Avoiding Digital Currency Scams
This article is to help bring awareness to some of the digital currency-related scams you may come across. Digital currency transactions are irreversible, if you send digital currency to someone there is no way to undo the payment. In this way, sending digital currency is similar to handing cash to a stranger in public, then walking away.
With this in mind, it’s important to have an idea of who you are dealing with prior to sending funds. If the service or merchant is not responsive when you have an issue, there is unfortunately no way to recover any lost funds.
- Never give support staff (or anyone else for that matter) remote access to your machine
- Never give out your 2FA codes, this is not something we would ever ask for, or expect you to provide.
- Double check that the support channel you are using is legitimate prior to sending funds.
- Search for publicly verifiable reviews or articles involving the recipient.
- Copy/paste links you receive in email rather than clicking on them. Often times an attacker will have a hidden link or redirect even though it shows as ‘https://coinbase.com’
- Watch for grammatical errors in email or on websites. Scammers rarely take the time to proofread properly.
- Watch out for emails saying an individual has sent you money, when in fact the links in the message will open a payment window. If you aren’t careful it’s easy to send money from your account.
- Coinbase will never ask you for your password.
- Be careful when opening any attachments included in an email as they could be malicious.
- You should also be careful of emails from people you know. Their email may have been compromised and could contain malicious content.
- Always keep your computer’s operating system up to date.
- Do regular scans using antivirus software. Scammers will often use malware to directly target individuals.
- Let us know if you notice anything unusual so we can take appropriate action.
- Emails that appear to be from Coinbase but are in fact slightly different in spelling. Example: firstname.lastname@example.org, email@example.com, etc. Notice the slight difference in the names, Coinbase with a lowercase ‘ L ‘ in place of the ‘ i ’. Coinbase spelled with an ‘ M ‘.
- Cloned websites that look identical to the Coinbase website. The easiest way to tell is to look for the padlock icon in the address bar.
- Services or websites promising unusually high returns or other unrealistic investment opportunities. If it sounds too good to be true, it usually is.
- Phishing sites can come in many forms, refer to the following article for more on this topic: Reporting Phishing Sites
In some cases, scammers will even have an active support channel for a brief time before closing off contact and disappearing with all the funds they happen to be holding. As a general precaution, it would be to limit your contact with new or relatively unknown organizations until further research.