How to Stop Fraudsters from Hacking Your Account
This post was written by Quyen Bui, Square’s Senior Fraud Data Analyst
Have you ever heard of an account takeover? Not the kind where celebrities take over social media accounts to snap photos of their day. I’m talking about the more malicious kind, where fraudsters gain access to your email and password and access your online accounts with bad intent.
Once fraudsters hack into your account, they can get hold of your private information, divert your deposits, or commit credit card fraud. While the Square Secure team performs 24/7 fraud monitoring on your behalf, here are four things you can do to stop fraudsters in their tracks.
1. Take a second look at your passwords.
The most important thing you can do to protect your personal and business accounts from being taken over by fraudsters is to pick unique passwords and then change them regularly.
Here are qualities of a strong password:
- It’s long and complicated. Eight letters? Fine. Sixteen letters? Even better. With vAriEd CaPitaliZAtiOn and $pec!al ch@r&cters? Great! If you’re experiencing writer’s block, try using an online secure password generator.
- It’s not easily guessable. Don’t use simple dictionary words, personal things (like your name), or strings that a stranger could predict. I’m looking at you, “password12345”.
- It’s not shared with other platforms. Whatever you do, do not use the same password for your email and your Square account. Many experts hypothesize that password reuse is the main driver of hacker success. If you have difficulty remembering your different login information, consider using a secure password manager.
- It’s refreshed on a regular basis. Millions of credentials are compromised every year across thousands of websites. To keep your account protected for the long term, you should try to change your password every 30–90 days.
So, now think about the passwords that you use. Do you follow these best practices? If not, follow these steps to change your squareup.com password.
Get Started with Square Point of Sale.
Point-of-sale software designed to grow with you.Get started
2. Don’t trust strange websites and email.
Scammers send phishing email to obtain your private information and use it to commit fraud. These emails are designed to look just like other Square emails in order to trick you, but they are run through third-party websites instead of ours (see the example below).
Whenever a website or email asks you for personal information (e.g., password, Social Security number, birth date, etc.), always verify the request is from someone you trust. In your browser, the Square login page has the URL https://squareup.com/login, and it has a lock icon in the address bar to show that it’s a trusted and secure website. Our email messages come from @messaging.squareup.com.
So what do you do when you come across a sketchy email?
First of all, do not click any links or download any attachments. Next, forward email asking for your Square credentials to firstname.lastname@example.org — we have resources dedicated to investigating and taking these scams down. Last, mark the message as spam and delete it from your email account.
3. Two-step your way to safety.
Two-Step Verification adds another layer of security to your account. In addition to a username and password to log in, you also need to enter a security code that only you can receive (through either text message or an authentication app). If you’re on a trusted device, you can choose to have Square remember you for the next 30 days without having to re-enter a code again.
To enable 2-Step Verification, sign in to your Square Dashboard, navigate to Account & Settings, and then click the Activate 2-Step Verification button.
4. Keep the right checks in place for your business.
Fraudsters are not always sophisticated hackers from far, far away. Sometimes, they are the employees whom you’ve hired. While we’d like to think that rogue employees work with other people at other companies, research suggests that as many as 25 to 40 percent of employees steal from their employers in some way.
If your account gets into the wrong hands, you can have your settings changed, deposits taken, and reputation harmed if fraud occurs. With Square, you can customize employee permissions to secure the most sensitive information about your business. You can use passcodes to control what each employee can access, and you can track every interaction between your employees and your point of sale.
To set this up, follow these steps.
It’s important that you take action to protect your account from takeover and fraud. But don’t worry, you’re not alone. The Square Secure team has numerous systems in place to recognize uncharacteristic activity happening on your account. Once we do identify an account takeover, we immediately lock it down and reach out to the account holder.
If you recognize any unauthorized activity, please use this form to reach out to a team member for investigation.
Tricks of the Trade: How Fraudsters Try to Scam You out of Your Hard-Earned Money
What Is Two-Factor Authentication and How Does It Protect Your Business?
PCI Compliance: What You Need to Know