Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable 部落格

訂閱
  • Twitter
  • Facebook
  • LinkedIn

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

Cash App scammers are targeting users on Instagram and YouTube. Here’s what you need to know about their tactics — and how to avoid being conned.

In part one of our two-part series on Cash App scammers, I explored how promotional tactics used by the popular person-to-person (P2P) payment service have been co-opted by scammers, particularly on Twitter. Here, I share additional details showing how similar cons are perpetrated on Instagram, and how scammers are also creating videos on YouTube to deceive users into believing they have a way to “hack” Cash App for free money. You’ll also find tips and guidance on how to keep your hard-earned cash from falling into the wrong hands.

Instagram Cash App Scams

Cash App scams on Instagram are mostly similar to those on Twitter, with some key differences based on how users interact on each platform. 

Similar to the Twitter #CashAppFriday promotion, Instagram users hoping to win the #CashAppFriday and #SuperCashAppFriday giveaways will leave comments on Cash App Instagram posts with their $cashtag hoping to be selected.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

Once again, because users are publicly sharing their $cashtags, Cash App scammers can easily target them directly.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

On the same Instagram post from @CashApp, users posted about receiving incoming  requests to send $20. One user provided an example account name, $cshfridayoffical, one of a myriad of Cash App accounts impersonating Cash App on its own platform.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

A user also posted an image on their profile of a request they received during a recent #CashAppFriday. The post shows an incoming request through Cash App asking for $10 to “verify real account to get $500.” So it’s clear Cash App scammers are using the same tactics outside of Twitter to steal money from Cash App users.  

How Cash App scams differ on Instagram is through the way they adapt to the platform they use. On Twitter, Cash App scammers reply to #CashAppFriday tweets from @cashapp and the hashtag itself. On Instagram, the Cash App scammers look for users commenting on @cashapp posts with their $cashtag and follow those users, hoping they’ll look at their profiles.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

The usernames vary and may include keywords like “cash,” “payroll,” or “rich” in them. Some are more direct with their intentions, including variations of the word “money” and “flip” in them.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

These scammers aren’t explicitly targeting Cash App. Rather, as I previously noted, these are traditional money flipping scammers who’ve seen the tremendous popularity of Cash App and the #CashAppFriday giveaways and are trying to prey on desperate users seeking quick cash. 

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

In the Instagram posts above, a money flipping scammer is posting photos of someone with lots of cash in hand in their vehicle to entice users. They also tease an offer of flipping “$7 into $120,” setting the entry point very low for a potential victim. Finally, they have an example of a series of “Cashapp Flips” through which users can turn anywhere from $10 to $100 into $100 to $1,000. However, potential victims won’t see such returns.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

In another Instagram Cash App scam profile, the scammer cautions users to have “at least $25” in Cash App or “any other bank acc.” This profile also includes conversations and images where the scammer supposedly sends money to users. While unconfirmed, it is suspected that these images were either doctored or involved other accounts the scammer operates.

While I did not engage with these Instagram Cash App scammers, since they operate under the model of money or cash flips, it’s clear how the conversation would go. They would ask for an initial payment, claim they have the ability to modify the transactions in the system, ask to be given a cut from the “flip” they perform and mention they have proof that their operation is legit. Clearly, the operation isn’t legit and they would run off with whatever money they would receive.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

To underscore how pervasive the Cash App scams are on Instagram, the official Cash App Instagram account recently posted an image with a caption stating the service will “never request money from you.” 

YouTube Cash App Scams

Despite the persistence of these Cash App scams on social media, there is another area of intrigue when it comes to Cash App scams, this time on services like YouTube.

Unlike the money or cash flipping scams on Twitter and Instagram, Cash App scams promoted through YouTube focus on so-called Cash App Money Generators or Cash App Hacks.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

Searching for certain keywords relating to free money and Cash App lead to videos claiming to promote a “secret trick” or hacks to get free money on Cash App.

Digging into these videos, they all follow the same basic script:

  1. Voiceover of the video creator with the camera focused on their mobile phone.
  2. They may open their Cash App to reveal $0 in funds.
  3. They open a web browser and tell the viewer which website they need to visit in order to get the “free money.”
  4. The websites may be solely focused on Cash App or have references to other apps and services, requiring the user to “search” for the Cash App page.
  5. The video creator shows the viewer a website asking for a Cash App “ID” ($cashtag) and the amount of money they wish to receive, which can range from $10 to $999.
  6. The websites claim to be starting the process, but are ultimately interrupted because they require “human verification.”
  7. The websites redirect to a page that asks the user to install up to two mobile applications and run them for a specific time (30 seconds) or to play a series of games (e.g. Solitaire).
  8. After completing these steps, the websites claim the user will receive the requested funds.
  9. The video creators have doctored the video to show their Cash App incrementing the value of their available funds or merely increasing the money on the screen to make it appear as though the generator worked and they received the money they requested.

This approach mirrors what I’ve previously seen in scams targeting TikTok users seeking free followers and likes. The only difference is that they’re being promoted on YouTube.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

The image above is just one example of a myriad of Cash App “free money” generator/hack websites designed to drive users to “human verification” pages, which require users to fill out surveys (on desktop) and install mobile applications (on mobile).

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

The “Are you a robot” reference leverages Google’s reCAPTCHA logo to masquerade as a true “verification” service. Because most internet users are accustomed to reCAPTCHA implementations across the web, they might very well believe this is a legitimate verification request. In reality, it’s part of a cost-per-install (CPI) program, where the website creator uses specially crafted links with an affiliate identifier (affid) associated with their own account. This way, when a user installs one of these mobile applications and runs them for 30 seconds, they’ll be paid a small sum of money (less than $1) per install. 

