アカウントのセキュリティ

SMS経由の2要素認証（2FA）コードの受信に問題がある場合やGoogle Authenticator（GA）の2要素認証コードが機能しない場合、問題解決に関する次のヒントをお試しください。

Google Authenticator and Authy

Google Authenticatorのコードが機能しない場合、Google Authenticatorアプリの時間がお使いの端末と正常に同期できていない可能性があります。 端末の時計を確認し、正しいタイムゾーンに設定してください。 時計が狂っていると、コードの同期がずれる可能性があります。

SMS

お使いの端末で2要素認証のSMSメッセージが受信できない場合は、次の点を確認してください。 

• 2要素認証コードが生成されたときに端末の電源が入っていることを確認してください。
• 2要素認証コードが生成されたときに端末に十分に電波が届いていることを確認してください。 
• 端末が家庭用ネットワークに接続されており、ローミング中でないことを確認してください。当社のSMS提供会社はローミング中の端末へのSMS配信を保証していません。
• 端末のSMSの受信ボックスがいっぱいになっていないことを確認してください。

See our article on how to set 2FA with Google Authenticator or Authy. また、アカウントを保護する方法に関するヒントについてはセキュリティガイドを確認してください。

Having 2FA set on your account significantly improves the security level of your cryptocurrency wallet. However, sometimes you may lose access to your 2FA due to any of the following reasons:

• スマートフォンを紛失した、またはスマートフォンが壊れた。
• 認証アプリを削除した。
• 機種変更したが、すべてのコードを含むアプリを新しい端末に移行できなかった。
• 電話番号が変わった。

If this happens, click "Trouble logging in?" when you're asked to enter in your 2FA code. From there, we'll ask you some questions and we'll see how we can help.

Safety is a big priority for us at Paxful, so we’ve put together this list of tips and tricks to help keep your account safe.

Protect yourself in the trade

1. Stay in the trade chat if you can.

• Although there are times where you might need to exit the chat to finish the trade, try not clicking on suspicious links that you aren’t familiar with, especially phishing links.
• Be cautious of users asking you to cancel a trade and to switch over to a different offer link. Keep an eye out for users that are not following offer guidelines. 
• Don’t chat outside of Paxful’s trade chat. If your trade ends up in a dispute, our team can’t fully help to resolve the issue since it happened outside of Paxful.
• Check that your address bar is "https://paxful.com" before entering your account details.

2. Don't share your personal information. 

• Don’t share contact or personal information in the trade chat—users can try to scam you on off-site trades, impersonate you, or show that you traded with them off-escrow.

3. Identify real Paxful moderators.

• It’s important to know that our moderators have specific chat bubbles and signatures to let you know that it’s really us. Here’s what a real Paxful moderator message will look like:

Protecting your Paxful account

1. Two-factor authentication

• We highly recommend setting up 2FA as soon as you create your Paxful account. You can set this up in your account settings. We love using Authy or Google Authenticator, but you can also use SMS. SMS can be a bit more risky since there are tactics (such as SIM swapping) to get a hold of someone’s SMS messages, and receiving SMS depends on your network and region.

2. Security questions

• It’s best to set your questions up when you create your Paxful account, but you can set them up at any time in your account settings. Be sure to pick questions and answers that you won’t forget!

3. Active sessions

• We recommend frequently checking out the devices you’re currently logged in to your Paxful account on. You can check this in the security tab of your Paxful account. If you don’t recognize a device, use the “x” on the page to log your Paxful account out of that device. We’d also recommend changing your password if this happens, too. 
  
  

Protection measures outside of your Paxful account

Even when you’re not logged in and actively using your Paxful account, it’s important to keep your account and systems safe. 

1. Email and passwords

• Creating passwords. When creating a password, be sure to use a combination of upper and lower case letters, numbers and special characters. 
• Don’t use the same password. It’s super important to have different passwords for your email and your Paxful account. This is because hackers usually target your emails. In the worst-case scenario, if a hacker gains access to your email, they’ll be able to access the funds in your Paxful wallet. 
• Never share your password. Be cautious of users asking for sensitive information like your password in a trade chat. The Paxful team will NEVER ask for your password or other sensitive account information. If you’re in a trade dispute and you’re asked by our moderators to provide a screenshot or a video as proof, make sure your passwords are not visible.
• Protect your email address. Make sure you protect the email address connected to your Paxful account and don’t share it in a trade chat. Your email is a gateway to your Paxful account so be sure to keep it to yourself!
• Be cautious of SMS messages and emails from unfamiliar senders:

• Paxful only sends you SMS with security codes related to 2FA and phone verification.
• Don’t interact with suspicious emails. It’s best to not open emails that look suspicious to you. 
• Don’t give away sensitive data or click on suspicious links. For additional info, see: I received a suspicious email. Is it from Paxful?

