As you can imagine, at Plooto we take the security of your money and information very seriously.
Plooto is ISO/IEC 27001:2013 certified, and we use 256-bit encryption to secure your data. You can learn more about our security here.
Though we are not aware of any attempts by fraudsters targeting Plooto customers specifically, it's never too early to talk about how detect and avoid scammers online — specifically "phishing" attempts.
What is "phishing"?
In phishing attempts, scammers will pose as someone you trust — a person or a company — in order to fool you into giving away something that you shouldn't. Sometimes phishing attempts try to get you to hand over money directly. Other times, they're trying to get sensitive info like your password, so that they can relieve you of your money themselves.
Phishing is most commonly done by sending you an email that looks like it came from a trusted source you know. Fraudsters may copy the look and language of emails you're used to seeing. They can even make the email look like it came from a specific email address that you know.
How do you protect yourself?
- If you're ever suspicious, ask us! In the case of interactions with Plooto, reach out to us by emailing email@example.com.
- Check that the URL in your browser address bar begins with app.plooto.com when you're logging into Plooto. If not, do not use the site. (The URL for the public Plooto website does not begin with "app", but once you log in, those pages do.)
- Confirm that your connection is encrypted. If it's not, stop using Plooto and try with a different computer and internet connection. You can confirm the encryption by looking for "https://" in the URL, or simply looking for the padlock in the address bar, like this:
- Plooto employees will NEVER ask for the password to your Plooto account, or for your online banking credentials. N-E-V-E-R. Only enter your login credentials directly into Plooto's site when you have followed the steps above.
Other tips for staying safe
Re-using the same password on different accounts is convenient, and it's a really bad idea: It means all of your online activity is only as safe as the least secure site that you use. Make sure to use a unique password for Plooto which you do not use on any other accounts (including your email).
To add extra security to your Plooto account, we offer 2-factor authentication. When you turn that on, whenever you try to log into your account we will send a text message to your phone with a unique login code.
If you have any questions about your account, or about messages you receive from Plooto, please reach out to firstname.lastname@example.org.