How can I protect my Petal account?

At Petal, we take your security seriously. The following recommendations can help you take extra steps to protect your account.


How can I create a strong password?

Your password is critical to accessing and protecting your Petal account. Following these best practices can help you practice strong password security:

  • Use passwords with a minimum of 8 characters, and a mix of uppercase letters (“A”), lowercase letters (“a”), numbers (“1”), and symbols (“@”). Please note that we enforce this requirement for all Petal account passwords.
  • Don’t reuse passwords - make the password for your Petal account unique.
  • Don’t use easily-guessable information in your password such as the name of the service (“P3talPassw0rd!”), your email address, your name, your date of birth, or relatives’ names.
  • Don’t share your password with anyone - including Petal employees or those claiming to be Petal employees. Our support teams will never ask you for your password.
  • Consider using a password manager application to help you automate all the above, and prevent you from having to memorize or write down all your passwords.

How can I protect myself from phishing?

Phishing is a type of online fraud in which someone with malicious intent pretends to be a trusted contact in order to trick you into sharing sensitive information or doing something for them. 


You may encounter phishing attempts where someone contacts you, pretending to represent Petal. While scammers will often change their approach, here are some tips and signs you should look out for:

  • As a general rule, if something seems or feels out of place- trust your instincts. It’s always safer to presume a potential scam and contact us directly.
  • Be cautious with any requests that claim urgency and ask you to act immediately.
  • Don’t trust requests claiming to come from Petal that ask for sensitive information (bank account, username, full social security number) or try to sell you new goods and services (cryptocurrency, high interest loans, digital assets).
  • Verify the legitimacy of the contact and contained information before taking action. 
    • For emails- check the “from” email address and compare it to senders you trust.
    • For links- don’t click directly on the link. Instead, copy and paste the URL in a browser address bar without hitting “Enter” and read it carefully.
    • For URLs- be on the lookout for typos such as “petaalcard” instead of
  • Make sure you review our guide on knowing if Petal is contacting you. This guide contains a list of trusted email addresses Petal will use to get in touch with you.
  • Know that branding can be deceptive- it’s relatively easy to obtain and mimic the logos, style, and tone of any company that has an online presence.

What other steps can I take?

If you believe you received a phishing email, please contact us.

Please keep your account information up-to-date, and let us know if you need any assistance.

If you would like to learn more about staying secure online, we recommend picking a couple of trusted sources such as these resources from the US Federal Trade Commission and Cybersecurity and Infrastructure Agency.

Was this article helpful?
4 out of 10 found this helpful