This post was originally published on Yahoo Money.
The popular cash giveaways on social media from Cash App, Square’s peer-to-peer money transfer app, may have created a backdoor for scammers, according to a new report from Tenable, a cyber security company.
Criminals are using phishing, cash-flipping and impersonation schemes to steal $10 to $1,000 from unsuspecting Cash App users by dangling phony offers of more money, the report found.
The scams target many of Cash App’s 452,000 followers on Twitter and those following its Cash App Friday promotion, which has amassed 1.2 million Twitter mentions in the past year, the report said.
“These are people who are college students and maybe need money for books,” said Satnam Narang, a researcher at Tenable. “It's really unfortunate that these people are being scammed out of their hard-earned money.”
What are the scams?
The Cash App Friday giveaway that started in 2017 is fueling the rise in these scams, Narang said. Each week, Cash App gives away about $5 to Twitter or Instagram followers who share their user ID under the #CashAppFriday hashtag. On #SuperCashAppFriday, the prizes can range from $100 to $500. All users have to do is retweet, reply to the post, or share it on their Instagram story.
Scammers see these posts and comment, asking for a personal message from those who have engaged with the giveaway to offer them additional rewards. This turns into the classic money-flipping scheme: The criminal promises to modify the transaction and send more than the reward as long the Cash App user sends money to them first.
Other fraudsters impersonate Cash App representatives, requiring a $10 transfer to verify a victim’s account before they can receive their bonus giveaways. Others pretend to be Square’s CEO Jack Dorsey or famous influencers offering a cash giveaway if people retweet or direct message them.
The report offered no estimate of how much money has been lost to these hoaxes. But some of the scammers’ posts have gained hundreds of retweets and replies. Cash App is also working to mitigate the fraudulent schemes.
"We are aware of social media accounts that claim to be associated with Cash App,” the company said in an email. “We have been working with Twitter and Instagram to deactivate all accounts that infringe our intellectual property rights (eg: use our name or logo without permission) or seek to take advantage of our customers.”
A post shared by Cash App (@cashapp) on
How to avoid these scams
Here’s how to keep your money safe while continuing to enjoy the giveaways.
Don’t send money to verify: Neither Cash App nor any celebrity doing giveaways will ask you to send money for verification.
Be skeptical of generous social media giveaways: If a post offers $900 for the first 900 people, it’s likely a scam.
Flipping money isn’t real: There’s no way to alter transactions to increase the value of the Cash App giveaway.
Don’t trust the links: If you get a link requiring you to login into Cash App to claim a reward, it’s likely a phishing scam.
Check the credibility of the posts: Unverified social media accounts, posts with typos and newly created accounts are red flags.
Last, if users win money in the Cash App Friday giveaways, the company sends the reward from its official account, which is verified with a blue checkmark. The official accounts are @cashapp and @cashsupport. The company will never ask for money or login information, according to a Cash App spokesperson.
Read more in our Spending section