Cash App, the popular person-to-person (P2P) payment service application from Square, has been steadily growing since its debut in late 2013. The service’s growth has been fuelled by a promotion marketing campaign offering cash giveaways to those who engage with the brand on various social media platforms. The success of these promotions, in turn, is emboldening an army of scammers who employ a variety of cons to separate social media users from their hard-warned cash.
“Money flipping isn’t new to social media; it’s been pervasive on Twitter, Facebook, Instagram and Snapchat for years,” says Satnam Narang, Senior Research Engineer, Security Response at Tenable. “What makes this particular form of money flipping so nefarious and successful is that it capitalizes on a legitimate giveaway proposition from a reputed company-Square and its Cash App product-and then victimizes people who are hoping to be selected in this legitimate giveaway.”
A look at the numbers makes it easy to see why Cash App is such a promising target for scammers. According to an August 2019 MarketWatch article, Cash App received a whopping 2.4 million downloads in July 2019. The same article notes Cash App has been downloaded 59.8 million times since its 2013 launch, outpacing its biggest competitor, Venmo, which has been downloaded 52.7 million times.
Music has played a role in fueling Cash App’s popularity, as 200 rap artists have name checked the app in song lyrics and used the app to give money to fans, whether “just because,” as Lil B did, or as part of a giveaway promotion for scoring a number one album, as Travis Scott did.
Some consumer brands have also activated marketing campaigns using the service. For example, Burger King began its Whopper Loans promotion by teasing a giveaway using Cash App.
Cybersecurity firm Tenable today launched new research exploring how Cash App is being used as a breeding ground for scammers. The research explores the phenomenon of “money flipping”, a phishing technique used to scam consumers out of anywhere between $10 to as much as $1,000. The technique works by hijacking Cash App’s popular #CashAppWednesday and #CashAppFriday global hashtags on Twitter, requesting users to send them money with the promise that they’ll receive more cash in return.
This two-part series details the practices Satnam uncovered while researching these scammers from July to September 2019. This research is not meant to be a comprehensive overview of all such scams; rather it’s an analysis of behavioral trends among a group of scammers targeting the popularity and interest around one particular application.
In part one, Satnam discusses about how Cash App’s soaring popularity is attracting opportunistic scammers and their methods of operation on Twitter and Instagram. And in part two, he provides further details on the tactics used by Cash App scammers on Instagram, as well as examine videos hosted on YouTube, which claim to provide ways to earn “free money” and “hack” Cash App. In addition, he also provides guidance and advice on how users of the P2P payment service can avoid being conned.