reduce their risk of becoming a victim of financial fraud and identity theft.

Peer-to-Peer (P2P) payment scams are schemes in which perpetrators elicit money from victims via P2P payment apps such as Apple Pay, CashApp, Facebook Payments, Google Pay, Venmo, and Zelle. With just a mobile number or email address connected to a financial account, P2P payment apps allow transactions to be made easily and immediately between individuals and can be used to split bills such as bar tabs or housing expenses. These apps are available for download onto smartphones, tablets, and smartwatches. Although there are very legitimate uses for these apps, scammers have targeted P2P payment app users for financial gain and to steal login credentials or install malware on users’ devices. Below are a few examples of how scammers have targeted P2P payment app users:

Fraudulent Classified Ads: Perpetrators of these schemes post products or services for sale online and request payment through a P2P payment app. Since most P2P apps are not designed to be used for commercial sales and offer no buyer or seller protection, scammers can default on their end of a pending transaction as soon as they receive the funds, leaving victims with little to no recourse to recoup their money.

Money Flipping Scams: P2P payment scammers use social media platforms to lure unsuspecting victims into sending money via P2P payment apps, promising a larger sum of money in exchange for doing so. Once the scammers receive victims’ money, they default on their promise of payment and often ask victims for additional funds.

Malicious Payloads: Scammers send fraudulent phishing emails or text messages designed to look like urgent correspondence from popular P2P payment providers, often urging recipients to log into their accounts by clicking on a malicious link. This link then redirects victims to a page designed to trick them into downloading malware or entering their login credentials.

To help bolster the security of your P2P payment platform, the NTIC Cyber Center provides the following tips to help you prevent and mitigate occurrences of this type of scam:

  • Only download applications from trusted and vetted sources and never use payment portals originating from links in text or emails from unsolicited or unknown senders as they can lead you to malicious and fraudulent websites. Instead, visit the organization’s website or use the platform’s official app.

  • Never use a P2P payment app to send money to people you do not know. Only use these platforms to send money to friends, family members, or other trusted individuals.

  • Always double check the payment recipient's information such as their username, address, and phone number before sending money. Money sent erroneously can be difficult to recover as P2P payments often cannot be reversed. To avoid this, try sending a small amount of money to the recipient prior to sending a larger payment to confirm that you have the correct account details.

  • Be sure to read the Terms of Service for each P2P platform that you use as many of these apps do not allow commercial sales and do not have buyer and seller protection policies.

  • Properly secure all mobile devices that have P2P payment apps installed, use lengthy, complex, and unique passwords for each account, and enable multifactor authentication on any account that offers it.

  • Monitor your financial statements to verify that the amount charged equals the amount you agreed to pay.

  • Always keep your P2P payment apps up to date with the latest version to ensure that known vulnerabilities are patched.

Report all P2P payment scam attempts to your local police department, the affected P2P payment platform, and the US Federal Trade Commission.

The NTIC is governed by a privacy, civil rights, and civil liberties protection policy to promote conduct that complies with applicable federal, state, and local laws. The NTIC does not seek or retain any information about individuals or organizations solely on the basis of their religious, political or social views or activities; their participation in a particular noncriminal organization or lawful event; or their race, ethnicities, citizenships, places of origin, ages, disabilities, genders, or sexual orientations. No information is gathered or collected by the NTIC in violation of federal or state laws or regulations.