General tips for your online security:
(*in addition to Section 17 of our General Terms and Conditions that you should be following)
There is a common scenario that fraudsters may use to trick you into revealing sensitive information: they may pose as customer support or anti-fraud unit through legitimate-looking means of communications (email, messengers etc.) Then through manipulation and deceit cybercriminals try talking you into giving away your sensitive information, clicking on a malicious URL or opening an attachment that contains malware.
How can you stop being phished?
- We never write to our customers first, never ask you to open any external links and never ask for your card security data. In other rare cases we exclusively use our in-app chat for communication.
- Always check sender’s email: fraudsters love to use copycat emails substituting certain symbols: e.g., substitute “l” with 1
- Don’t click on any links, especially shortened ones, and don’t open attachments from the unexpected emails.
- Question the legitimacy of the sources you are going to visit (there is definitely something wrong with the “bank.bg1.lu” even if it looks similar to the bgl.lu).
- Customer support never threatens or pressures you into revealing your card number or card security data.
You can report phishing attempts associated with Joompay’s brand through the in-app support chat or via firstname.lastname@example.org
Protecting your email and social media accounts is essential for cybersecurity, since they contain a lot of your sensitive personal information. Losing control over such accounts may lead to irreparable damage like identity theft.
How to make your passwords strong and unique?
- Use three or more random but meaningful words in a row (e.g., MartianDogBurger).
- Avoid using common pop culture or easily guessable personal details like birthdays, family or pets names.
- If special characters or numbers are required you can substitute certain letters with corresponding characters (e.g. “a” being @, “o” being 0)
- Opt for the password manager applications instead of saving passwords in your browser.
How to prevent hackers from hijacking your account?
- Always enable multi-factor authentication (also sometimes called two-factor authentication or 2FA for short). Once enabled, every time you log into your account from a new device it will require you to enter a one time code sent to you via an in-app push or virtual token provider (like Google Authenticator, Authy ot FreeOTP).
Hackers use your software weak points to hack into your devices and steal data.
How to protect your devices?
- Always install the latest version of software and security updates available for your devices regardless of their operating system (Android, iOS/macOS or Windows).
- Enable the automatic updates to fast track this process.
- Don’t use pirated, “alternative” or “free” versions of commercial softwares, since they always come with the price of your security.
- Enable password or pin code protection on all of your devices including phones, tablets, and PCs. In case of theft, no one will be able to access your personal data and payment details.
How can you verify that your browsing and on-site communications are secure?
- Always check for the padlock sign and “https://” in the browser string
- Never enter your card details on sites without those security signs
- Keep an eye on the typos in the site address (e.g. jooompay.com) or redirects to uncommon domains.
- Don’t save or auto-fill your card details in the browser.
Communicating Security Concerns and Issues
What if the device you used to access your Joompay account got stolen?
- Reset the passcode for your account
- Lock/erase the device remotely, if such an option exists.
If you notice any misuse, theft or unauthorised use of your Mobile, Joompay Card, Passcode or Card PIN or any other suspicious activity, you should immediately contact the customer services team via the in-app chat or email@example.com.