Crypto transactions are a fast, hardly trackable way of transferring funds across the globe. That’s why this is such an attractive asset to “bad actors”. At CEX.IO, we always go the extra mile to protect your funds and data, however, you are the only one responsible for securing access to your own account and assets. Always keep your login credentials like emails, user name, passwords, withdrawal pin code (WPC), 3DS code, and so on safe.
We’ve already written several articles in our blog describing some of the popular crypto scams, how to identify them, and what you should do if you realize you’ve been mousetrapped. Check them out:
- How to Identify a Scam and Not Fall Victim
- Do Not Become a Victim of Scams in Telegram Crypto Communities
- Save Your Assets from a Mousetrap of Fraudulent Investment Managers!
In this post, we’ll tell you more about some of the most common scams and how to identify and avoid them.
How to spot a scam
Being cautious is always a must, and there are clear signs of scams that you can look for to expose them. Let’s remember red flags that may help you spot a scammer:
- Scammers’ offerings are too attractive. Getting easy money or doubling the profits? Too good to be true!
- A scammer usually tries to mislead you. You are telling me I won some money, but have to pay some amount in advance to get the prize? Aha-aha! No way!
- They speculate on your privacy. Send you an email with some sweet offer and a malware attachment. Don’t click on it!
- They are short on time and try to create a feeling of urgency. The less time you have to think, the more chances to get into the trap.
- They try to scare you. You can hear that something is wrong with your card, account, or computer and offer to fix it if you give them your credentials. A big no-no!
- They are tricky. Pseudo-representatives of the company can ask for your personal information and payment details. Don’t trust them!
By avoiding these traps, you can better protect your holdings. Now read more about the most popular ways scammers can use to hunt your funds and sensitive information.
1. Phishing emails
Even if you are new to crypto, you’ve probably heard about the practice of phishing. It typically involves the scammer impersonating a company representative or support agent to extract personal data from you. They can contact you via email, social media messengers, phone, and fake websites.
Phishing emails are becoming an increasingly more serious problem, resulting in huge losses of funds. Basically, scammers masquerading as crypto exchanges or traders trick people into transferring money to them.
Beware of emails that are allegedly sent by the services you use and call you for urgent action. This could be the email to reset the password or it can be a link to start some sort of interaction with your account. If you didn’t ask for a password reset, why would you follow the instructions? If someone else was able to access your credentials and initiated this action — don’t confirm it anyway! By following the links in suspicious emails you help scammers to reach your funds.
You can find the difference between a fake email sent with the aim to hack into your account and a legitimate one sent from a company/service you are using. Just pay attention to the sender’s name and its domain name. Even a small typo in the email can indicate a fraud.
Emails from CEX.IO have the cex.io domain name at the end of the sender’s address. For example, emails from firstname.lastname@example.org, email@example.com, and any other emails from the @cex.io domain are legit.
That link in the fake email will mostly redirect to a fake website – similar to the original one – that will prompt you to log in. This way, the attacker can get access to your account.
2. Fake social media pages
If you’re following celebrities on social networks, you have probably seen many fake pages and accounts-imitators. The same applies to cryptocurrencies and exchange platforms, where malicious, impersonating pages are rampant. How to differentiate a fake account from the official one? It is a good idea to check:
- The spelling of the account name. For example, fraudsters can use CEX.I0, which is similar to CEX.IO. But having looked closer you can see that it’s 0 (zero) instead of O (capital letter “O”) at the end.
- Account URL address. Impersonators add extra symbols, letters, or misspell the official name of the company. The URL address of the legitimate social page should contain the official company name only.
- Date of creation. A fake page is usually created recently.
- The content posted on the page. Repeated spam messages with the same link is a bad signal.
Now you know how to identify a fake page. Should you respond to the sweet offers that come from suspicious Twitter or Facebook accounts? No way! If someone asks for even a small amount of cryptocurrency, it’s a 100% scam!
3. Direct messages in social networks
As we found out, scammers are not ashamed to impersonate prominent cryptocurrency company accounts on Facebook, LinkedIn, and Twitter. They’ll try to contact you in direct messages so no one of the official company representatives can track their actions and report a scam.
A common Telegram scam sees the “well-wisher” lurking in official groups for crypto wallets or exchanges. When users report a problem in this group, there is a high chance that a scammer will reach out privately. They will impersonate customer support or team members and offer to “help”.
Remember, no one in the CEX.IO team will ever ask for your account credentials, password, or so. The most prudent course of action if you receive an unsolicited communication is not to engage at all and check the authenticity of any social network page or message you receive by writing to the Support Team via official channels.
In this blog post, you can learn how to identify and dodge scams in Telegram.
