Lots of scams come from surprise sources, like an email impersonating your bank or a sudden loud pop-up. We trust the apps and websites we use all the time not to throw scams our way, but letting your guard down can lead to you falling for tricks.
Recently, I got a scam notification from a financial service I use. Its systems were breached, allowing someone to broadcast a sham that looked legitimate. Thankfully, I didn’t even consider opening it, but I’m sure many people did. It’s a good reminder that you should always be skeptical for your safety.
This didn’t seem fishy at first
I wasn’t interested anyway
I’ve used the service Betterment to invest and store savings for a long time. While I’ve limited my phone notifications to avoid distractions, I keep them on for apps like financial services because I want to know when a deposit is complete or similar. I have them go to the Notification Center on my phone, where I can review them on my terms.
A few weeks ago, I got a Betterment notification advertising a cryptocurrency offer. I immediately swiped it away after seeing the first line, because I’m not interested in crypto and have never used it. (I swipe to clear notifications quickly, as I want to review their information but don’t need to act on most.)
The platform does offer ways to invest in cryptocurrency, which I haven’t tried. And Betterment occasionally sends notifications about legitimate offers, like boosting the APY of your HYSA if you refer a friend. That’s why I didn’t think anything of the notification at the time.
However, a few days later, I saw stories popping up about Betterment sending a scam notification to its users. I then immediately realized what this was, and was glad I had ignored it.
A classic “double your money” scam
Nobody is giving you free cash
I read over the text of the scam for the first time when I saw it online, since I cleared the alert before fully processing it.
It used a subject line of We’ll triple your crypto! (Limited Time) and said “Betterment is giving back” by tripling deposits for the next few hours. All you had to do was send to the indicated addresses, and they would send 3x the amount right back to you.
This is a classic scam that you should be able to recognize right away. “Give me $100, and I’ll give you back $200” would be a ridiculous ruse to fall for in-person; this is the digital equivalent. Anytime you see an offer to double or triple money provided, disregard it. If you send money to the indicated recipient, it’s gone, and you’re not getting anything back.
In the case of Betterment, analyzing the “offer” reveals another sign of this being fake. If a financial service were to provide bonus credit for deposits, it would provide clear terms on how much money you had to deposit and when you would receive the bonus.
It wouldn’t provide a random wallet address, and certainly wouldn’t offer to “send you back” money. Instead, the company would deposit money in your account directly, likely after a set period. This is common for banks that offer a welcome bonus after opening an account.
Another classic sign of a scam (even in modern scam emails) is making you act quickly, so you don’t think clearly. No legitimate limited-time offer is going to last for just a few hours, and no company would send you money “right back”.
A scam we’ve seen before
Unfortunately, this isn’t the first time
After this happened, Betterment published a page with explanations. It details that someone gained access to a third-party platform that Betterment uses for marketing. This was through social engineering, meaning an employee was likely tricked.
Thankfully, opening the notification wasn’t dangerous, and the company’s investigation found that no unauthorized account access occurred. However, information like email addresses, phone numbers, and birthdates was exposed.
This is a story we’ve heard before: someone at a trusted company is compromised, then the attacker uses the authenticated access into the company’s systems to make their schemes look legitimate. A similar scam involving Grubhub happened in December 2025, where Grubhub users got an email from a legitimate company address advertising a fake 10x promotion.
And back in July 2020, a widespread version of this scam happened on Twitter. The company’s internal admin tools were compromised, allowing intruders to post a “doubling all money” scam to dozens of major verified accounts. This included Apple, Barack Obama, Bill Gates, and many more.
Don’t trust anything online 100%
Even if you wouldn’t fall for a scam like this in an online ad, you might get tripped up when the alert comes from a trusted entity. The scheme also involved an email with the same “offer”, which came from an authentic Betterment email address.
It’s an important reminder that you shouldn’t thoughtlessly trust everything online, even if you think you know it well. Systems can be compromised, and you never know where a phony message could come from.
In this case, legitimate Betterment communication channels were used to broadcast a scam. Anyone who thought critically about it would recognize this as a popular scam, but it’s easy to suspend that when you trust the sender.
Before you do anything because of an alert—especially involving money—stop and think about it. Search online to see what others are saying about it. Contact the company through another method that’s less likely to be compromised. You’ll rarely regret waiting to act; few legitimate financial issues require a turnaround time of hours.