At Plooto we take the security of our customer's money and information very seriously. Plooto is ISO/IEC 27001:2013 certified, and we use 256-bit encryption to secure your data. You can learn more about our security here.
Though we are not aware of any attempts by fraudsters targeting Plooto customers specifically, it's never too early to talk about how to detect and avoid scammers online — specifically "phishing" attempts.
Below outlines best practices to protect yourself and your Plooto account from phishing attempts as well as an introduction to our latest security feature, two-step verification (also known as two-step authentication).
What is "Phishing"?
In phishing attempts, scammers will pose as someone you trust — a person or a company — in order to fool you into giving away something that you shouldn't. Sometimes phishing attempts try to get you to hand over money directly. Other times, they're trying to get sensitive info like your password, so that they can relieve you of your money themselves.
Phishing is most commonly done by sending you an email that looks like it came from a trusted source you know. Fraudsters may copy the look and language of emails you're used to seeing. They can even make the email look like it came from a specific email address that you know.
How Can I Protect Myself and My Plooto Account?
- If you're ever suspicious, ask us! In the case of interactions with Plooto, reach out to us by emailing email@example.com.
- Check that the URL in your browser address bar is app.plooto.com when you're logging into Plooto. If not, do not use the site. (The URL for the public Plooto website does not begin with "app", but once you log in, those pages do.)
- Confirm that your connection is encrypted. If it's not, stop using Plooto and try with a different computer and internet connection. You can confirm the encryption by looking for "https://" in the URL, or simply looking for the padlock in the address bar.
- Plooto employees will NEVER ask for the password to your Plooto account, or for your online banking credentials. Only enter your login credentials directly into Plooto's site when you have followed the steps above.
- Enable Two-Step Verification to ensure only the authorized users are logging into their Plooto accounts.
What is Two-Step Verification, and Why Enable it?
Re-using the same password on different accounts is convenient, and it's a really bad idea: It means all of your online activity is only as safe as the least secure site that you use. Make sure to use a unique password for Plooto which you do not use on any other accounts (including your email).
Enabling two-step verification provides an extra layer of security. Most people only have one layer – their password – to protect their accounts. With two-step verification, if a bad guy hacks through your password layer, they'll still need a code (the second step) from your phone to get into your account.
How Does the New Two-Step Verification Work with Plooto?
If two-step verification is activated for a user, signing in to their account will work a little differently. The user will first enter their password and then be prompted to input a six-digit security key from the two-step verification app on their phone. These six-digit codes will change every sixty seconds, so even if someone knows the code you used last time you logged in, they will not be able to access your account in the future without a new code.
Is Two-Step Verification Required on All Plooto Accounts?
No, two-step verification is a setting that can be turned on for any Plooto account, but is currently not a requirement. We do recommend using it on your account for the best possible security. Note that administrators of a Plooto account may choose to require users to enable two-step verification. If you want to ensure your team has enabled the most secure steps for login, we recommend changing the setting to force the use of two-step authentication in the User Management settings.
Activate two-step verification for you and your Plooto users today!