Technology
How to protect yourself from the Venmo, Zelle and Cash App scam that can wipe out your savings in seconds
paymen
Imagine walking down the sidewalk and being confronted at gunpoint by a crook.
Open the payment app on your phone and transfer out your hard-earned cash, or take a bullet in the head. That’s one phone cash ripoff scenario of many playing out in real-life America.
Other cash app crimes are happening due to the vulnerability of an unlocked iPhone without the new Stolen Device Protection turned on in iOS. These are examples of how mobile payment apps can put your money and your life at risk.
Do you use mobile payment apps like Venmo, Zelle or Cash App to send and receive money? If so, you’re not alone. These peer-to-peer payment services now handle an estimated $1 trillion in payments. And with that much money involved, there are also now a lot of fraud and scams going on, according to Alvin Bragg, the Manhattan district attorney. He says these apps are exposing many people to scammers and thieves and are costing them a lot of their hard-earned cash.
CLICK TO GET KURT’S FREE CYBERGUY NEWSLETTER WITH SECURITY ALERTS, QUICK VIDEO TIPS, TECH REVIEWS, AND EASY HOW-TO’S TO MAKE YOU SMARTER
Manhattan District Attorney Alvin Bragg (manhattanda.org)
In response, Bragg has written letters to the companies that own these apps, demanding they improve their security and protect their users from scams and thefts. His specific request is that they impose limits on transactions, require secondary verification of up to a day and better monitor unusual activity. He says he is requesting meetings with the companies to discuss these issues.
Venmo, Cash App and Zelle apps (Kurt “Cyberguy” Knutsson)
How an unlocked device can lead to financial disaster and personal harm
Bragg’s letters describe how these financial apps enable criminals to access unlocked devices and exploit them for financial gain and identity theft, saying,
“These crimes involve an unauthorized user gaining access to unlocked devices and then draining bank accounts of significant sums of money, making purchases with mobile financial applications, and using financial information from the applications to open new accounts.
“Offenders also take over the phone’s security by changing passwords, recovery accounts, and application settings. The ease with which offenders can collect five- and even six-figure windfalls in a matter of minutes is incentivizing a large number of individuals to commit these crimes, which are creating serious financial, and in some cases physical, harm to our residents.”
MANHATTAN DA ALVIN BRAGG CALLS FOR CASH APPS TO CRACK DOWN ON FRAUDSTERS
What are the mobile payment apps doing to prevent fraud?
The companies that own these apps have responded to Bragg’s comments and said that they are doing their best to provide a safe and reliable service to their customers. We reached out to all three companies. Here are their responses to us.
“PayPal and Venmo take the safety and security of our customers and their information very seriously. In addition to proactively leveraging sophisticated fraud detection tools, manual investigations, and partnering closely with law enforcement agencies to protect our customers against common scams, we have several options in place to enable enhanced layers of security and protection directly within our apps.” — PayPal and Venmo spokesperson
“Cash App continues to be committed to building trust with our customers and investing in areas that help build a safe and secure platform. We work proactively and diligently to safeguard our customer’s money and mitigate against the risk of fraud on our platform through a combination of preventative controls like multi-factor authentication, account transaction limits, fraud detection, and consumer education. We also partner with law enforcement agencies to detect and combat criminal activity.” — Cash App spokesperson
“We are aware of isolated criminal incidents described in the Manhattan District Attorney’s letter. Providing a safe and reliable service to consumers is the top priority of Early Warning Services, LLC, the network operator of Zelle®, and our 2,100 participating banks and credit unions. As a result of our continued efforts to build on Zelle’s strong foundation of security, less than one tenth of one percent of transactions are reported as fraud or scams, and that percentage keeps getting smaller. Our efforts include implementing industry-leading fraud and scam prevention measures for consumers like in-app safety notifications, and send limits and restrictions.” — Spokesperson for Early Warning Services, LLC, the network operator of Zelle
What’s the problem with mobile payment apps?
Bragg says that he is seeing a lot of cases where people have lost money or had their personal information stolen by using these apps. He said that this is happening because of the way these apps work on your phone or tablet. Here are three ways that crooks can cheat you or steal from you using these apps.
1) Phishing: This is when someone pretends to be someone else and sends you a message or email asking you to send money or give them your account details. For example, you might get a message from someone who says they are your friend, family member or a charity and they need your help urgently. Or you might get an email from someone who says they are your bank, the IRS or a mobile payment app and they need you to verify your account or update your information.
