Phishing attacks do not always involve emails or web links. Sometimes, the attackers also leverage the SMS facility to trick users. Recently, Dighton Police has warned of a phishing scam where the scammers specifically target Venmo users.
Scammers Targeting Venmo App Users
The Dighton Police Department have spotted a new scam in the wild targeting Venmo app. The scammers aim for Venmo users by sending malicious text messages. Dighton Police warned all users via a Facebook post.
The scammers send text messages to the target users with the intention of creating panic for the Venmo users. The message content informs users of a fee deduction for Venmo accounts, stopping which requires the user to sign in. According to the Dighton PD post,
You will receive a text message telling you your Venmo account is about to be charged and if you want to cancel the withdrawal, you need to log on and decline it.
The phishing links involved in this scam also redirect the users to web pages resembling actual Venmo pages.
The scam uses the same colors and fonts as the Venmo app.
Many users are likely to have fallen prey to this scam. The phishing pages then ask the user to sign in via their phone number. Since the web page is fake, the victim can proceed even when entering false credentials. Dighton PD stated in the post,
The message allows you to log on with any phone number and password. (the password I used was wrong, but it had me continue on)
Deceptive ‘Verification’ Requirement
Apart from login credentials, it also aims to steal personal data of victims. Specifically, after signing-in to the phishing web pages, the sites also ask the users to verify the accounts by entering their bank card number or other financial or personal information. In this way, not only the phishing sites attempt to look legit, but also pilfer information from the victims.
The Police Department has warned all Venmo app users to be wary of such scams. They should never enter account information associated with direct links from SMS. For confirmation of a message legitimacy users can directly visit the website.
For anyone who has already fallen pray to this scam or shared financial data with the scammers, Dighton PD recommends contacting the respective bank authorities.