The Bitwarden Blog
Secure Your PayPal and Venmo Accounts with Bitwarden
August 10th, 2021
Paypal users have grown by 21% and Venmo users by 60% year-over-year between 2020 and 2021. To leverage PayPal and Venmo services, users connect a credit card or bank account to their account, increasing the risk of bad actors attempting to access the information. Securing those PayPal or Venmo accounts using simple and effective security methods helps users protect their personal and financial data. This article explores how to identify potential hacking attempts and secure your online accounts with Bitwarden and two-step authentication.
In March 2017, bleepingcomputer.com revealed that 14,766 SSL certificates containing “PayPal” in the domain name or certificate identity were issued to phishing websites. By March 2020, the number of fake PayPal websites had increased to 61,226, according to vadesecure.com - despite thousands of fake websites removed by fraud investigators.
When PayPal customers visit a phishing website after clicking on a link in a phishing email, a green padlock symbol appears alongside the URL – a symbol commonly misunderstood to mean the website is legitimate. The green padlock just means that the connection between your browser and the website server is secure.
There are no guarantees as to who owns the website or who controls the server. In the image below (provided by bleepingcomputer.com and Eric Lawrence, both screenshots below seem legitimate, but can you spot the fake?
The real PayPal site on the left includes an extended validation certificate that displays the company’s name (e.g., PayPal, Inc. [US]) next to the padlock. The fake site on the right only shows “Secure” next to the padlock which can be misleading if not examined closely. An extended validation certificate requires more time and financial resources to verify the owner’s identity, making it less likely for a phishing party to go through all the effort. Scammers are hoping to obtain login credentials to your account by setting up fake PayPal and Venmo websites. But thankfully, you can leverage a couple of tools to help keep your accounts secure.
YOU MIGHT ALSO LIKE: How password managers help prevent phishing
Two-factor authentication adds an extra layer of protection to secure a PayPal or Venmo account by requiring you to enter a single-use security code with each login. Authenticator apps are more secure than SMS text messages which can be intercepted or redirected by scammers with a technique known as SIM-jacking.
Here’s how to implement an authenticator app for added security:
- Log into your PayPal account
- On the top navigation bar, click on the Settings icon (next to “log out”)
- Select “Security” from the top navigation bar (second menu item from the left)
- Then click on “Set Up” to the right of the “2-Step Verification” line
You will then be asked if you want PayPal to text you a single-use security code each time you log in or if you would rather use an authentication app such as the Bitwarden Authenticator, which is already built into the password manager. It verifies your identity for websites and apps that use two-step login by generating a 6-digit time-based one-time password (TOTP) verification code.
To link Bitwarden Authenticator with your PayPal account, scan the QR code that appears on the screen or manually type the secret key into the authentication app. Bitwarden will generate the TOTP code, which you then need to enter below the QR code/secret key and confirm.
When you set up two-step login on any website, you receive backup codes should you ever lose your original authentication capability. Keeping track of your backup codes is important! You have many options, but one is to place your backup codes into a Secure Note within Bitwarden - which keeps them separate from your login info but not so far away that you will misplace them.
For more information on two-step login, please see our Bitwarden Field Guide for Two-Step Login.
Venmo uses multi-factor authentication and sends a code to your registered phone number when you log in for the first time or are on a new device. Venmo will remember your device so that you don’t have to type in the verification code each time but might prompt you with a verification code if you haven’t logged in recently. You can also view the remembered devices and sessions that took place on your Venmo security page.
Using Bitwarden to log into your account provides another layer of security if you’re not on a previously remembered device when trying to access your Venmo account. Adding more protection, Bitwarden browser extensions will not indicate log-in credentials on a spoofed website if you happen to click through on a phishing email or text message accidentally.
YOU MIGHT ALSO LIKE: How Password Managers Help Prevent Phishing
A strong password can also keep your PayPal or Venmo accounts secure. Generate strong passwords and start using Bitwarden to automatically manage two-factor authentication for your logins today.
Back to Blog