The rise of Venmo
Venmo has become a household name for almost all walks of life in the United States. Founded in 2009, Venmo has exploded and has set off a whole new way to payments. The ease of sending a digital payment is more appealing than the hand-to-hand transition with physical money. Transactions can occur from anywhere in the world to anyone in the world at any time. With this freedom, comes a huge threat vector for malicious actions.
A little backstory
A friend frantically called me saying that her Venmo account had been hacked and had no idea what to do. At that moment, I hoped that she had not lost or had any money stolen. Quickly, I understand what had happened with her account and how to respond. Her account was not hacked, but rather an impersonation account was created. Some steps can be taken to mitigate the potential threat. A rise in nefarious actions has been recorded on the platform, while safeguards are in place.
So what’s the issue?
Nefarious actors have been using social engineering tactics on ‘Venmo’ to trick users into sending money to them. The threat actor will create an account copying a user’s name, profile photo, and similar username. Next, the actor begins following the user’s friends, then starts sending Venmo requests to friends. This is a critical issue because the user’s account had not been configured with the correct privacy settings, their list of friends was public. The common social engineering techniques are used, such as saying “need $100 for groceries, left my card at home”, “money for coffee”, etc.
How to prevent this from happening on your account?
What are the best ways to prevent this attack? The steps outlined below will help ensure this attack does not happen to you.
- Secure your account with the correct privacy settings. You have the option to choose your privacy settings, and you SHOULD set this to ‘Friends’ (more secure), or ‘Private’ (most secure). Friends will allow the list of current friends to view the list, Private mode will allow no one to view the information. The instructions below can help achieve this or read the Venmo documentation.
- Go to the “You” tab by selecting the single person icon and tap the Settings gear in the top right. Then tap “Privacy” and then “Friends List.” From there you can select your desired privacy option (who can see your friends list). Additionally, you can opt-out of being displayed on other users’ friends lists by toggling the “Appear in other users’ friends list” button at the bottom of the same menu. If toggled “off”, you won’t appear in your friends’ friends lists (no matter their settings).
- Only accept Venmo requests from individuals or organizations that are known to you. If the request is unknown to you or seems a bit sketchy, verify the transaction with another means of contact. Send a quick text, email, or phone to verify the legitimacy of the request.
- Use strong and unique passwords for each of your banking accounts and use multi-factor authentication when possible.
Oh no! Someone made a fake account impersonating me?
- Communicate
- Let all of your friends know to not accept Venmo transaction requests from the incorrect username and to verify requests with you personally.
- Contact Venmo
- Fill out the Venmo Support Form.
- Full Name = Name Phone = 123.456.7890 Email = Venmo account email Subject = Malicious Impersonation Venmo Account How can we help = I’m a Venmo customer and need help with my accountWhich best describes your issue = Security Security = OtherTells us what’s up =A fake account (username of fake Venmo), has been created to impersonate me (real Venmo) and has been sending requests for large amounts of money to my friends and family. Attachments = Attach a screenshot of the account if possible or transactions from friends
- Update Account Privacy Settings
- Secure your account with the correct privacy settings. You have the option to choose your privacy settings, and you SHOULD set this to ‘Friends’ (more secure), or ‘Private’ (most secure). Friends will allow the list of current friends to view the list, Private mode will allow no one to view the information. The instructions below can help achieve this or read the Venmo documentation.
- Go to the “You” tab by selecting the single person icon and tap the Settings gear in the top right. Then tap “Privacy” and then “Friends List.” From there you can select your desired privacy option (who can see your friends list). Additionally, you can opt-out of being displayed on other users’ friends lists by toggling the “Appear in other users’ friends list” button at the bottom of the same menu. If toggled “off”, you won’t appear in your friends’ friends lists (no matter their settings).
- Secure your account with the correct privacy settings. You have the option to choose your privacy settings, and you SHOULD set this to ‘Friends’ (more secure), or ‘Private’ (most secure). Friends will allow the list of current friends to view the list, Private mode will allow no one to view the information. The instructions below can help achieve this or read the Venmo documentation.
About Garrett Ohrenberg
Garrett Ohrenberg is a seasoned IT Security Professional with over 5 years of experience in network security, identity and access management (IAM), endpoint protection, and cloud operations. Known for his technical expertise and creative problem-solving, Garrett specializes in designing secure, scalable systems that enhance organizational efficiency and resilience.
With a strong foundation in cybersecurity and information technology, Garrett is also skilled in system integrations, virtualization, and OSINT, making him a versatile asset in tackling complex infrastructure challenges. His passion for securing assets and improving systems is matched only by his commitment to lifelong learning and staying ahead of the curve in emerging technologies.
Outside of IT, Garrett is a talented photographer and videographer with expertise in sports, branding, music, editorial, and architectural content creation. Based in Nashville and Kansas City, he thrives on capturing meaningful stories for people and brands, blending his technical and creative talents to deliver exceptional results.
When he’s not securing systems or behind the lens, Garrett enjoys traveling, lifting, and fostering community connections. He’s driven by a passion for growth, innovation, and leaving a positive impact in both his professional and personal endeavors.