Heaps takes extensive security measures to help keep your crypto account safe and secure, but ultimately, security is a shared responsibility. Here are some actionable tips to help keep your account safe from unauthorized access.
Use a strong password
Use a password that is long, random, and unique to your Heaps account. Never use the same password twice for different online accounts. To strengthen your password now, you can click "Forgot password?" on the Sign in screen.
We also recommend using a password manager like 1Password to easily generate and securely store unique passwords for each of your online accounts.
IMPORTANT NOTE: Never disclose your password to anyone. Heaps employees will NEVER ask for your password.
Utilize two-step verification
Heaps requires you to set up two-step verification to access key features within the platform. We recommend adjusting your settings to enable two-step verification for every account sign-in.
To enable two-step verification for sign in, head to My account > Overview > Two-step verification and select "Each account sign-in + when Heaps recommends it."
Secure Your Email
Your email is a critical connection point between you and your Heaps account. Please make sure your email account is secure!
We recommend visiting https://haveibeenpwned.com/ to check if your email address has ever been compromised in a third-party data breach. If so, we recommend changing passwords associated with that email address. We also recommend enabling two-step verification on your personal email account.
As an additional security precaution, periodically review your email account and its settings, including:
Checking your email account for unusual rules, filters, or forwarding addresses
Checking your email account for authorized devices you do not recognize
Checking for unauthorized recovery emails or phone numbers added to the account
Lock down your mobile account
A SIM-swap or phone port attack occurs when an attacker has their target’s phone number transferred to a mobile device under the attacker’s control. Fraudsters are able to do this through a variety of means, including identity theft and socially engineering mobile carrier customer support representatives. This type of attack is a threat to all accounts using SMS-based two-step verification and any account that can be recovered using phone-based authentication.
To help protect yourself against this type of attack, please complete the following:
Tell your mobile service provider that you’d like to place a port freeze and SIM lock on your account
Ask them to create an account note requiring you to be in-store with a valid photo ID in order to port or transfer your phone number to a new device
Ask them to add or enable a PIN number to be used when making changes to your account
Ask about other security measures you can enable on your mobile account to prevent unauthorized changes
You should always protect your smartphone by enabling a screen lock. This will help prevent a thief from accessing your email and Heaps account if your phone is ever stolen.
Keep your devices clean and updated
Malware can be used to steal your sign-in credentials and gain unauthorized access to your accounts.
To protect your devices from malware, consider the following:
Utilize anti-virus protection and scan your device regularly. You should also be updating your virus signatures as often as possible to stay ahead of new threats
Keep your device updated with all of the most recent operating system and security updates
Keep your web browser and all other software updated with their latest versions
Uninstall all questionable or unnecessary pieces of software from your device, especially tools that allow remote access
Install an ad blocker in your browser to help protect you from malicious ads
Practice safe web browsing habits and never click on suspicious links or download suspicious programs
Do not install and use browser plug-ins or add-ons developed by unknown third-parties
Enable a screen lock and strong password to gain access to your device
Protect Your Cloud Storage Accounts
Many people who use smartphones often make use of cloud storage accounts such as Google Drive or iCloud to create backups of the data saved on their mobile devices. This data often includes messages, contacts, email, apps, photos, and more. If an attacker gains access to your cloud storage account and restores the device backup onto a device in their control, they will have a vast amount of information at their disposal to help them compromise your various online accounts. Do not underestimate the power of an attacker with access to this information!
Fortunately, you can easily secure and protect your cloud storage accounts by following a few basic guidelines we’ve already covered:
Create a strong password! Preferably using a password manager
Secure it with the strongest form of two-step verification available
Protect your email account
Or if you want to completely avoid the risk of an attacker being able to back up your mobile device data, you can disable backups all together in your cloud’s account settings.
Bookmark https://getheaps.com in your browser and only use this link to access Heaps. If you ever receive any text messages or emails about your Heaps account, always use the bookmark to navigate to your Heaps account.
Stay alert for phishing
If you are not sure what phishing is, take a few minutes to educate yourself. Here's a helpful article to get you started.
If you receive a message appearing to have been sent by Heaps, and you believe it is suspicious, you can always forward it to firstname.lastname@example.org to verify its authenticity.
Practice due diligence
Always practice due diligence when installing software or applications on the device that you use to access your Heaps account. Additionally, always do your research when allowing any third-party applications to access your account. Avoid installing software from unknown or otherwise shady sources. This includes “free” or cracked versions of commercial software. Browser plugins can also be risky to install. Make sure you always install browser plugins from the official browser plugin repository for your browser.
Contact customer support
If at any time you have an account security concern or question, please do not hesitate to contact Heaps support. Only contact Heaps through the application or via email@example.com. Fake customer support emails and websites are a constant threat—please be very cautious with any information you find via forums, social media, and Google Ads.
As a rule of thumb, remember that Heaps staff will never:
Ask for your password, two-step verification codes, or email access
Ask you to install remote sign-in or remote support software on your computer
Ask you to send money for resolving issues with your account
Call you directly to handle account support or troubleshooting issues
If anyone claiming to be associated with Heaps Support requests this information or calls you directly, please cease all communication and immediately contact us at firstname.lastname@example.org.