CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

Buy now, pay later scammers are sharing their exploits and secrets on Telegram

January 28, 2022, 5:07 PM UTC

If you want to stay up-to-date with the latest trends in fraud, the encrypted messaging platform Telegram has become the app of choice for charlatans to brag about their exploits and sell their services to one another.

A burgeoning topic of interest for scammers: buy now, pay later—which is one of the fastest growing and well-funded sectors of fintech. Fraudsters are taking to channels like “F University” on Telegram to discuss hacking into BNPL user accounts via stolen credentials they’ve obtained through phishing attempts or other means. They’ve also supposedly been using expired credit cards or stolen prepaid cards with small balances to purchase items.

“Any new type of payment method or any new way that they can spend someone else’s money online—they’re going to try it out and they’re going to test it,” says Brittany Allen, a trust and safety architect at fraud prevention software company Sift, who tracks these public channels and alerted me to the recent surge in BNPL discussions. She notes there has been a spike in discussions, which span all major BNPL providers such as Afterpay, Affirm, and Klarna, dating back to this summer. No one company appears to be singled out, she says.

If Telegram is any indication, schemes against BNPL companies appear to be quite successful: “LEARN TO EASILY MAKE THOUSANDS WITH THESE ONE TIME CARD[S],” a Telegram user under the name “MONEYBAGZAE” writes, paired with the money bag and shopping bag emojis, in a public channel, offering to coach others in the channel with more than 2,000 users, for a fee, naturally. Another user, who goes by the name the “THEMFNPlug,” posted a screenshot revealing they had successfully made at least eight purchases, ranging between $50.28 to nearly $1,100 in value, after sidestepping two-factor authentication in accounts registered with a Yahoo email address.

Burgeoning fraud attempts in this sector of fintech have sparked the attention of at least one other fraud prevention company, Outseer, which says it is planning to issue a BNPL fraud detection solution in coming weeks. “A payment instrument like buy now, pay later is becoming very popular, and we feel there’s going to be a lot of fraud that needs to be stopped,” says Armen Najarian, Chief Identity Officer of the company.

A surge in attacks could spell trouble for BNPL companies, which are growing quickly and are already under a probe from the Consumer Financial Protection Bureau to learn how they are handling consumer data and whether consumers are racking up debt. To be sure, all companies face ever-frequent cybersecurity threats and attacks. (I, for one, get an occasional phishing email). Any financial institution—and particularly a trendy or well-advertised one—is going to have it much worse. The banking industry saw a 1,318% increase in ransomware attacks in the first six months of 2021 from the year prior, according to a Trend Micro report.

For BNPL companies in particular, “they’re dealing with a lot more volume, which just means that they are going to have to find a way to scale their fraud prevention,” Allen says.

When reached for comment, an Afterpay representative declined to comment, and Paypal and Zip did not respond. Spokespersons at Klarna and Affirm emphasized extensive fraud prevention procedures.

“Our continuously learning models have been built on billions of data points and our decade of operations to assess a consumer’s willingness and ability to repay before making an instant underwriting decision,” an Affirm spokesperson said, noting that the company mandates a card verification value check on debit and credit cards to check they are still active at the time of the transaction, utilizes stock-keeping-unit level data, where the item is being shipped, and other data points, and has set up secondary rules that, when triggered, sends a transaction to fraud investigators, which can cancel transactions, halt shipping, recall a shipment, or other actions.

A Klarna spokesperson said that the company conducts “advanced and extensive checks internally and externally, using over 100 data points on every single transaction to verify identity whenever someone tries to use our services” to track and stop fraudulent activity. “Our fraud rates are half that of credit card fraud and we have sophisticated technology in our checkout and products to identify and prevent fraudulent activity as well as a Buyer Protection Policy to ensure customers never pay for purchases they did not make,” the person said.

Are lofty valuations kaput? With the stock market on decline, Tiger Global and other investors have reportedly cut their offers for private software startups, according to reporting from The Information, sometimes allegedly negotiating to lower a valuation after they had already signed the investment paperwork. This should serve as a warning for what many investors have feared—that exits might become more challenging and startups may struggle to raise cash at the rate (and terms) they’ve come to expect. 