4. Fake websites
Even if you stay away from the suspicious links in the emails, you may accidentally bump into a fake website by simply searching for an official company site.
There’s a surprising number of websites that have been designed exactly like original official company websites to confuse users. How to recognize them? Find a small “lock” sign in the address bar near the site name and click on it to see the security certificate and the issuing institution/organization. It’s a sign of a secure connection and one of the proofs of the legit website.
Even if the site looks identical to the one you think you’re visiting, you can be directed to another platform for payment. Be attentive!
Security tips for saving your funds and not to become a victim of phishing:
- When in doubt about a message you’ve received, ignore it and contact the Support Team via official communication channels.
- Double-check the URL of the websites you’re visiting
- Bookmark your frequently visited sites. Search engines can mistakenly display malicious ones.
- Keep your password safe! Nobody else needs to know your 2FA code, withdrawal pin code, 3DS code, private keys, or seed phrase.
5. Fake giveaways
Cryptocurrency giveaway scams have been a problem in the crypto community since the last major bull run in 2017. In fake giveaways, you usually need to send a certain amount of cryptocurrency to a giveaway address before you “get the reward”. Scammers promise to double your funds after that. However, that never happens. The cryptocurrency transactions are irreversible, hence, once a victim sends money to the scammer’s address, there is nothing anyone can do to get them back.
A legitimate giveaway NEVER requires you to send money first.
CEX.IO often launches official giveaways to celebrate a listing of a new token or launch of new services and features. However, we never ask you to pay for participation. We offer real crypto prizes for completing some tasks and invite everyone to participate via our official social media channels and emails.
6. Fake ICO
Blockchain and cryptocurrency technology is developing at a rapid pace offering new opportunities to earn with crypto. However, there’s no guarantee that every crypto-related startup will be legitimate or successful.
During the Initial Сoin Offering (ICO) and Initial Exchange Offering (IEO), interested investors can buy into the offering and receive a new cryptocurrency token issued by the company. To participate, you usually buy some of the project’s tokens with fiat or digital currency. This way you can participate in the project development. That’s why it’s highly important to get familiar with the token that you want to support.
If the money raised does not meet the minimum funds required by the project, the money may be returned to the backers. The ICO is considered unsuccessful then. Well, in this case, you will simply get your money back.
However, it may happen that you invest your money in a fake, non-existing project. Will you ever get them back? Don’t think so.
There are many fake projects that launch ICO with the only one aim— to steal your money.
Scammers are tricky, they can even build a new exchange to start promoting fake IEO projects and make you participate.
To be able to assess a project objectively, you should do your own research. Here are some general questions to get started with:
- How were the coins/tokens distributed?
- What’s the unique selling point of the project?
- What is the innovation of the project?
- Does the project team have a strong track record?
- What are the use cases of the project?
By the way, when going to take part in IEO, check if the project already has an MVP. It shows that the team behind the IEO is actually working on the execution side of the product. Meanwhile, check the team behind the product or project founder’s social pages. If they are not willing to share their true, public, identity, then the ICO/IEO is most likely a scam.
With the help of malware, hackers can get the passwords needed to access computer networks or info about credit cards and bank accounts. Nowadays, malware can be also used to access cold crypto wallets.
You can accidentally download malware by clicking links in phishing emails or on fake websites and social media. There might be a post, for example, where someone offers a certain program that allows you to mine cryptocurrencies for free.
Some malware programs change the crypto wallet addresses when you paste it from a clipboard. As a result instead of sending crypto to your wallet, you end up transferring it to someone else – and it’s gone.
When transferring crypto, always be sure to double and triple check the recipient’s address.
It’s a good idea to be super-cautious about what programs you allow to have administrator access on your devices. An up-to-date, reputable virus scanner can also help but is not foolproof.
How CEX.IO protects your funds and personal information
At CEX.IO, we care about your account and funds security as much as you do. However, this is not a single-player game. If you give someone access to your account or accept sweet offers from scammers, you literally give them the key from the doors to your house.
CEX.IO implements the highest security measures to protect users’ accounts:
- DDoS attack protection
- Two-Factor Authentication
- SSL certificate
- Сold storage for cryptocurrency funds
- CEX.IO holds a Level 1 PCI DSS (PCI Data Security Standard) certificate allowing the company to store, process, or transmit cardholder data of our users,
You can read more about what systems and processes we use to ensure that your funds are safe in this blog post. Besides, we constantly monitor suspicious activities within the system and manipulations on the market to spot and prevent them in time.
We are registered with the Information Commissioner’s Office (United Kingdom) as a data processor and controller under registration reference ZA059396. Registration within ICO means we comply with the European legislation on personal data privacy.
Stay alert and read more security tips and updates about CEX.IO in our Telegram channels: