You shop online and access your PayPal account through your computer and your mobile devices, so it is important that these are not vulnerable for fraudsters to use.
Keep your software up to date
Your computer and mobile device have an Operating System and applications. Software is complex and often has minor bugs. Hackers exploit these bugs to install malicious software. Malware, short for malicious software, can capture everything that you type including your PayPal account name and password and send it to scammers. The scammers then use the information to access your account.
Fortunately, device makers and application developers are very diligent about providing updates to the Operating System and Applications. You should keep your system and applications updated to the latest releases. The best way to do this is to select automatic updates for your system and applications where they are available. This can normally be managed through the control panel on Windows and under Preferences on MacOs.
In addition to the Operating System updates, it is important to keep applications up to date too because these are just as vulnerable. The most popular applications are often targets for hackers. These include:
- Web browsers including Internet Explorer, Chrome, FireFox, Safari
- Microsoft Office
- Adobe Reader
- Adobe Flash Player
When security updates are published, the vendor usually indicates the problem that was fixed. So, even if the hackers did not know before the fix was published, they will know where to look after it is published. It is important to stay current because the hackers will exploit systems that do not have current security patches.
Use a Password on your PC
PayPal and other online accounts use email to help you recover your account access if you forget your password. In most cases, if a thief can access your PC or mobile device they can immediately access your email too. This makes it easier to attack your online accounts and steal personal information.
You should use a password on your personal computer. If someone has access to your system for even a few minutes they can install malware. If your computer is stolen, it will make it harder for the thief to access information on your system. Even if the thief eventually does access your system, you will have more time to change your online passwords including your email and PayPal passwords.
Use a PIN on your device
You should use a PIN to lock your mobile device. If a scammer temporarily accesses your device, they could access your email or personal information. Don’t select a trivial PIN like 1234 or 1111 since these are the most common and most easily guessed. Don’t use your birth month and day like 0317 since people that might casually know you easily guess this. Instead, think of a word that you can remember and spell the word with the numeric pad. For example, imagine a Blue Cow and enter 2583, which is B-L-U-E on the numeric pad. See PIN Security for more details.
You should have the screen auto-lock on your device after a few minutes of inactivity. Use a short time out like 3 minutes so that there is a smaller chance of someone accessing your information.
Unfortunately, only 50% of mobile phone users have a PIN on their device. Don’t be one of these people. Imagine that someone found or stole your phone, then started calling everyone in your address book at 2 AM. You would feel very foolish when it is such easy protection to enable the PIN.
Mobile Phone Physical Access
Even with a PIN locked mobile phone you should be cautious about who can get access to it. Since PayPal can send a temporary code via SMS if you forget your account password, someone close to you could easily access your account just by receiving an SMS on an unattended phone. So, don’t leave your phone out when you are not around. Take it with you or secure it somewhere.
Malware Defense: Install Anti-Virus Software
Viruses or Malware are Malicious Software that can be installed on your system through security holes or user actions. Someone may send you an infected file, or you may download something that seemed safe. Just like a human virus, malware can be spread in many ways and it is usually unclear how it got onto your system. Anti-Virus software can help prevent the installation of new malware and will detect most malware if it does get installed.
If malware gets on your system, it can capture everything you type like the passwords to your email account, PayPal account and other financial accounts. These can be sent back to scammers that will access your accounts causing financial problems and embarrassment. Malware can read all the files on your system including your email, your financial records, and personal information. Malware can also take over your system to send out SPAM emails, or to attack other people’s accounts. If malware takes over your system, you are not just a victim; your system will be part of the problem.
Anti-Virus software can run scheduled checks and checks for incoming email for malware that snuck onto your system. Traditionally, malware has been a problem for PCs but more malware is being seen on mobile operating systems like Android and iOS. So, consider Anti-virus protection for your tablet and smartphone.
Anti-Virus software won’t catch everything so you still need to be wary, but it will catch most things. There are a variety of good Anti-Virus products available and many of them have free versions. For example, Microsoft Essentials, AVG, Avast, Commodo, Malwarebytes all have free versions that are highly rated. Be sure to enable automatic updates because the Anti-Virus vendors are constantly identifying and addressing new threats.
Be Careful What You Click
Some malware targets vulnerabilities like bugs in the software on your computer. Other malware masquerades as games or screen savers, just waiting for you to install them. One common strategy is to display a fake virus test and tell you that you have a problem and need to download some software to be secure again. But the software that you are persuaded to download is actually the malware!
Malware can come from website downloads or attachments in emails. If you receive an unexpected email from someone with an attachment be suspicious. If the email has only a short non-personal message like “Hey! Look at this cute puppy!” or “This is funny!” with an attachment be even more suspicious. Check the sender’s email address if you are in doubt. If you are still in doubt and think you need to see the attachment, call the sender and ask. You may find out that the sender’s email account was hacked (perhaps from a bad attachment) and is now being used to send out malicious SPAM.
Anti-virus software will help protect you against bad attachments and bad downloads, but it won’t protect you from everything and is not a substitute for common sense. Remember that even the best anti-virus software is vulnerable if you don’t keep it up to date.
Don’t forget about your smartphone and tablet. Most people don’t secure these as well as they should, and that by following a few simple tips from PayPal and NCSA, you can have greater security and better peace of mind:
- Always activate a PIN or lock function for your mobile device: A PIN is the simplest and most important thing you can do to ensure security on your mobile device especially if it is lost or stolen.
- Automate software updates: Many software programs automatically connect and update to defend against known risks. Turn on automatic updates on your mobile device if that’s an available option.
- Use common sense when downloading apps: Unknown or repackaged apps can contain malware designed to steal financial information from a mobile device, so always purchase or download apps from companies that you trust and check reviews. When installing new applications, review permissions and decide whether you’re comfortable granting the access that an application asks for.
- Enable “Find My Device”: If your phone, carrier, or antivirus software supports the “find my device” feature, it’s a good idea to activate it. This functionality will help you find your device if it’s lost or stolen, and lock it or wipe it clean remotely if you need to.
- Backup your device: It is critical to backup your device on a regular basis. Some operating systems offer this option as an automated service. If you ever need to exercise the remote wipe feature mentioned above, you will be glad you have a current backup that you can recover to a new device.
More Security Resources
Here’s some useful security links with more information to help you protect yourself: