Back in May, we posted about Venmo, the app powered by PayPal that allows users to easily send and receive money. What surprises many people, is how public the app is. To date, you can find just about anyone on the app. Not only can you find their profile, if it is set to public, you can see who they are sending money to and sometimes why.
How Venmo Works
This person-to-person app allows you to easily send or receive money from friends, family, or co-workers. Simply click on the “Pay or Request” button, type in your friend’s email, phone number, or username. You can also scan a QR code from the app if your friend is nearby. Venmo is also free when you link your bank account to the app.
It recently drew a lot of attention when someone noticed several members of the Biden family on the app. It brought attention to the security of the app to everyone.
eMarketer.com published a recent article outlining the changes. “PayPal-owned Venmo will introduce new fees and updates to its platform that’ll give users more control over their accounts and add an extra layer of protection for some transactions, per Android Police.”
Privacy Changes for Users
“Privacy and security updates: Users can now change the visibility of their friends list to public, private, or friends. They can also opt out of being seen on other users’ friends lists. And effective July 20, Venmo will expand eligibility for the Purchase Protection Program for transactions sent to business accounts and all payments marked for goods and services by the sender.”
eMarketer.com
It gives the user back the power in terms of who they want to view their information. Some people may view the app as secure since it is a go between your bank account and your venmo account.
Venmo & Social Media
The Washington Post recently published an article about how one user used Venmo to collect money from strangers. Think of a “Go Fund Me” Venmo style. Here are some unique stories of how people use Venmo for crowdfunding:
When Kori Roy was heading out on the final leg of a road trip to celebrate her wife’s 29th birthday in April, she decided to add a message to the rear window of her Hyundai: “Help us get to New Orleans!” she wrote, adding her Venmo and Cash App accounts.
TikTok and Venmo have been a match made in heaven. Many TikTok users were using Venmo as a source to fuel their road trips. People have been using the app to ask for money for all kinds of things. The image below is an example.
Anytime money is being exchanged, one needs to be cautious. It seems for now anyway, there is a level of trust people have with Venmo. Maybe because it is a PayPal app and PayPal seems more secure to most people.
However, there are scams to be aware of. Unlike credit or debit cards, once money has left your account it is gone for good. it is almost impossible to recoup the loss should you send money to a scammer.
By now most of us in the OSINT field have gotten used to social media updates. Remember Facebook Graph (RIP)? I remember when we would use it and think about what would happen if they took it away. Then, one day, it was eliminated. We were horrified, and wondered how we would live without it. We all have lived without it of course, and we are probably better for it. It has forced us all to think more about the “how to” rather than relying on any one software platform, app, or tool.
What’s Around the Corner?
Well the big tech giants are at it again. Let’s start with one that I think will be a game changer. Twitter is working on new controls on who can @mention you on the platform. Last August they put the control back in the user’s hand. The latest in the news of social media updates.
“Here’s how it works. Before you Tweet, choose who can reply with three options: 1) everyone (standard Twitter, and the default setting), 2) only people you follow, or 3) only people you mention. Tweets with the latter two settings will be labeled and the reply icon will be grayed out for people who can’t reply. People who can’t reply will still be able to view, Retweet, Retweet with Comment, share, and like these Tweets.”
This can be quite limiting in OSINT work if the user realizes they have this option. The key phrase is that “everyone” is the standard Twitter default setting. To me, it kind of negates the entire reason for being on the platform. To so many users, this is a platform to not only shout out your opinions, but to also get noticed for those opinions!
In addition, Twitter’s also looking to add a new notification for when you’re mentioned by somebody who you don’t follow. This is going to be a huge game changer for all those Social Media Influencers and marketers out there. Tagging can be a great way to get in front of the right brand or person to get noticed.
Social Media Update #2: Facebook Tests Pubic Comments in Stories
Source: Ideahuntr
As you can see in this example, posted by @ohitsmerenz (and shared by Matt Navarra), Facebook appears to be testing a new option which would display Stories replies on the Story frame itself, adding a whole new way to engage with Stories content. It would be a new way for people to engage with stories. Will it be discoverable during online searches? That remains to be seen. It is also in the very early stages, so we shall see.
Tip: Remember if you view someone’s stories you will be identified. Something to remember when searching online.
Check back and we will be sure to watch for updates on this!
By now we have all been schooled on what we shouldn’t post publicly in social media and why. In fact, you can read all over the internet why it is not a good idea to post your COVID vaccination card. It is also not a good idea to post about vacation plans.
