Overview
The information in this guide is intended to be read in addition to the basic security guidelines set out here:
Gambling Securely Online
The general guidelines in that article all apply to Skrill - above all the importance of using a unique email address and password for your Skrill account.
From the accounts of Moneybokers/Skrill fraud that have been heard about on the TGT forum, it is reasonable to assume that the primary reason for the account compromises was most likely the fact that the same email and password were used on more than one site. This makes it easy for any 'rogue' employee that has access to the user database at a bookie that you use to try the same email address and password you used on their site, on Skrill, on the offchance that you use the same email/password for everything.
As a result if you only take one single thing from this guide, please make sure you use a unique email address and password on Moneybookers/Skrill!
However there are additional steps you can take to secure your Skrill account which we'll look at below.
Use a Skrill 'one time password' token
Skrill offer all users of their service a 'token' which adds an extra layer of security to the way that you login to their site. The token is a small key fob device that generates a random number when you press a button on it.
To apply for a token, see the FAQ here. Note that to obtain free tokens you must be a VIP member, if you are not a VIP member you can pay a small fee for one.
Once you've received your token, you activate the token in your Skrill profile and then after that every time you login to the Skrill site you will be prompted to enter a one time password which is generated by pressing the button on the token. You will be prompted for the one time password after you've entered the usual email/password/captcha combination on the login screen.
How does the token increase your security? Well, you can't login to your account without having physical access to the security token. In other words, even if someone manages to obtain your email/password combination required to login to your Skrill account, they still wouldn't be able to login without also having access to your security token. Effectively this locks your account down so that the only possibility of fraud is via a personal compromise where someone close to you or that has access to you manages to obtain both your login details and token.
Add IP based access control to your account
This is a little known service that Skrill offer that provides yet another layer of defence to your account.
The general principle is that you inform Skrill that you intend to ONLY login to your Skrill account using a single IP address. In this way, any attempts to login from a different IP address will not be allowed, only login attempts from the IP address you tell Skrill about will be allowed.
Unfortunately the suitability of this security feature is largely dependent on whether you have a fixed/static IP address - and to be fair the majority of residential internet users worldwide will NOT have a static IP address, their address will change every time they connect to the internet. Also of course you may not want to lock your account down to a single IP address, especially if you use your account a lot when away from home.
However if you do have a fixed IP address and you don't plan to use your Skrill account away from home, it is just a no brainer to not set up an access control list on your account.
To take advantage of this security feature, contact Skrill security team with your primary account email address and the IP address from which you wish to lock your account down to.
The Skrill 100% Funds Guarantee
Finally, Skrill offer a 100% funds guarantee to VIP members. The principle of this scheme is to guarantee any financial losses on your account which occur as a direct result of unauthorised access to your account.
Clearly this is a great guarantee to have, although it is imperative that you read the full Terms and Conditions to understand what steps you must take to fully secure your account and receive the 100% reimbursement in the event your account is compromised:
Skrill VIP Funds Guarantee T&C
It is a requirement of the 100% guarantee that you obtain and use a security token as discussed above, so above all please make sure you get your token asap if you don't already have one!
Phishing Emails
Phishing emails are emails that scammers send out which are made to look as though they come from a company you hold an account with, but in reality they aren't. By replying to the email, or by clicking on links in the email, the fraudsters aim to get you to provide them with sensitive data such as your username, password, full name, date of birth, banking details, etc etc.
Be ULTRA vigilant when you receive any email asking you to provide personal details - whether by reply in an email or via a website link in the email. Some basic steps to avoid being a victim of phishing emails:
- Simplest of all - just think before clicking on any links in any email you receive. Ask yourself whether the email seems legitimate - are there any spelling mistakes, grammatical errors or other inconsistencies in the email that raise suspicion? If so, simply delete the email (or better still report it to Moneybookers/Skrill so they can investigate it and stop it happening in future).
- Check where the email address that sent the email - phishing emails often send their emails from an email address that LOOKS like the real thing, but in reality isn't. So for example a common trick is to use a domain name that looks similar to the real thing but in fact isn't - ie for moneybookers it might be something like support@moneybookers.com.fakewebsite.com - if you read that email address quickly you might see 'moneybookers.com' and think it's OK, but in fact the email address is part of the 'fakewebsite.com' domain so NOT legitimate.
- Similar to above, check that the server address that sent the email is legitimate. Admittedly this is slightly harder to do, but if you feel up to it you can view the source of the email (press ctrl-u' on Thunderbird) and read the 'headers' of the email (headers are the bits of info that a server uses to correctly route your email). There should be one or more headers that start with 'Recieved:' - check the FIRST of these to make sure that it looks like it comes from a real domain - ie in this case something legitimate might be 'bbl2.moneybookers.com'.
- Install anti virus software that includes anti-phishing technology - a bit simpler than checking email headers is to install AV software; a large number of antivirus suites now include anti-phishing measures, it's worth checking them out and even investing a bit of money to put your mind at rest (check out AVG Free though first, must admit I haven't checked but wouldn't be surprised if the free version includes anti-phishing support).
- If in doubt - contact the company to find out whether the email is real or not - importantly be careful to contact them 'manually' (ie don't just reply to the email and ask them).
Summary
In this guide we've looked at a few extra steps you can take to make your Skrill/Moneybookers account as secure as possible. Taking the time to put these measures into place can save you a lot of hassle and a lot of money.
Finally if you have any queries about Moneybookers/Skrill, please see this thread on the TGT forum:
Moneybookers - All discussion, questions, comments and complaints!
TGT'S REVIEWS
Rate this article
Number of Views: 303