How to Stop Fraudsters from Hacking Your Account

Have you ever heard of an account takeover? Not the kind where celebrities take over social media accounts to snap photos of their day. I’m talking about the more malicious kind, where fraudsters gain access to your email and password and access your online accounts with bad intent.

Once fraudsters hack into your account, they can get hold of your private information, divert your transfers, or commit credit card fraud. While the Square Secure team performs 24/7 fraud monitoring on your behalf, here are three things you can do to stop fraudsters in their tracks.

1. Take a second look at your passwords.

The most important thing you can do to protect your personal and business accounts from being taken over by fraudsters is to pick unique passwords and then change them regularly.

Here are qualities of a strong password:

  • It’s long and complicated. Eight letters? Fine. Sixteen letters? Even better. With vAriEd CaPitaliSAtiOn and $pec!al ch@r&cters? Great! If you’re experiencing writer’s block, try using an online secure password generator.
  • It’s not easily guessable. Don’t use simple dictionary words, personal things (like your name), or strings that a stranger could predict. I’m looking at you, “password12345”.
  • It’s not shared with other platforms. Whatever you do, do not use the same password for your email and your Square account. Many experts hypothesise that password reuse is the main driver of hacker success. If you have difficulty remembering your different login information, consider using a secure password manager.
  • It’s refreshed on a regular basis. Millions of credentials are compromised every year across thousands of websites. To keep your account protected for the long term, you should try to change your password every 30–90 days.

So, now think about the passwords that you use. Do you follow these best practices? If not, follow these steps to change your password.

Get Started with Square Point of Sale.

Point-of-sale software designed to grow with you.

2. Don’t trust strange websites and email.

Scammers send phishing emails to obtain your private information and use it to commit fraud. These emails are designed to look just like other Square emails in order to trick you, but they are run through third-party websites instead of ours.

Whenever a website or email asks you for personal information (e.g., password, Social Security number, birth date, etc.), always verify the request is from someone you trust. In your browser, the Square login page has the URL, and it has a lock icon in the address bar to show that it’s a trusted and secure website.

So what do you do when you come across a sketchy email?

First of all, do not click any links or download any attachments. Next, forward email asking for your Square credentials to — we have resources dedicated to investigating and taking these scams down. Last, mark the message as spam and delete it from your email account.

3. Two-step your way to safety.

Two-Step Verification adds another layer of security to your account. In addition to a username and password to log in, you also need to enter a security code that only you can receive (through either text message or an authentication app). If you’re on a trusted device, you can choose to have Square remember you for the next 30 days without having to re-enter a code again.

To enable 2-Step Verification, sign in to your Square Dashboard, navigate to Account & Settings, and then click the Activate 2-Step Verification button.


If your account gets into the wrong hands, you can have your settings changed, transfers taken, and reputation harmed if fraud occurs. With Square, you can customise employee permissions to secure the most sensitive information about your business. You can use passcodes to control what each employee can access, and you can track every interaction between your employees and your point of sale.

To set this up, follow these steps.

It’s important that you take action to protect your account from takeover and fraud. But don’t worry, you’re not alone. The Square Secure team has numerous systems in place to recognise uncharacteristic activity happening on your account. Once we do identify an account takeover, we immediately lock it down and reach out to the account holder.

If you recognise any unauthorised activity, please use this form to reach out to a team member for investigation.