When it comes to insurance fraud, a claimant’s social media posts plays an important role in any investigation. When someone is trying to claim an injury when there isn’t one, they need to lock down. You would think that the fraudster would be careful when they post publicly in social media. This is not always the case. In fact, recently we performed a deep web scan on a person suspected of insurance fraud. This was a workman’s comp case. A friend of the person actually cautioned him about a post he had recently added. She came right out and told him to be careful what he was posting. He answered her post by saying, “I not. I know how this works.” The original post was deleted, so we never knew what he posted to make her say that. It was suspicious however, that he left this exchange up on his profile page. In other words, he knew he might be watched in social media.
“Checking social media accounts has become one of the first things an insurance company or adjuster will do when you file a claim,” says Frank Darras an attorney from California who specializes in law suits against insurance companies.
Source:Auto Insurance Quote
What to Look For in Social Media
When we conduct a deep web scan, we start with the data points that we know to be true on an individual. Name, address, date of birth, employer, address and email addresses. They are all critical pieces of information because each one may hold an attachment to something online about our person of interest. It is also important in authentication. We need to be certain we have the right person.
Some tips we have learned along the way that may be of help to you include the following:
Check for multiple profiles. You just found your person of interest’s Facebook profile and you think you are done there. Not always so. Many people have secondary profiles. They may have set them up, forgot about them or they use each one for different things. Believe it or not, you may discover them by looking through their friends list. This is especially true in Facebook.
Tell a Story: Across all social media platforms, it is important to check the dates of posts. When you put them altogether, they can tell a story of a person’s activity. Just by combing through this information, you may find an inconsistency in their story or claim. Perhaps they are claiming to have taken a fall at work. Yet, a social media post may show them complaining about back pain days prior. Connecting the dots doesn’t mean they are automatically guilty, but can mean that a deeper investigation is needed, just to be sure.
Proof of legally attained social media posts: That is where meta data comes into play. If you find something in a person’s social media profile, you are going to want to extract that post and gather the intelligence behind it. Remember, screenshots can easily be altered.
Video is the Golden Child
Instagram, TikTok, YouTube are all examples of social media known for their videos. People post videos of all kinds of things there. Searching these platforms can be very lucrative because of it. Just remember, if you do find something important there, you will want to not only obtain the meta data, but extract the actual video to keep as evidence that is admissible in court.
Keep in mind that we can extract videos and photos as well as capture the meta data from the post. Timing is everything however, and what is here today can be gone tomorrow.
You just enjoyed a nice dinner out with a few friends and are ready to pay. You reach in and notice you forgot your credit card. Your friend pays for dinner, but instead of waiting to pay him back you easily whip out your phone, head to your Venmo app, and send your friend money with ease.
What is Venmo?
Venmo is an app that is owned by PayPal with over 52 million users, as of 2020. This person-to-person app allows you to easily send or receive money from friends, family, or co-workers. Simply click on the “Pay or Request” button, type in your friend’s email, phone number, or username. You can also scan a QR code from the app if your friend is nearby. Venmo is also free when you link your bank account to the app. What is not to love? This app has some incredible advantages and unfortunately a few disadvantages…
Privacy Entanglements
Venmo requires you to write out or choose an emoji to describe your payment before you can submit it. While this is a clever way to keep track of your payments, there are significant privacy concerns involved.
Transactions you make are viewable on a public feed unless you change the settings to make them visible to just the party involved or only to your friends.
The amount of money sent or received is never public, but there is a text, emoji, and time stamp visible on all transactions.
Publicly viewed transactions are shared with third parties. Venmo’s privacy policy states that is shares user data “for everyday business purposes, for marketing purposes, for joint marketing with other companies.”
Not only is privacy an issue when it comes to third party sharing but what about all the “other” individuals out there, including your friends, that can see who you are paying and what you are doing?
The Dark Side of Venmo
From stalking, identifying cheaters, even buying or selling of drugs, it has all been seen and reported on over the years. One of the most alarming stories that has hit mainstream media recently is one of a national security risk. Buzzfeed News identified Joe Biden’s Venmo account, and sadly enough it was public. Once they identified that the account was truly our President’s, they quickly notified The White House.
“On Friday, following a passing mention in the New York Times that the President had sent his grandchildren money on Venmo, BuzzFeed News searched for the president’s account using only a combination of the app’s built-in search tool and publicfriends feature.
In the process, BuzzFeed News found nearly a dozen Biden family members and mapped out a social web that encompasses not only the first family, but a wide network of people around them, including the president’s children, grandchildren, senior White House officials, and all of their contacts on Venmo.” -Buzzfeed News
After this story was published, a Venmo spokesperson told BuzzFeed News: “The safety and privacy of all Venmo users and their information is always a top priority, and we take this responsibility very seriously. Customers always have the ability to make their transactions private and determine their own privacy settings in the app. We’re consistently evolving and strengthening the privacy measures for all Venmo users to continue to provide a safe, secure place to send and spend money.”