2) Spoofing: This is when someone creates a fake profile or account that looks like a real one and tries to fool you into sending money or accepting a payment. For example, you might get a payment request from someone who says they are selling something online, but their name, photo, or username is slightly different from the real seller. Or you might get a payment from someone who says they are a buyer, but they are actually using a fake check or a stolen credit card.
3) Device theft: This is when someone takes your phone or tablet and uses your mobile payment apps to take your money or make purchases without your permission. For example, someone might grab your phone while you are using it in public, or break into your car or home and take your device. Or someone might ask to use your phone for a legitimate reason, but then use it to access your mobile payment apps behind your back.
Woman on iPhone. (Kurt “Cyberguy” Knutsson)
MORE: STOLEN DEVICE PROTECTION IN LATEST IOS 17.3 UPDATE PROTECTS YOUR IPHONE EVEN MORE FROM CROOKS — THIS THIS ON ASAP
How can you protect yourself from mobile payment fraud?
Mobile payment apps have some security features to help protect you, but they are not enough, and you should not rely on them alone. You should also do these 10 things.
1) You should always access the payment app from the official app or website, and not from any third-party platforms or services.
2) Look at the security settings that the payment app offers and make sure they’re all set to the highest and most protective settings.
3) You should create a strong, unique, and complex password for each of your mobile payment apps and change it often. Consider using a password manager to generate and store complex passwords.
4) Enable two-factor authentication, which means that you need to enter a code or use your fingerprint or face to unlock your account to prevent unauthorized access. This way, even if someone knows your password, they can’t log in without your device or confirmation.
5) Lock your device and log out of your apps. You should always lock your phone with a password, PIN, pattern, fingerprint or face. Never share your password, PIN or security code with anyone. You should also log out of your mobile payment apps after each use and turn off the auto-login feature. This way, even if someone takes or borrows your device, they can’t access your mobile payment apps without your approval.
6) Verify the identity and legitimacy of the sender or receiver. You should always check the name, photo, username and contact information of the person or organization you are sending money to or receiving money from before accepting or sending any payment requests. You should also confirm the reason and amount of the transaction before you agree to it. If you are not sure or have any doubts, you should contact the person or organization directly through another way, such as a phone call, text message or email, but only if you know for sure that those forms of communication are legitimate. You should never send money or give your account details to anyone you don’t know or trust, or anyone who asks you to do so out of the blue.
7) Link your Venmo, Cash App and PayPal account to a credit card as opposed to a debit card, so you can dispute a charge from scammers more easily. Zelle does not allow credit card payments. However, keep in mind that linking a credit card to your payment app can provide additional protection in the event of fraud, but this can come with extra costs in terms of transaction fees.
8) Try not to keep a balance in your money-transferring apps. You have a much better chance of being helped by your bank or credit card company when it comes to fraud than you do from a money-transferring app.
9) Never click on links from unknown sources, especially when an email or text appears to have come from the payment App. Protect yourself from accidentally clicking malicious links by running antivirus software on your device. Get my picks for best antivirus software here.
10) Monitor your account activity and report any suspicious or unauthorized transactions. You should set up notifications from your payment app and your bank via text or email, and check your account activity regularly. Look for any signs of fraud, such as payments you didn’t make or receive, or changes to your account settings or information.
MORE: WATCH OUT FOR THIS ZELLE IMPOSTER SCAM ON FACEBOOK MARKETPLACE
What to do if you believe you have been scammed on Zelle, Cash App or Venmo
1) If you notice any suspicious or unauthorized transactions, report them to the payment app as soon as possible. You can contact their customer support team or use the report feature on the app or website to report any scams, phishing attempts or unauthorized transactions. You can also block or unfriend any users who are involved in scams.
2) Second, if you used your bank account or credit card to fund the transaction, contact your bank or credit card issuer to report the fraud and dispute the charge.
3) The third step is to change your password immediately to prevent further unauthorized transactions. Consider using a password manager to generate and store complex passwords.
4) Also, if you believe you have been scammed, you can file a complaint with the Federal Trade Commission (FTC) to report the fraudulent activity.
5) If you feel your personal data has been stolen, and you want a service that will walk you through every step of the reporting and recovery process, one of the best things you can do to protect yourself from this type of fraud is to subscribe to an identity theft protection company.
