PayPal is one of the longest-serving digital wallets and online payment services. Several experts foretold the service’s downfall due to the plethora of competitors that sprung up overnight, but PayPal proved to be a fierce contender.
PayPal has upwards of 400 million active users worldwide, making it an irresistible target for cybercriminals. Although the service encompasses several defense mechanisms to prevent attacks and protect its infrastructure and customers, its users can still fall prey to attacks.
The most common attacks that PayPal customers encounter are:
- Phishing and spear-phishing
- Credential stuffing
- Malware (spyware, worms, RATs)
- Man-in-the-middle (MITM)
Unfortunately, there’s no silver bullet against all these threats. However, safekeeping your PayPal account and funds can be simplified by following these security practices:
Use strong passwords
Creating a strong password for your PayPal account is one of the most important steps you can take to ensure its integrity. When deciding on a password, avoid simple combinations such as ‘PayPal123’ or similar choices.
Instead, opt for hard-to-guess, random combinations of uppercase and lowercase letters, numbers and special characters. Many people avoid using complicated passwords for fear they’ll forget them. However, a hard-to-remember password is less likely to be cracked.
To eliminate the need to jot down your PayPal account password, you can opt for a trustworthy password manager. Tools like Bitdefender Password Manager can help you store and organize passwords and include strong encryption algorithms to protect them.
Enable multi-factor authentication (MFA)
Multi-factor authentication (MFA) is a defense mechanism that double-checks your legitimacy whenever you want to perform a certain action, such as logging in or transferring funds.
PayPal’s MFA system lets you choose between SMS-based and app-based authentication. We strongly recommend app-based authentication since SMS 2FA is vulnerable to SIM swapping attacks.
Review account permissions
PayPal conveniently lets you link your account to various online services, so you avoid the hassle of managing permissions every time. However, absent-mindedly granting services permissions to your PayPal account may jeopardize its security.
Make a habit of reviewing the list of permissions and weed out any services you don’t trust or no longer use. Always unpair your credit card from your PayPal account if you don’t plan on using the service for a while.
Be wary of phishing scams
Phishing scams are not immediately obvious, hence their increased efficiency. In fact, most phishing websites are cleverly disguised to deceive you into willingly handing out sensitive data.
To steer clear of phishing attempts, avoid clicking links in emails, SMS or instant messenger (IM) texts. Although spotting phishing emails can be challenging, some dead giveaways include:
- Spelling mistakes
- The sender’s address does not match PayPal’s domain
- Unencrypted email
- Sense of urgency to pressure victims into handing over critical data
- Login links that lead to non-PayPal websites
Specialized tools like Bitdefender Ultimate Security can help you dodge phishing attempts by automatically detecting and blocking websites that mimic legitimate ones.
Avoid using PayPal on public networks
Public Wi-Fi networks often pose a risk due to their lack of encryption, which puts users at risk of MITM attacks (session hijacking, sniffing, SSL stripping, packet injection).
In other words, threat actors might monitor your unencrypted connection and steal sensitive data while you’re on a public Wi-Fi network. To avoid this attack, simply use your mobile data connection or a virtual private network (VPN) such as Bitdefender VPN.
A trustworthy VPN helps secure your traffic on public networks, keeps you safe from targeted attacks (DoS, DDoS), and lets you use online services anonymously.
Keep your devices secure
If you frequently use PayPal from portable devices such as your laptop, phone or tablet, make sure the devices are secure and not easy to unblock.
On mobile devices, PayPal offers biometric security mechanisms so you can unblock the app with your face or fingerprint. In addition to securing your device’s lockscreen, consider enabling PayPal’s biometric settings, even if they’re an extra step to access your account.
Be wary of PayPal’s automatic login
PayPal offers an optional One Touch feature that lets you skip logging into your PayPal account during checkout. While conveniently saving you some precious time, you should avoid using the One Touch feature on shared devices such as phones, tablets or laptops.
If unused for a while on a particular device, the One Touch feature is disabled automatically. However, you should periodically review the list of devices using the feature and manage it accordingly.
Set up account alerts
By default, PayPal sends notifications whenever certain events occur on your account, such as receiving money, making a purchase, and attempted logins.
If you receive alerts for events you don’t recognize (payments you didn’t make, login attempts), notify PayPal as soon as possible and take the necessary steps to protect your account.