Until Monday,

Jessica Mathews
Twitter: @jessicakmathews


- Firebolt, a San Francisco-based cloud data warehouse, raised $100 million in Series C funding led by Alkeon Capital and was joined by investors including Sozo Ventures, Glynn Capital, Zeev Ventures, Angular Ventures, Dawn Capital, Bessemer Venture Partners, K5 Global, and TLV Partners.

- Septerna, a San Francisco-based medicine development company, raised $100 million in Series A funding led by Third Rock Ventures and was joined by investors including Samsara BioCapital, BVF Partners, Invus Financial Advisors, Catalio Capital Management, Casdin Capital, and Logos Capital.

- Veriff, a Tallinn, Estonia-based SaaS-based identity verification platform, raised $100 million in Series C funding. Tiger Global and Alkeon co-ed the round and were joined by investors including IVP and Accel

- Kyverna Therapeutics, an Emeryville, Calif.-based cell therapy company engineering a new class of therapies for autoimmune diseases, raised $85 million in Series B funding. Northpond Ventures led the round and was joined by investors including Westlake Village BioPartners, Vida Ventures, Gilead Sciences, RTW Investments, CAM Capital, Insight Partners, HealthCor, LYFE Capital, Intellia Therapeutics, Argentum Peak, Hudson Bay Capital, and jVen Capital

- HackerOne, a San Francisco-based hacker-powered security platform, raised $49 million in Series E funding led by GP Bullhound.

- Talkiatry, a New York-based in-network psychiatric care provider, raised $37 million in Series A funding from Left Lane Capital

- Censys, an Ann Arbor, Mich.-based continuous attack surface management provider, raised $35 million in Series B funding led by Intel Capital and was joined by investors including Google Ventures, Decibel, and Greylock Partners.

- Portnox, an Austin, Texas-based cloud-native network and endpoint security solutions company, raised $22 million in Series A funding led by Elsewhere Partners.

- Stonly, a Levallois-Perret, France-based self-guidance onboarding and support platform, raised $22 million in Series A funding led by Northzone and was joined by investors including Accel and business angels from Miro, Algolia, Y Combinator, Personio, Dashlane.

- Vanti Analytics, a Tel Aviv, Israel-based self-service data science platform, raised $16 million Series A funding. Insight Partners led the round and was joined by investors including True Ventures and MoreVC.

-, a Tel Aviv, Israel-based virtual care management platform, raised $14 million in Series A funding led by Entrée Capital and was joined by investors including Flint Capital, Homeward Ventures, Almeda Ventures, Operator Partners, Jibe Ventures, and Yossi Matias.

- Finmark, a Raleigh, N.C.-based financial modeling software provider for startups, raised $6.5 million in seed funding led by American Express Ventures.

- kencko, a Lewis, Del.-based plant-based blender-free smoothie and food waste diversion B-Corp, raised $10 million in Series A funding. Siddhi Capital led the round and was joined by investors including Next View Ventures, Riverside Ventures, Silas Capital, Cheyenne Ventures, Shilling Capital, Indico Capital, Mission Point, Gather Ventures, Nakhla Ventures, and Nextblue Ventures.

- Sooper, a São Paulo, Brazil-based startup that connects small and medium retailers to suppliers, manufacturers and distributors, raised $5.7 million in funding from Canary and Kaszek.

- Black Sheep Foods, a San Francisco-based plant-based lamb alternative company, raised $5.3 million in seed funding from investors including AgFunder, Bessemer Venture Partners, New Crop Capital, Siddhi Capital, and Smita Conjeevaram.

- NLX, a New York-based voice AI specialist, raised $5 million in seed funding led by Aquila Capital Partners and was joined by investors including Flying Fish Partners, Sage Venture Partners, and JetBlue Technology Ventures

- NVISIONx, a Santa Monica, Calif.-based data risk intelligence (DRI) platform that fuses business data analytics with cyber intel, raised $4.6 million in seed funding led by Companyon Ventures and was joined by investors including Morgan Stanley Next Level Fund, SixThirty Ventures, Gutbrain Ventures, PBJ Capital, and CreativeCo Capital.

-, a San Francisco-based website design and development platform, raised $4.4 million in seed funding led by NFX and was joined by investors including Sound Ventures, VSC Ventures, Village Global, and Harry Stebbings.

- Bodhi, an Austin, Tex.-based customized customer experience technology platform, raised $4 million in funding led by Clean Energy Ventures.