This service will monitor personal information like your home title, Social Security Number (SSN), phone number and email address and alert you if it is being sold on the dark web or being used to open an account. It can also assist you in freezing your bank and credit card accounts to prevent further unauthorized use by criminals.
One of the best parts of using some services is that they might include identity theft insurance of up to $1 million to cover losses and legal fees and a white glove fraud resolution team where a U.S.-based case manager helps you recover any losses. Get my review of best identity theft protection software here.
6) Lastly, always report the scammer. If you have any information about the scammer, such as their name, phone number or email address, report it to the app company and the authorities.
Kurt’s key takeaways
Mobile payment apps are convenient and useful, but they also come with some risks that you are now aware of. By following these tips, you can protect yourself from mobile payment fraud and enjoy the benefits of these apps safely and securely.
Do you think these payment apps are doing enough to protect you from scammers? Let us know by writing us at Cyberguy.com/Contact
For more of my tech tips & security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter
Ask Kurt a question or let us know what stories you’d like us to cover.
Answers to the most-asked CyberGuy questions:
Copyright 2024 CyberGuy.com. All rights reserved.
We’re retiring our oldest plans, some of which were built nearly 15 years ago – in the 3G and 4G eras, and well before our 5G network was fully deployed. Customers will transition to modern plans that provide access to America’s best wireless technology, enhanced features and a 5-year price guarantee for peace of mind. Some customers will see no change to their monthly bill, while some will see a modest adjustment. Every customer moved to a new plan will keep their current benefits while gaining improvements in network and service experiences.
NEWYou can now listen to Fox News articles!
Buying a hunting or fishing license should feel like one of the safest things you do online. You pick the license, pay for it and get ready for your next trip outdoors. But now, a cyberattack tied to the Texas Parks and Wildlife Department has put personal information for more than three million license customers at risk.
The agency says the attack hit a vendor that handles the sale of hunting and fishing licenses. Texas Cyber Command detected the incident, and the state says an unauthorized actor may have obtained personal data from customer profiles. That is the part that should get your attention. Even when credit card numbers and Social Security numbers are spared, your license details, phone number and home address can still give scammers a lot to work with.
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
FBI WARNS MICROSOFT USERS ABOUT PASSWORDLESS SCAM
Millions of Texas hunting and fishing license holders are being urged to monitor their accounts after a vendor cyberattack exposed sensitive personal data. (Photo Illustration by Thomas Imo/Photothek via Getty Images)
What happened in the Texas Parks and Wildlife data breach
The Texas Parks and Wildlife Department says its license system vendor was hit by a cybersecurity incident.
The agency says the investigation found that an unauthorized actor may have obtained data tied to 3,087,721 Texas hunting and fishing license customers.
TPWD did not identify the vendor in its public notice. However, it says it has strengthened access controls for customer profile data and plans to add more security features.
In other words, this involved a state license system connected to millions of people.
What information may have been exposed
TPWD says the exposed information may include:
- Driver license information
- Passport numbers, if provided
- Email addresses
- Phone numbers
- Residential addresses
That mix of data can help criminals sound convincing. A scammer who knows your name, phone number, home address and license-related details can make a fake call or email feel very personal.
The agency says Social Security numbers, dates of birth and financial information, including credit card details, were not obtained. TPWD also says there is no evidence that customers under 18 were involved or that any specific group was targeted.
Still, this breach should not be brushed off. Driver license information and passport numbers can create serious problems if they fall into the wrong hands.
Why this breach can still put you at risk
You might hear that hackers did not get credit card numbers and breathe a sigh of relief. I get that. But scammers do not always need your full financial file to cause trouble. Personal details can help them impersonate a state agency, a license vendor or even a bank. One message may claim there is a problem with your license account. Another may ask you to “verify” your identity. A fake link can also look official enough to trick someone who is moving fast.
That is where this kind of breach gets dangerous. The more a scammer knows about you, the easier it becomes to lower your guard. A fake message that includes accurate personal details can feel legitimate, especially if it shows up right after a public breach.
What Texas Parks and Wildlife says it has done
TPWD says immediate steps were taken to strengthen access controls for customer profile data. The agency also says it is working with the license system vendor to add more safeguards and enhanced monitoring.
In a statement to CyberGuy, TPWD said, “We recognize the seriousness of this issue and have identified and implemented additional security options to better protect customer information. Many of our staff are hunters and anglers and were affected by this incident. We are committed to working with the license system vendor to implement increased safeguards.”
