The text message warned Brinda Gupta that her Zelle peer-to-peer payment account had been compromised.
“He was very professional sounding,” says Gupta, a Chicago business owner.
The text that she got a week ago included a real phone number for Bank of America, which co-owns the Zelle payment app.
And it was followed by a phone call, also from what appeared to be a Bank of America number, which went to her voicemail.
Worried, Gupta, who runs a writing and editing business, called the number right away, hoping to straighten out whatever was wrong.
As she waited in the bank’s automatic phone menu, pressing digits to reach various sections, her phone rang again — and again, it showed a Bank of America number.
So she took the call, and a man who identified himself as a fraud officer from the bank said he’d help protect her accounts.
Gupta now realizes that the man on the phone wasn’t from her bank. And he wasn’t trying to help her, only himself.
He was a scammer who had spoofed real Bank of America phone numbers in his text and calls to make it appear they were legitimate.
And while he was talking Gupta through steps that supposedly would protect her accounts online, he actually was gleaning information that allowed him to set up a parallel Zelle account — and transfer more than $6,000 from her account to his in two transactions that took a few minutes to complete.
With peer-to-peer digital payment apps increasingly popular — it’s estimated that four of five Americans use them as a way to quickly and easily pay a bill or transfer money to a friend — they’ve become a growing target for scammers. The nonprofit U.S. PIRG Education Fund consumer watchdog organization says complaints about the apps have surged during the coronavirus pandemic.
The payment apps — which include Zelle, Venmo, Square and others — can be more convenient than a credit card. But they don’t offer the same protections as credit cards, for instance, to go to the credit-card company and dispute a fraudulent charge.
Using a payment app is akin to paying someone in cash.
“The peer-to-peer apps have the least” amount of protection under the law, says Abe Scarr, director of the Illinois PIRG Education Fund. “With a credit card, you do have some level of recourse” — the credit card issuer “may let you off the hook. And they’re not dipping directly into your bank account.”
Also, the default settings on some of the payment apps can allow strangers to see where you’re sending money — information about your financial life you probably wouldn’t knowingly share.
It isn’t just ordinary people who’ve been tripped up by using payment apps. U.S. Rep. Matt Gaetz, R-Fla., has been reported to be under federal investigation for recruiting women online for sex and paying a 17-year-old to have sex with him, allegations he has denied. The Daily Beast news outlet reported it was able to see Gaetz’s Venmo transactions to a friend who is an admitted sex trafficker that totaled the same amount as the friend’s mobile payments to several young women.
When the apps are used in scams as it was with Gupta, they often work because the scam artists create panic in the victim.
According to U.S. PIRG, which analyzed complaints to the federal Consumer Financial Protection Bureau from 2017 through last April, there were 9,277 complaints to the agency about payment apps. They ranged from problems opening, closing or managing an account to being victimized by a scam to experiencing an unauthorized transaction. In April alone, there were 970 complaints — nearly double the previous peak in July 2020.
A survey last year by NerdWallet estimated four in five Americans now use digital payment apps, which originally were designed to help friends quickly and easily send money to each other — say, to split a restaurant tab.
But as the apps’ acceptance grows, so have complaints. Steve Bernas, chief executive officer of the Better Business Bureau of Chicago and Northern Illinois, says its “Scam Tracker” database is filled with complaints about the apps.
Bernas says scammers are using payment apps more often these days to fleece people.
One way involves what’s supposed to be sales of purebred puppies. Unsuspecting buyers are told they have to send money through a payment app in advance to get the puppies. By the time they realize there aren’t any purebred puppies and that they’ve been taken, their money is gone.
In another common scam, a scammer “accidentally” overpays a person for something using what’s later discovered to have been a counterfeit check, then asks: Can you refund me the difference using a payment app? The check bounces — but not till after the app payment goes through, leaving the victim at a loss.
The Atlanta police recently warned of a scam in which con artists are pretend they’re in distress and their phones have died. They borrow a phone from a good Samaritan — and use it to quickly and furtively go into their payment apps and steal money.
“There are so many variations, it’s hard to keep track,” Bernas says.
If you use a credit card and then discover fraud, you can dispute the payment and often get a refund from the credit-card issuer. Under federal rules, consumers risk losing no more than $50 as a result of unauthorized credit-card charges.
So a lot of people presume they have similar protection if they were cheated into paying someone via an app. They’re wrong. Though digital payment apps fall under the federal Electronic Fund Transfer Act, consumer-initiated transactions on the apps are exempt from the the law’s definition of “unauthorized charges” even if they are part of a fraud.
The payment app companies including warnings on their websites that caution users to deal only with people they know and trust.
Asked about Gupta, a Bank of America spokeswoman says the company won’t comment, citing customer privacy.
But it investigated and quickly refunded her money.
“We remind clients that they should not provide confidential account information to unidentified individuals,” spokeswoman Betty Riess says. “Bank of America and other legitimate companies would not ask for sensitive account information, such as passcodes or authentication codes.”
Early Warning Services LLC, which runs Zelle, also warns users about spoofing scams. Consumers “should only send money to people they know and trust, treat it like cash and be aware of ‘too-good-to-be-true’ situations,” spokeswoman Meghan Fintland says.
Gupta used to think she could spot a scam. Now, she wants others to know how sophisticated some of them can be.
“Honestly, if you get any kind of call about any of your finances, no matter what, just stop,” she says. “It’s a painful lesson.”