General security and protection for your Wallet
The best way to secure your Wallet is to practice caution and common sense. Keep your passwords and card details secret, double check information before taking actions.
Most importantly, never tell your passwords to other people. It doesn't matter what they call themselves. If a person tells you he or she is a Yandex staff members and ask your password—this is a fraudster. Tell our Support Service about this person.
Your Yandex account password
We recommend changing it at least once per 6 months:
— use at least 6 characters (the more the better);
— shuffle letters, digits, and punctuation marks
— do not use your personal information: name, date of birth, phone number, or ID number.
It is perfect if you have a unique password for Yandex and different passwords for other sites.
Your passwords for payment confirmation
If you use one-time passwords and emergency codes, you only need to make sure your phone or a copy of the codes do not fall into stranger's hands.
The main advice for those, who use permanent payment password is to switch to one-time passwords. But if you don't want to do so, take the following precautions:
— do not enter the password on someone else's computers or even on your own, if it is connected to a public WiFi network
— do not permit your browser to memorize this password for you
— do not keep notes with the password on your desk, near your computer's display, or in other easily predictable places
— change the password at least once in 6 months.
If you don't have a linked phone number, add one. After that you will be able to restore your password via a text message or to activate an ‘alarm’—text message notifications for all actions performed with your Wallet.
If you did not change it under your account Settings, we send you email notices about every payment, transfer, or information alteration. You only need to know what address you've specified and regularly check if for new emails.
You can also activate text message notifications:50 rubles a month (if you pay for a year at once it only costs 350 rubles). We send messages as YandexMoney or 1960 to your phone number linked with your Wallet.
If you receive notification about an operation you did not make, contact our Support Service as soon as possible. By law, you can return your money in the following cases:
— you are an identified user;
— you reported theft within 24 hours after debiting;
— examination confirmed the hacking took place.
Do not tell anybody you card's number, expiration date, or CVV/CVC.
Pay only on the sites that work under PCI DSS security standard. It is crucial, if the site wants to save you card's details.
If you don't receive one-time passwords for confirming payments (3-D Secure), ask your bank to activate such option.
The message you received was sent by Yandex.Money in the following cases:
— sender's address (as distinct from sender's name) includes @money.yandex.ru;
— all links and buttons lead to Yandex.Money site, and you can see a lock logo and https in your browser's address field
— the message does not have any attachments or calls to name your password or other details required for payment.
If you receive any fraudulent message claiming to be from Yandex.Money, please write to us about it.
What fraudsters usually say
First variant—a story that you would want to believe. For example: you've won in the lottery, you've received a huge money transfer, or a famous corporation wants to hire you. In all those cases it appears, you need to pay for your prize delivery, paperwork, or something like that. Ignore such messages and filter them as a spam.
Second variant—a problem requires solution. Your bank account or Wallet is said to be blocked, or an operation was not completed. Fraudsters will ask you to name (or to enter on the third party's site) your password, confirmation code, and the card's details. If you follow such instructions, fraudsters will get access to your money in your Wallet, or on your card.
Some viruses are comparatively harmless: they copy themselves and occupy hard disk's space. Other viruses cause computer malfunction. The most dangerous ones steal personal information, passwords, and bank card details.
If your computer is infected with such virus, specifying your password once somewhere allow the malware to save it and access your account.
How to protect your computer:
— use only licensed anti-virus software and keep it up-to-date
— download all files only after scanning it for viruses
— install a firewall to block unauthorized access to your computer. For instance, try Outpost Firewall or ZoneAlarm
— set up pop-ups block and phishing filters under your browser settings. If you use Yandex.Browser, you don't need to do that—Yandex.Browsers has this settings activated by default.
In brief, you need to update your operation system and disable automated loading of messages.
Android 2.2 to 5.1 allow fraudsters to send viruses via MMS. To get your device infected, you don't even need to view the message: most of the phones download MMS automatically. When downloaded, the virus steals your personal details including passwords.
Check for available OS updates for your phone. If there is one, install the latest version.
Disable autoloading of messages to reduce risk of stealing your password. If you use default app for SMS/MMS, do the following:
View settings in the app.
Select multimedia messages.
Disable auto retrieve.
If you use Google Hangouts, the scenario remains unchanged: view extended settings and uncheck the box ‘Enable MMS’ (Auto Retrieve MMS).
Use Stagefright Detector to check whether your smartphone is vulnerable.