Fishing guide Mike McBride of Port Mansfield, Texas, adds a third fish to his catch of redfish in the Lower Laguna Madre. (Bob Hood/Fort Worth Star-Telegram/Tribune News Service via Getty Images)
TPWD also said license sales will continue on schedule for August and the next license year, adding that it believes “current and future customer data are not at risk.”
That means customers should be able to buy hunting and fishing licenses as planned while the state works through the fallout from the breach.
Who should take action now
If you bought a Texas hunting or fishing license, use this breach as a reason to check your accounts and tighten your identity protections.
Affected customers can confirm eligibility for one year of free credit monitoring by calling the dedicated response line at 844-959-7123.
The enrollment deadline is Sept. 14, 2026. The call center is open Monday through Friday from 8 a.m. to 5:30 p.m. CT.
Do not wait for a suspicious charge or strange letter to show up. Breach cleanup works best when you act before someone tries to use your information.
How to protect yourself after the Texas Parks and Wildlife data breach
If you bought a Texas hunting or fishing license, these steps can help you reduce your risk and spot suspicious activity early.
1) Sign up for credit monitoring or consider identity theft protection
If you are eligible, sign up for the free credit monitoring before September 14, 2026. Credit monitoring can alert you when new credit activity appears in your name. It will not stop every type of identity fraud, but it can give you an early warning. If you were not affected by this breach, now is still a good time to consider identity theft protection. These services can help monitor your personal information, alert you to suspicious activity and guide you if someone tries to use your identity. See my tips and best picks on Best Identity Theft Protection at Cyberguy.com
2) Freeze your credit
A credit freeze is one of the strongest moves you can make after a breach. It makes it harder for someone to open a new account in your name. You need to freeze your credit separately with Equifax, Experian and TransUnion. It is free. You can also lift the freeze when you need to apply for credit.
EMPTY ENVELOPES IN YOUR MAILBOX? DO NOT SCAN THAT CODE
Texas officials say a vendor breach may have exposed driver’s license information, passport numbers and contact details, but not Social Security numbers or payment information. (Photo by Philip Dulian/picture alliance via Getty Images)
3) Add a fraud alert
A fraud alert tells lenders to take extra steps before opening new credit in your name. You can place a free one-year fraud alert by contacting one of the major credit bureaus. That bureau should notify the other two. This is a good option if you want extra protection but are not ready to freeze your credit.
4) Report identity theft if something looks wrong
If you see signs that someone used your information, report it right away. That could include new accounts you did not open, strange letters about benefits, unfamiliar bills or credit checks you do not recognize. The FTC’s IdentityTheft.gov can help you create a recovery plan based on what happened.
5) Remove your personal information from people-search sites
Your name, address and phone number may already appear on data broker sites. A breach can make that exposure feel even more personal. A data removal service can help reduce how much of your personal information appears online. You can also manually request removal from major people-search sites. Check out my top picks for data removal services and get a free scan to find out if your personal information is already out on the web by visiting CyberGuy.com.
6) Watch for driver’s license misuse
Because driver’s license information may have been exposed, pay close attention to anything tied to your ID. That includes notices about duplicate licenses, address changes, traffic issues, government benefits or accounts you did not request. If something feels off, contact the proper agency directly. Do not use a phone number or link from a surprise message.
7) Be careful with passport-related scams
If you provided a passport number, be extra cautious with calls or emails that claim there is a problem with your passport or travel documents. Do not give out personal information to someone who contacts you first. Go directly to the official agency website or call a verified number instead.
8) Watch for fake TPWD messages
Scammers may use this breach as bait. Be careful with any email, text or call that claims to come from Texas Parks and Wildlife, a license vendor or a credit monitoring service. Do not click links from surprise messages. Go directly to the official website or call the dedicated response line instead.
9) Use strong antivirus software
Scammers may use this breach to send fake emails, texts or links that look official. Strong antivirus software can help block malicious links, detect phishing attempts and warn you before you download something dangerous. Keep it updated on your phone, tablet and computer so it can catch newer threats. Get my picks for the best 2026 antivirus protection winners for your Windows, Mac, Android and iOS devices at CyberGuy.com.
10) Do not share verification codes
If someone calls and asks for a code sent to your phone or email, stop. That is a major red flag. Scammers use those codes to get into accounts. No legitimate support agent should pressure you to hand one over.
