Fake Cash App Order Confirmation Phishing Scam
Scammers send fake 'you were charged' notifications mimicking Cash App payment receipts to panic recipients into clicking a phishing link.
Part of: Fake Order Confirmation Phishing Scams
Last reviewed: 8 June 2026
Cash App sends genuine payment receipts to users by push notification and email when money leaves their account. Criminals copy these notifications precisely — green header, dollar amount, transaction ID — and send mass emails claiming the recipient's account was just charged for a purchase they did not make.
The psychological trigger is alarm: recipients who see an unexpected charge in Cash App's visual style are more likely to click 'Cancel Payment' or 'Dispute This Charge' without first checking their actual Cash App balance. The button leads to a phishing page designed to capture login credentials.
These fake receipts often coincide with real online shopping seasons — major sales events or holidays — when consumers are making multiple purchases and are accustomed to receiving legitimate payment confirmations, making the fake harder to recognise.
How this scam works on the Cash App brand
The phishing email contains a transaction reference number, a merchant name (often a well-known retailer), a dollar amount ($89.99 to $299), and a timestamp of just minutes ago. Two buttons appear: 'This Was Me' and 'Dispute This Charge.' Clicking either button loads a lookalike Cash App login page.
After the victim enters their email and password, they are shown a security step requesting their linked phone number and the SMS code just sent to it — giving the scammer everything needed to take over the account in real time.
Some variants skip the login step and load a 'refund form' that asks for card number, expiry, and CVV, framed as necessary to issue the cancellation credit. Card details are thus harvested alongside or instead of Cash App credentials.
Common red flags
- The email shows a charge you have no memory of making, especially to an unfamiliar merchant.
- The from-address is not @cash.app or @square.com.
- The 'Dispute' button links to a domain other than cash.app.
- Your actual Cash App Activity tab shows no such transaction.
- You are asked to enter your password on a site reached from an email link.
- The email requests card details to 'process a refund.'
- The notification arrived outside your normal shopping activity.
How to protect yourself
- Before clicking anything, open Cash App directly and check your Activity tab.
- Remember that Cash App has no 'cancel payment' feature for completed peer-to-peer transfers — only disputed payments within a limited window.
- Enable real-time Cash App push notifications so you immediately see legitimate charges as they happen.
- Use a password manager — it will not autofill on a fake domain.
- Check your linked bank account for any corresponding debit before assuming a Cash App charge is real.
- Forward suspicious emails to [email protected] before deleting them.
How to report it
- Forward the email to [email protected].
- Report to the FTC at reportfraud.ftc.gov.
- File with ic3.gov if you lost account access or funds.
- Report to your email provider as phishing.
- Contact Cash App support through the app if your account was compromised.
Frequently asked questions
Can Cash App payments be cancelled after they are sent?
Cash App peer-to-peer payments are usually instant and irreversible. You can request a refund from the recipient, but you cannot unilaterally cancel a completed payment. Any email claiming you can cancel via a link is fraudulent.
How do I know if a Cash App payment notification is real?
Open Cash App on your phone and check Activity. Real transactions appear there. If the transaction is not in the app, the notification is fake regardless of how convincing it looks.
What should I do if I clicked a link and entered my password?
Change your Cash App password immediately at cash.app, revoke any linked devices you do not recognise, and contact Cash App support. Change the same password anywhere else you used it.