2. Computer health checklist 

• Keep your systems up to date. This includes your computer, browser, and any softwares or programs.
• Don’t download anything unnecessary. In addition to this, if you don’t know the developer or you’re not sure if you trust it, don’t download the software or program. 
• Use officially licensed softwares. Make sure you’re using softwares that are trusted and licensed. Remember to keep these programs up to date, too. This includes antivirus, anti-malware, personal firewall programs, etc.

3. Use secure networks

• Make sure you’re using trusted and secure Wi-Fi and networks. Ideally, use a wired connection or a network with a password.

Here are some great tips on how to keep your cryptocurrency safe when trading in the Paxful marketplace.

秘密の質問は、Paxfulのアカウントを保護するうえで重要な役割を果たします。 秘密の質問は、アクセスできなくなった自分のアカウントを復元するのに役立ちます。 秘密の質問を設定するには、以下の手順に従ってください。

1. Paxfulアカウントにログインし、ページ右上にあるユーザー名の上にマウスを移動して「設定」をクリックします。

設定ページが表示されます。
2. ページ左側のメニューで「秘密の質問を設定する」をクリックします。

「秘密の質問を設定する」ダイアログボックスが表示されます。
3. 「回答を設定」リンクをクリックします。

「回答を設定」ダイアログボックスが表示されます。
4. ドロップダウンリストから3つの秘密の質問を選択します。 質問の下にあるフィールドに対応する回答を入力します。

 5. 「保存」をクリックします。

秘密の質問が設定されます。 その後、アカウント設定ページに遷移します。

アカウントを保護する方法に関する詳細は、セキュリティガイドをご覧ください。

何者かにアカウントにアクセスされたと思われる場合、あるいはログイン情報が盗まれたと思われる場合は、サポートにご連絡いただく前にいくつかの対策を実施してください。今後そのような状況が発生しないようにするには、2要素認証を有効化するのが効果的です。しかし、そのような災難に遭遇した場合でも、対応できることはあります。

何者かにアカウントにアクセスされたが、引き続きアカウントにアクセス可能な場合。

以下のいずれかを実施してください。

1. Usually, whenever there is a new or unexpected login on your account, we immediately notify you via email with a link to report to lock your account if you suspect intrusion. So just click the link in the email. Your account is locked immediately and all sessions are terminated. The faster you act, the higher the chances of saving your BTC. Next, contact support to restore access to your account. After, take steps to protect your account. 
2. Alternatively, while logged in to your account, simply proceed with the following steps.

アカウントを保護する手順：

1. パスワードを安全なもの（他のサイトやメールアドレスに使用していないパスワード）に変更してください。可能な限り複雑なパスワードを作成しつつ、それを記憶するようにしてください。
2. メールアドレスや電話番号などの他の設定が変更されていないことを確かめてください。それらが覚えのないものに変更されていた場合は、元に戻してください。
3. Go to your active sessions (Settings > Security > Active Sessions) and log out all sessions by clicking the Close icon next to them.
4. アカウントからログアウトします。
5. 新しいパスワードを使用し、ログインし直します。
6. Download Google Authenticator(iPhone/Android) or Authy (Mac/Windows).
7. Paxfulで2要素認証を有効化し、お使いのスマートフォンでコードをスキャンします。取引の安全性をさらに高めるため、ログイン時と送金時の両方で確実に2要素認証を有効化してください。SMS経由の2要素認証ではなく、Google AuthenticatorかAuthyを使用することをお勧めします。Google Authenticatorのほうがより安全であるためです。ログインやビットコインの送金時に毎回アプリを開くだけです。
8. 秘密の質問を設定し、それをどこかに書き留めてください。この情報は、スマートフォンを紛失して2要素認証をリセットする必要が生じた場合に必要になります。

アカウントにログインできない場合：

1. Contact support and provide all the information required by our support agents. Once it’s verified that you are the account owner, inform support that you need an ACCOUNT LOCKDOWN. Support Team will see if there is enough data to prove you are not a hacker (and will try to give you access to your own account). Once it is verified that you are the victim and rightful account owner, account access will be restored.
2. Once you log in, secure your account immediately.