11) Check your financial accounts
Even though TPWD says financial information was not obtained, you should still review your bank and credit card statements. Look for small test charges, unfamiliar subscriptions or anything that seems off. Report suspicious activity right away.
12) Use strong passwords and two-factor authentication
This breach does not appear to involve passwords, but scammers may use exposed personal details to target your other accounts. Use a password manager to create strong, unique passwords. Turn on two-factor authentication (2FA) for important accounts, especially email, banking and shopping accounts.
WORLD CUP TICKET SCAMS TARGET DESPERATE FANS
A cyberattack tied to a Texas Parks and Wildlife Department vendor may have exposed the personal information of more than 3 million hunting and fishing license customers. (Photographer: Daniel Acker/Bloomberg via Getty Images)
Kurt’s key takeaways
This breach is a reminder that everyday government transactions can carry a lot of personal data behind the scenes. You may think of a hunting or fishing license as a routine purchase. But the information connected to that purchase can include driver’s license details, passport numbers, phone numbers and your home address. That gives imposters enough context to make a scam sound believable. The best move now is to stay ahead of it. Use the official response line, sign up for monitoring if you qualify, freeze your credit and be extra careful with any surprise message about your license or identity. The vendor may have been the target, but Texans are the ones left watching their information.
Should state agencies be required to publicly name vendors after a breach this large, or would that make future investigations harder? Let us know by writing to us at CyberGuy.com.
CLICK HERE TO DOWNLOAD THE FOX NEWS APP
Sign up for my FREE CyberGuy Report
- Get my best tech tips, urgent security alerts and exclusive deals delivered straight to your inbox.
- For simple, real-world ways to spot scams early and stay protected, visit CyberGuy.com – trusted by millions who watch CyberGuy on TV daily.
- Plus, you’ll get instant access to my Ultimate Scam Survival Guide free when you join.
Copyright 2026 CyberGuy.com. All rights reserved.
First announced over a year ago in April 2025, the Busy Bar will be available for purchase starting on July 14th when the device also starts shipping. Created by the same team behind the Flipper Zero wireless multitool, the Busy Bar is instead described as a “productivity multitool” that relies on a pixelated LED display to help reduce distractions and improve focus. The first 3,000 units purchased on July 14th will be discounted to $199, but the Busy Bar will normally retail for $249. Those who previously joined the Busy Bar waitlist will still be able to purchase one next month for $179.
The Busy Bar looks a lot like an alarm clock, but it’s designed to be used on a desk, perched atop a monitor or cubicle wall, or mounted to a wall or door. When installed in a place where it’s visible to coworkers, family, or roommates, the Busy Bar serves as a status display letting others know when you’re focusing on a task and shouldn’t be distracted.
At the push of a button, the Busy Bar will display a highly visible status message on its 72 x 16 LED pixelated screen that can include a countdown timer so potential distractors know when you’ll be available again. Alongside the status display, the Busy Bar can start a Pomodoro timer and mute notifications on other devices. The Busy Mode can be set to automatically activate through custom triggers, including when you join a phone call, start streaming, begin recording audio, or just open a specific app. It’s also Matter-compatible, allowing it to trigger smart home automations when you need to focus, such as dimming lights or playing music on a speaker.
Flipper Devices has created an open API for the Busy Bar so developers can create their own third-party apps to expand its usefulness and capabilities. You can potentially tie it into an office’s scheduling system to indicate when meeting rooms are booked or available, for example. There will also be accompanying apps available for the device on iOS, Android, macOS, and watchOS, with a native Windows app planned for later this year.
-
World4 minutes agoDR Congo says 1,307 Ebola cases confirmed, including 377 deaths
-
News29 minutes agoMichigan governor threatens to pull troops from D.C. if used for Trump task force
-
New York2 hours agoMetropolitan Diary Challenge Day 2: How to Write Your N.Y. Story
-
Los Angeles, Ca2 hours agoCompany has weeks to complete cleanup of Boyle Heights warehouse fire, officials announce
-
Detroit, MI2 hours ago18 New Kid-Friendly Places That Opened in Metro Detroit in 2026 (So Far!)
-
San Francisco, CA2 hours agoAnza expedition celebrates 250th anniversary in San Francisco
-
Dallas, TX2 hours agoPreston Hollow residents oppose proposed $800 million mixed-use development in Dallas, survey reveals
-
Miami, FL3 hours agoBradley Beal to Miami Heat rumors draw skepticism