In the case of these YouTube videos, it is possible the video authors have created the websites themselves, so they’re earning the affiliate money from the CPI programs. However, I’ve not been able to independently verify whether or not this is the case. Typically, CPI programs pay a very small amount for a successful conversion, often less than $1. They’re less lucrative than other affiliate programs, such as those promoting adult dating websites. 

Safety Tips for Cash App Users

While legitimate giveaways from Cash App and artists and celebrities may pique your interest, it is important to proceed with caution, because Cash App scammers are like sharks in a pond.

If you’re a Cash App user or someone interested in these giveaways or Cash App generators, here are some tips to help keep you safe when using these platforms and the Cash App service.

  • Neither Cash App nor any artist or celebrity offering to give away money will ever ask you to send money as a form of verification. If you receive an incoming request in your Cash App for money to verify you’re real, ignore the request and report the user.
  • Be skeptical of posts on Twitter and Instagram promoting #CashAppFriday or other giveaways. Do the math; if it sounds too absurd ($900 for the first 900 people) then it will turn out to be a scam. Even if it is a modest sum ($20 for the first 100 people), be skeptical.
  • Flipping money isn’t real. There is no program or method to alter transactions to increase the value within Cash App or any other person-to-person payment service. If the proof offered to you is flipping $2 to $20, know that the Cash App scammer is using their own stash of funds to gain your trust to steal a higher sum of money from you.
  • If you receive a message from someone saying you’ve won a Cash App giveaway and they include a link to a website that asks you to log in to your Cash App, it is almost certainly a phishing site. Do not enter your mobile number or provide your “login code” into any website. Instead of clicking on a link in a DM or a social media post, visit the real Cash App website (https://cash.app) or check your mobile application instead.
  • There is no such thing as a Cash App generator or Cash App hack that requires you to install a mobile application to get free money. You’re being used as a pawn to help a scammer earn money off the apps you install on your mobile phone.

Additionally, it is important to review your Cash App settings to fend off scammers. This includes ensuring you’ve enabled “Security Lock,” which requires your Cash App pin in order to transfer funds. Keep your Cash App pin to yourself and never share it with any person or any website.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

Finally, you can restrict who has the ability to send you an incoming request for money to “Contacts Only,” which will thwart the Cash App scammers impersonating Cash App and other celebrities through incoming requests, asking you to send them money for verification purposes. Even with this setting enabled, you’ll still be able to send and receive money through Cash App normally.

Cash App 詐騙:免費贈品誘騙 Instagram 使用者,而 YouTube 影片則號稱可輕鬆賺錢

As the old adage goes, if it sounds too good to be true, it probably is. In the case of Cash App giveaways, most of the time, it definitely is.

相關文章

您是否容易受到最新攻擊程式危害?

輸入您的電子郵件地址,以便收到最新 cyber exposure 警示。

免費試用 立即購買

選擇 Tenable.io

免費試用 30 天

享受現代、雲端型的弱點管理平台,能夠以無與倫比的準確性查看和追蹤所有資產。 立即註冊。

立即購買 Tenable.io

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

65 項資產

選取您的訂閱選項:

立即購買
免費試用 立即購買

免費試用 Nessus Professional

免費試用 7 天

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買 Nessus Professional

Nessus® 是現今市場上功能最全面的弱點掃描工具。Nessus Professional 能協助自動化弱點掃描程序、節省您達到合規性的時間並讓您的 IT 團隊合作。

購買多年期授權,節省更多。新增 365 天全年無休 24 小時全天候可使用電話、社群及對談的進階支援。完整詳情請見此處。

免費試用 立即購買

試用 Tenable.io Web Application Scanning

免費試用 30 天

享受我們專為現代應用程式而設計,屬於 Tenable.io 平台一部分的最新 Web 應用程式掃描產品的所有功能。不需耗費大量人力或中斷重要 Web 應用程式,即可高度準確且安全地掃描您整個線上產品系列中是否含有任何弱點。 立即註冊。

購買 Tenable.io Web Application Scanning

享受現代、雲端型的弱點管理平台,使您能夠以無與倫比的準確性查看和追蹤所有資產。 立即訂閱一年。

5 個 FQDN

$3,578

立即購買

免費試用 聯絡業務人員

試用 Tenable.io Container Security

免費試用 30 天

享受整合至弱點管理平台中的唯一容器安全產品的完整功能。監控容器映像中是否有弱點、惡意軟體及政策違規的情形。與持續整合和持續部署 (CI/CD) 系統整合,以支援 DevOps 作法、加強安全性並支援企業政策合規性。

購買 Tenable.io Container Security

Tenable.io Container Security 整合了建置程序,能提供包含弱點、惡意軟體和政策違規等容器影像安全性的能見度,讓您無縫並安全地啟用 DevOps 流程。

取得 Tenable.sc 產品示範

請填寫以下表格並附上您的聯絡資訊,我們的業務代表將盡快與您聯絡,以安排產品示範。您也可以附上簡短註解 (字元上限為 255 個)。請注意,標示星號 (*) 的欄位是必填欄位。

免費試用 聯絡業務人員

試用 Tenable Lumin

免費試用 30 天

透過 Tenable Lumin,能夠以視覺方式呈現 Cyber Exposure 並加以探索,長期追蹤風險降低狀況,以及對照同業進行指標分析。

購買 Tenable Lumin

聯絡業務代表,瞭解 Lumin 如何協助您獲得整個企業的深入洞見,並管理網路風險。

申請 Tenable.ot 產品示範

取得您所需要的操作技術安全性。
降低您無法處理的風險。