A fellow freelancer, Amy Derby of Write-From-Home.com, blogged a couple of days ago about her PayPal account being hacked. The hacker paid themselves thousands of dollars, and PayPal never questioned the transaction (though they froze Amy's account afterward). As a result, Amy hasn't been able to access the money she ought to have in her bank account, and has had a multitude of overdraft and related fees to contend with.
Although most of the fees were recoverable, dealing with the fraud has been a nightmare for Amy. Her warning to other freelancers (many of whom use PayPal as well) inspired this post.
Here are some suggestions for protecting your PayPal account from similar intrusions:
1. Use a secure password. I know, your dog's name is easier to remember, but it's also easier for someone to guess. I personally prefer to use words in combination with numbers or symbols, usually with the numbers and symbols mixed in (or replacing letters) to make it more difficult to guess.
The PayPal site agrees:
We recommend that your password is not a word you can find in the dictionary, includes both capital and lower case letters, and contains at least one special character (1-9, !, *, _, etc.).
2. Change your password frequently. I know PayPal and similar websites already say this, but I also know that many people don't take it seriously enough. Some businesses require that their employees change their login passwords once a month, and I think that's probably a good rule of thumb for PayPal accounts, too.
3. Use a different password for your PayPal account. After doing some digging, I found a blog post that claims hackers can hack less secure systems to get your password, and then use it to access your PayPal account.
A while back, one of the email subscriptions I belong to sent emails to everyone saying that their system had been hacked, and suggested that everyone change their passwords if they use the same ones elsewhere — but if they hadn't notified us, I could well have been in Amy's shoes myself.
4. Use PayPal's Security Key. The PayPal Security Key is a little keyring device that displays a "temporary 6-digit security code every 30 seconds." When you sign in, you also have to enter the code that is currently displayed on the device. Presumably, hackers won't be able to get in (though I wonder if they can duplicate the codes if they know the algorithms the specific device uses).
The Security Key is only $5, and sounds like a great investment. However, I'd still suggest using the other three tips in order to maintain the highest level of protection possible for your PayPal account.