Fake Venmo / Cash App / Zelle P2P verification lure — "$400 payment pending, unauthorized transfer, verify within 24 hours or payment reverses" targeting 90M+ Venmo / 55M+ Cash App / Zelle-on-any-US-bank users; credentials + bank routing harvest enables reverse-direction drain, fake-payment-refund scams (BBB + FTC #1 growing consumer fraud 2024-2025)

Fake "your Venmo / Cash App / Zelle account has a $400 payment pending / unauthorized transfer detected — verify within 24 hours or the payment will reverse" email targeting US P2P payment users. Venmo has 90M+ users, Cash App 55M+, Zelle routes $800B/year through US banks — the consumer attack surface is massive. Harvests P2P credentials and bank routing info. Post-compromise: attackers initiate reverse-direction transfers to drain the linked bank account, trigger fake-payment-received scams (sending the victim a fabricated $400 "accidental" inbound payment notification and requesting the victim "return only $200" — netting attacker $200 of real money), pivot to the linked bank via ACH, and extract SSN + bank routing from P2P KYC for identity theft. The lure converts because Venmo / Cash App / Zelle payment notifications are frequent and familiar — users process dozens per month and have trained fast-click response. BBB Scam Tracker and FTC Consumer Sentinel documented P2P-payment fraud as the #1 growing consumer fraud class 2024-2025. Fires when body references Venmo / Cash App / Zelle / P2P payment / pending payment request / payment reversal AND contains suspension / verify / reversal / pending-payment / unauthorized-transfer urgency. Excludes venmo.com, cash.app, cashapp.com, squareup.com, zellepay.com, zelle.com, paypal.com, and the major Zelle partner banks (chase.com, bankofamerica.com, wellsfargo.com, citi.com, usbank.com, pnc.com, capitalone.com). Auto-classified as danger via the `-lure` suffix.