Payment apps like Venmo have become increasingly popular lately, for good reason. However, if users are not careful about how they use and secure their information the Venmo payment app, it can be a privacy pitfall.
One concern is password strength. If you are reusing an old password, your app could be infiltrated by someone who then wipes your bank account clean. Some platforms also allow you to set up an optional PIN number in addition to your password, which can add another layer of security. However, as one security researcher reported, the way you are using your app could also put you at serious risk.
Venmo is one payment app that allows users to share their Venmo payments with the public. The company has stated there is a social element to using a payment app. You might have bought concert tickets, movie tickets or just gone out for pizza with your friends. This kind of behavior might be something you would already post on social media. Venmo allows you to keep your Venmo payments set to “public.” Anyone who opens the app can see the most recent Venmo payments, even if they do not know you.
Venmo Payment Scrape
One researcher made a project of “scraping” this data. He used a program he wrote to compile the information and stored it in a database. For months, this researcher downloaded payments from specific IP addresses.
Researcher Dan Salmon was able to copy and store the usernames and IP addresses of the smartphones that were used. At first, it was simply to see if Venmo payment information could be accessed, but then he started to wonder what possible nefarious use a malicious hacker could have with it.
It turned out to be surprisingly easy to download a specific IP address’ most recent Venmo payments, compile them into a professional-looking email and then use those to target the customer with a phishing attack. If you were to receive an email that appeared to come from Venmo and included your most recent Venmo transactions, including the date, amount, purpose and the message you would have typed yourself, you might be more willing to comply with instructions in the email.
It is important to understand that everything this researcher did was legal and not difficult for someone with a little bit of know-how. It required some patience and dedication to the outcome, which is something that hackers and identity thieves seem to have in abundance.
Review Your Venmo App Settings
In order to protect themselves, consumers have to remember that their private business is just that, private. You would hopefully never run through a crowded shopping mall shouting, “I just bought a sweater with a check issued by First National Bank!” So why would you inform all of Venmo’s users that you bought pizza last Thursday, or that you paid your friend for some movie tickets? Remember to adopt an air of caution when it comes to sharing your personal details, especially online or on social media.
You might also like…