Topics
    How to Identify Phishing Emails and Avoid Common Scams
    bybit2024-11-27 23:45:44

    In recent times, the proliferation of sophisticated scamming techniques has led to an increasing number of individuals falling victim to fraudulent schemes. Given the unique nature of cryptocurrencies, the loss of assets due to deception is often difficult to trace. Hence, users should remain vigilant at all times to safeguard their assets. The following article will detail how users can discern whether their emails or messages originate from our official platform, as well as common fraudulent tactics currently in use.

     

     

     

     

     

     

    Prevention Tips

    1. Check the Sender's Email Address

    Verify the sender's email address against known legitimate Bybit email addresses by looking for any inconsistencies or suspicious elements in the email address.

     

    You can easily check whether the sender’s address is from Bybit by using our Authenticity Checker to verify the authenticity of the sender’s address. This function can be accessed easily on the website by going to the main Bybit menu or scrolling down to the bottom of the webpage.

     

    Phishing 01.png 

     

     

    On the app, you can access the page by clicking on the live chat icon and scrolling to the right in order to see the Authenticity Check icon.

     

    Phishing 02.png

     

    Important:

    Please note that the sender's address in emails can be easily forged. Therefore, even if the Authenticity Checker displays that the verification result is official, it does not necessarily mean that the email you received was truly sent from Bybit's official mailbox. Please exercise caution and discernment!

     

     

    If you think you might have encountered a scam or a phishing attack by someone impersonating Bybit representatives on any website, email, social media, or messaging app, please report it directly on the Authenticity Checker page and the security team will review and handle it regularly.

     

    Phishing 03.png 

     

     

     

     

    1. Remain Vigilant Regarding the Content of Emails 

    a. Bybit (or even our Customer Support) will never ask you to transfer assets to an unknown deposit address or ask for your wallet recovery phrase. As mentioned above, even if the verification result is official, the sender’s email can be easily forged using spoofing techniques. Below is a typical example demonstrating how scammers conceal and forge sender email addresses, to solicit assets from Bybit users.

     

    b. Whenever you receive an email requesting your personal information, password, or assets, you should maintain a skeptical attitude at all times and verify with Bybit’s official Customer Support by providing the .eml format file of the email. To retrieve it, please click on the Ellipsis (three dots) at the top right corner of your email, then select Download Message to obtain the .eml file for our Customer Support to review.

     

     

    c. Never click on any suspicious links.

     

     

     

    3. Verify the Anti-Phishing Code

    a. Ensure that the anti-phishing code on the email is present and matches your unique code.

    b. The absence or mismatch of the anti-phishing code is an indicator of a suspicious email.

     

     

    Important:

    You are strongly encouraged to enable the Anti-Phishing Code function.  If you have not set up your Anti-Phishing Code, please go to your Account & Security page for the Anti-Phishing Code setting. For more information, please refer to How to Enhance the Security of Your Account.

     








    Types of Cryptocurrency Scams

    Scenario 1: Fake Bybit Website or Scam App with Fake Bybit Support

     

     






    Scenario 2: Impersonating Bybit Official Staff to Contact Users

    • Individuals who are not official Bybit staff but act as Customer Support to contact users via social media such as Telegram, WhatsApp, X (formerly Twitter), or more.

    • Bybit will never ask for personal information or money transfers. Never share personal details, such as passwords, bank accounts, or wallet information, with unverified sources.

     






    Scenario 3: Fake Airdrop or Rewards

    • The common tactic is to persuade users to transfer a certain amount to an unknown deposit address to claim an airdrop or reward.

    • Always be cautious of promotions that seem too good to be true and verify suspicious messages or offers by contacting Bybit’s official support.

     






    Scenario 4: Web3 Scam

    • By accessing a phishing dApp webpage, users inadvertently connect their wallets and trigger wallet authorization. Subsequently, they unknowingly grant authorization to a malicious contract. For instance, the malicious contract might include terms authorizing the transfer of all assets to the hacker. Users who fail to notice or are unfamiliar with these contract mechanisms may inadvertently grant authorization to the hacker.