From celebrities being stalked through Venmo, and now our President’s private information being so very public by default, will the lines of privacy forever be tangled with Venmo? Time will tell.
I think it is safe to say that most of us have seen successful dating stories in commercials, heard from friends, and seen the benefits of quickly weeding out the frogs to find the ideal partner. Whether it is a paid service to do the hard work for us or the assistance of an easy meet-up through a swipe left or right, dating apps are becoming more prominent in the dating game.
Some of the most popular dating sites are match.com, e-harmony, plenty of fish, and dating applications such as Tinder and Grindr. To sign up for these services, all you need is a little time to fill out a questionnaire or just a working phone or email, depending on which service you decide to use. Accessibility makes these so popular, yet people with ill intentions can also misuse their accessibility. Dating apps and services have become more accessible for predators to find and prey on victims. Dates through dating apps have led to sexual abuse and predatory behaviors resulting in harm to users, yet these stories do not necessarily see the light as often as the success stories we see on commercials.
How safe are dating sites?
Unfortunately, dating sites are not as safe as we think they are. USA Today reports 37% of online dating users describe being contacted by a user or a match they have rejected on a dating site. These users also reported 35% had received unsolicited explicit photos and almost 30% have been called vulgar names, and 10% have been threatened by another user.
Dating sites are designed to facilitate dating; unfortunately, dating sites can do little to corroborate the information shared by users. This is where section 230 comes into relevance. To protect these sites Section 230 of the Communications Decency Act states, “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider. To the consumer, this means the dating site operating and matching clients is not responsible for any information or content shared on the users dating profile. There are exceptions, but false information used by the consumer will not affect the dating site in most legal matters.
The Case of John Meehan
One case that garnered national attention was the case of John Meehan. As many of us know now, John had a previous record for evading arrest and stealing drugs in a hospital he was serving as a nurse. As a result of this, John served several years in prison and lost his nursing license. Once released from jail, John began seeing a woman in California, he introduced himself as an anesthesiologist, and they began dating. After some time dating this woman, John tried to get her to transfer money to his account, the woman broke off their relationship, and then the real John came out. John began to threaten and intimidate her. Authorities issued a restraining order for her protection; John ended violating the restraining order and found himself back in prison.
After his release, John then began to use dating sites, and this is where he met Debra Newell; John said he was an anesthesiologist and volunteered overseas. John and Debra started to date and, over time, got married. At this time, Debra’s family became suspicious and began to investigate John. Her family found his previous criminal record, to which Deborah was not aware. Debra also found information on women who had dated John and shared their experiences with him. Debra separated from John but did get back together with him. John stalked Debra and her family to the point of attempting against Debra’s daughter’s life. With his extensive criminal record showing his tendency to become obsessive and threaten women, and his extensive dating history documented on the internet, John should not have been allowed on a dating website. John could find easy prey and use his knowledge to coerce women into dating him, steal from, and take advantage of them.
What can I do to stay safe on the internet?
There are many ways to stay safe on the internet; these will essentially require safety measures to be implemented.
Use a website you have researched and are comfortable using. It is imperative to know the safety policies the website has in place and how these are set to protect you.
Take the investigative process into your hands, investigate the people you share information with on the internet. Our eChatter Social Media and Deep Searches are designed to analyze and assemble a profile on a subject through extensive OSINT techniques compiled by one of our analysts. These reports can discover an array of information, including criminal records, public social media profiles, or digital footprint. This can be significant information to obtain, especially while dating online.
Do not share immediate personal information; get to know suitors through facetime or chat before any personal information is shared or an in-person meeting is set up.
If a meeting is set, let others know where the meeting or date will take place and share as much information with someone you trust for your safety. Try to meet in a public location and always be aware of your surroundings.
See if your dating site or app will offer a background check. Match Group, for example, has begun to implement this into their apps and sites.
Dating, in general, can be intimidating, and interactions on the internet can go sour, report any user violating the dating website’s user policy, and be sure to follow up on this process.
Who do I speak to if I suspect a user is violating the terms of usage of the website?
You can speak to the user and express your feelings; not all interactions are aggressive, which could help the situation.
If the user is aggressive or offensive in their behavior or you do not want to reach out to the user, you can report their profile to the dating site or block this user from contacting you.
If the interaction has left the dating site, the next step is to contact the authorities and see what they can do to help. Document interactions with this subject and do not let your guard down.
Dating does not have to be an intimidating task; many users have found meaningful relationships using these sites. Stay safe, do your homework, and if in doubt, take a closer look at your date; you will never know what you can find.