- Mat3ra, a San Francisco-based cloud-native digital materials R&D platform, raised $3 million in seed funding led by Draper Associates, Serguei Beloussov, and Eutopia Ventures

- Snapfix, a Dublin, Ireland-based task management platform, raised €1.75 million ($2 million) in funding led by Sator Grove Holdings, a US investment group ‘helping the world’s top entrepreneurs, operators and investors attain the extraordinary’.


- Bain Capital Double Impact acquired AqueoUS Vets, a Danville, Calif.-based vertically integrated manufacturer of water treatment systems. Financial terms were not disclosed.

- Enlightenment Capital acquired Boecore, a Colorado Springs, Calif.-based technology solutions provider for space, missile defense, hypersonics, and strategic deterrent mission companies. Financial terms were not disclosed.

- PSP Capital agreed to acquire Ntiva, a McLean, Va.-based managed IT services, security services, and unified communications provider.

- Revelation Pharma, an Osceola Capital portfolio company, acquired Innovation Compounding, Pencol Compounding Pharmacy, Pharmacy Specialists Compounding, Wise Compounding, and Convex Pharmacy. Financial terms were not disclosed.

- Salt Creek Capital acquired Wine Racks America, a North Salt Lake, Utah-based manufacturer and distributor of wine storage kits, DIY residential cellar systems, wine cooling units, and label forward racking. 

- SK AeroSafety Group, a Levine Leichtman Capital Partners portfolio company, acquired Fire-Tec Aero Systems, a Phoenix, Ariz.-based MRO aviation solutions provider. Financial terms were not disclosed. 

- Stifel acquired a minority stake in LFE Capital, a Naples, Fla.-based private equity firm. Stifel also became a limited partner in its fourth fund. Financial terms were not disclosed.


- Silvergate Capital agreed to buy assets of The Diem Association, a consortium founded by Facebook to build a cryptocurrency payments network, from Meta Platforms for about $200 million, according to the Wall Street Journal.

- One Equity Partners agreed to acquire Trustmarque, a London-based IT services and solutions firm, from Capita Plc for $148.6 million.

- Broad Sky Partners acquired Thomas Scientific, a Swedesboro, N.J.-based laboratory supplies and equipment distributor, from Carlyle. Financial terms were not disclosed.

- CACI International acquired ID Technologies, an Ashburn, Va.-based product, software, and managed service provider for U.S. federal government clients, from The Acacia Group. Financial terms were not disclosed.


- Alphabet invested $1 billion in Bharti Airtel, a New Delhi, India-based telecommunications company.

- Samsung Biologics agreed to acquire a 49.9% stake in Samsung Bioepis, an Incheon, South Korea-based biopharmaceutical and biosimilar medicine developer, from Biogen.

- ABB acquired a controlling stake of In-Charge Energy, a Santa Monica-based EV charging company. Financial terms were not disclosed.

- Farfetch agreed to acquire Violet Grey, a Los Angeles-based online e-commerce portal for beauty care and wellness products. Financial terms were not disclosed.


- Hyundai Engineering, the construction arm of Hyundai Motor Group, withdrew its $1 billion IPO plans amid suffering global markets. 


- The asset management arm of HashKey Group, a Hong Kong-based digital asset financial services group in Asia, raised $360 million in funding for a new fund to invest in blockchain and digital asset startups.


- B Capital Group, a Manhattan Beach, Calif.-based venture capital firm, hired Matt Levinson and Karan Mohla as partners. They were formerly with FinTech Collective and Chiratae Ventures respectively. The firm also promoted Adam Seabrook to partner.

- Foundation Capital, a Palo Alto, Calif.-based early-stage venture capital firm, hired Jenny Kaehms as an investor. 

- TSG Consumer Partners, a Larkspur, Calif.-based private equity firm, promoted Margo Hays to managing director; Alec Barnett, Sam Pritzker, and James Zelnick to senior vice president; and Parker Brown to senior associate.

- VNV Global, a Stockholm, Sweden-based venture capital firm, hired Daan Sanders, Tessa Wanders, Dennis Mohammad, and Alexander Trofimov as investors.

This is the web version of Term Sheet, a daily newsletter on the biggest deals and dealmakers. Sign up to get it delivered free to your inbox.