      • Example: User A received an email from a scammer, pretending to offer a legitimate service, investment, or reward on his Web3 Wallet. The scammer gained the user's trust with convincing details on his email which led User A to follow the steps indicated and ultimately authorize access to their Web3 wallet to the scammer.

     

    Web3 Scam 01.png

     

     

    • Without a comprehensive understanding of the technology or attentiveness to the authorization content, users face the risk of having their assets transferred away. Here is a guide to revoke authorization granted to unknown third parties and wallet addresses

     

    Step 1: Please connect your Bybit Cloud wallet to the Revoke.cash website and grant the necessary permissions from the Bybit wallet extension to Revoke.cash. 

     

     

     

     

     

    Step 2: Once you have completed the authorization, please select the chain network of the dApp you want to revoke in the top right corner.

     

     

     

     

     

     

    Step 3: On the wallet address section, please select the chain network of the wallet address you want to revoke. A list of the most recent token approvals will appear on the dashboard.

     

     

     

     

     

     

    Step 4: Please click on the Revoke button in the Actions column. Upon completing these steps, the token approval will be canceled immediately.

     

     

    • Please be aware that Bybit will never encourage users to transfer funds to any specified wallet address to unlock rewards from any event. Kindly refer to our Official Announcement Center to consult our events’ rules, requirements, and terms & conditions. Moreover, rewards distribution will be made via our Rewards Hub, and users may need to claim their rewards manually from there.

     

     

     

     

     

    Scenario 5: Impersonating Bybit Social Media Account

    • Always look for verification badges, review profile details, and compare with the official website.

    • Bybit does not use any WhatsApp channels to communicate. Any WhatsApp group or message claiming to be from Bybit is fraudulent. You can view the official Bybit’s communities and social media account here: https://www.bybit.com/en/promo/global/communities

     

    Fake Account

    Official Account

    Scam 01.png

    Scam 02.png






    Scenario 6: Ask Users to Transfer Funds to Fake Bybit Wallet Address

    • This scam involves scammers deceiving users by claiming that Bybit is currently collaborating with certain token projects' developers to test the performance of the blockchain. 

    • The scammers then provide detailed instructions on how users can deposit funds into their Bybit accounts, appearing helpful to lower users' guards.

    • Subsequently, they provide a withdrawal address bearing the Bybit name, falsely posing as an official address. Users are instructed to withdraw funds to this address under the guise of assisting with testing, promising a reward of X% of the withdrawn amount. 

    • Initially, the scammers transfer rewards to users to lure them further. However, as the amount involved grows, the scammers disappear with the users' assets, leaving them unable to retrieve their funds.


    Important:  

    As we have always emphasized, Bybit will never ask you to withdraw to unknown wallet addresses. It's a cautionary tale to always be wary of offers that seem too good to be true and to double-check before sending money anywhere.

     






    Scenario 7: P2P Crypto Scams

    Some of the most common P2P crypto scams include fake receipt scams / ESCROW transaction scams, Man-in-the-Middle (MitM) scams, and more. For more details, please refer to How to Avoid Crypto P2P Scams.







    In conclusion, staying vigilant and cautious when dealing with emails and online communications is essential in protecting oneself from falling victim to spoofing and phishing scams. By remaining aware of common tactics used by scammers and exercising diligence in verifying the authenticity of communications, you can better safeguard your assets and personal information in the crypto realm. To learn more about how to enhance the security of your account, please refer to here.



    Read More

    Top 19 Crypto Scams in 2024: How to Avoid Them

    Crypto Scam Recovery: Can You Recover Funds After a Scam?

    How to Avoid Authorized Push Payment (APP) Scams

    7 Crypto Scams That Actually Happened So Far

    How to Avoid P2P Crypto Scams and Fraud

    Was it helpful?
    yesYesyesNo