問題の発生理由は何でしょうか。また、再発防止策はありますか？

問題の再発を防止するため、複数のウェブサイトで同じパスワードを使用せず、Google Authenticator経由の2要素認証を有効化することをお勧めします。

Paxfulは可能な限りユーザーの資金を安全に保護できるよう、継続的にセキュリティ対策を強化しています。

So where did the cryptocurrency go?

• Check your account activity to see who logged into your account. Take note of their IP address.
• Check your wallet ledger to see the cryptocurrency address they sent your coins to.

With the cryptocurrency address and the IP address of the thief, you have some information but it is often impossible to track them down. Our support team does not have the resources to help you investigate further because hackers often use VPNs and also due to the general anonymity of cryptocurrency. It is nearly impossible to track them down, so try your best to make your account as secure as possible.

If you received a suspicious link, email, or message that looks like it’s from us or an entity claiming to be associated with us,  please report such links or emails to our Support team.

We recommend that you do not click any sent links that look suspicious or click on any links in suspicious emails. We also advise that you do not download any attachments included in such emails or messages, and we recommend that you do not reply to these messages. 

When reaching out to Support about the links, emails, or messages, be sure to include all the information from the emails or messages as this will help us investigate where it came from. Reporting the message in detail will also help us take swift action to stop it from spreading to other customers.

Official Paxful email addresses:

These are a list of official Paxful email addresses that you can trust: 

• help@paxful.com
• help@paxful.zendesk.com
• noreply@paxful.com
• press@paxful.com
• hello@paxful.com
• security@paxful.com
• privacy@paxful.com
• info@info.paxful.com
• feedback@paxful.com

Information Paxful will never request:

We will never request the following information. If someone asks for any of the specific information below or asks you to complete the following actions, please report them to us right away.

• Your full credit card number or other financial details
• Your password
• Your one-time 2FA password (code)
• Click a link to receive funds, verify info, release or cancel the trade when you are already logged in (you can do that yourself on the Paxful).

How to spot a phishing link:

While scammers change their tactics frequently, look for these classic signs of a phishing or spoofing attempt:

• Make sure there are no spaces in the link provided.
• There are no URLs inside pictures.
• There are no links with/attached to QR codes 
• We recommend you be very cautious with file-sharing links. These can lead to malware or hacking.
• There is no ‘Whatsapp’ or other messengers inside pictures.
• You receive emails or messages with .html attachments.
• Also, keep your trades in Paxful, these links can be shared off-escrow without detection.

How to spot a phishing email or chat message:

While scammers change their tactics frequently, look for these classic signs of a phishing or spoofing attempt:

• The user requests for your bank account, username, password, social security number, or identity. 
• A claim is made that your account is compromised. In such cases, we may send only automated messages from “no-reply” email addresses.
• You receive an unsolicited email with a link to verify your account information.
• There are typos in the email address. It’s common to see something like support@ppaxful.com.
• You receive suspicious links that don’t lead to www.paxful.com. Before you enter your login information or click on a link, double-check the URL by copying it into your address bar without pressing Enter.
• You receive emails that mimic our design. These emails aim to distract you from any typos in the email address or website links by using pictures and colors similar to our platform.

Ways to Protect Yourself from Phishing Scams: 

• Always report any suspicious activity to our Support team.
• Check that a link, email, or message is actually from Paxful.com. 
• Do not click on any links, downloads, or attachments from questionable messages and emails.

For more information on how to protect your account see our security guide.

Paxfulアカウントにログインしていない状態でパスワードをリセットするには：

1. Click Log in button on the home page

2. Click “Forgot password?”

3. Enter your phone number or email address and then click Request new password

From there, you'll receive an email from us with a link to reset your password. If you have 2FA enabled, you will be asked to input the 2FA code to complete your password reset request.

Note: 

アカウントの安全性を向上させる方法に関するその他の情報はセキュリティガイドをご覧ください。 また、プロフィール設定でパスワードを変更する方法も確認できます。

Paxfulのパスワードはアカウントのセキュリティ設定からリセットできます。

To change your password while logged into your Paxful account:

1. Hover over your username on the top right of the page and click Settings from the context menu that appears.
The Settings page appears.
2. On the menu on the left side of the page, click Security.
3. On the Change password dialog box, complete the following fields:

4. Click Change password.
Your password is reset. You are logged out and redirected to the Login page. A confirmation email is sent to your inbox from help@paxful.com. 

See our security guide for additional information on improving the safety of your account. If you do not remember your password, click here.