2024-08-29 05:22:20In recent times, the proliferation of sophisticated scamming techniques has led to an increasing number of individuals falling victim to fraudulent schemes. Given the unique nature of cryptocurrencies, the loss of assets due to deception is often difficult to trace. Hence, users should remain vigilant at all times to safeguard their assets. The following article will detail how users can discern whether their emails or messages originate from our official platform, as well as common fraudulent tactics currently in use.
Prevention Tips
-
Check the Sender's Email Address
Verify the sender's email address against known legitimate Bybit email addresses by looking for any inconsistencies or suspicious elements in the email address.
You can easily check whether the sender’s address is from Bybit by using our Authenticity Checker to verify the authenticity of the sender’s address. This function can be accessed easily on the website by going to the main Bybit menu or scrolling down to the bottom of the webpage.
On the app, you can access the page by clicking on the live chat icon and scrolling to the right in order to see the Authenticity Check icon.
Important:
Please note that the sender's address in emails can be easily forged. Therefore, even if the Authenticity Checker displays that the verification result is official, it does not necessarily mean that the email you received was truly sent from Bybit's official mailbox. Please exercise caution and discernment!
If you think you might have encountered a scam or a phishing attack by someone impersonating Bybit representatives on any website, email, social media, or messaging app, please report it directly on the Authenticity Checker page and the security team will review and handle it regularly.
-
Remain Vigilant Regarding the Content of Emails
a. Bybit (or even our Customer Support) will never ask you to transfer assets to an unknown deposit address or ask for your wallet recovery phrase. As mentioned above, even if the verification result is official, the sender’s email can be easily forged using spoofing techniques. Below is a typical example demonstrating how scammers conceal and forge sender email addresses, to solicit assets from Bybit users.
b. Whenever you receive an email requesting your personal information, password, or assets, you should maintain a skeptical attitude at all times and verify with Bybit’s official Customer Support by providing the .eml format file of the email. To retrieve it, please click on the Ellipsis (three dots) at the top right corner of your email, then select Download Message to obtain the .eml file for our Customer Support to review.
c. Never click on any suspicious links.
3. Verify the Anti-Phishing Code
a. Ensure that the anti-phishing code on the email is present and matches your unique code.
b. The absence or mismatch of the anti-phishing code is an indicator of a suspicious email.
Important:
You are strongly encouraged to enable the Anti-Phishing Code function. If you have not set up your Anti-Phishing Code, please go to your Account & Security page for the Anti-Phishing Code setting. For more information, please refer to How to Enhance the Security of Your Account.
Types of Cryptocurrency Scams
Scenario 1: Fake Bybit Website or Scam App with Fake Bybit Support
Scenario 2: Impersonating Bybit Official Staff to Contact Users
-
Individuals who are not official Bybit staff but act as Customer Support to contact users via social media such as Telegram, WhatsApp, X (formerly Twitter), or more.
Scenario 3: Fake Airdrop or Rewards
-
The common tactic is to persuade users to transfer a certain amount to an unknown deposit address to claim an airdrop or reward.
Scenario 4: Web3 Scam
-
By accessing a phishing dApp webpage, users inadvertently connect their wallets and trigger wallet authorization. Subsequently, they unknowingly grant authorization to a malicious contract. For instance, the malicious contract might include terms authorizing the transfer of all assets to the hacker. Users who fail to notice or are unfamiliar with these contract mechanisms may inadvertently grant authorization to the hacker.
-
Example: User A received an email from a scammer, pretending to offer a legitimate service, investment, or reward on his Web3 Wallet. The scammer gained the user's trust with convincing details on his email which led User A to follow the steps indicated and ultimately authorize access to their Web3 wallet to the scammer.
-
-
Without a comprehensive understanding of the technology or attentiveness to the authorization content, users face the risk of having their assets transferred away. Here is a guide to revoke authorization granted to unknown third parties and wallet addresses:
Step 1: Please connect your Bybit Cloud wallet to the Revoke.cash website and grant the necessary permissions from the Bybit wallet extension to Revoke.cash.
Step 2: Once you have completed the authorization, please select the chain network of the dApp you want to revoke in the top right corner.
Step 3: On the wallet address section, please select the chain network of the wallet address you want to revoke. A list of the most recent token approvals will appear on the dashboard.
Step 4: Please click on the Revoke button in the Actions column. Upon completing these steps, the token approval will be canceled immediately.
- Please be aware that Bybit will never encourage users to transfer funds to any specified wallet address to unlock rewards from any event. Kindly refer to our Official Announcement Center to consult our events’ rules, requirements, and terms & conditions. Moreover, rewards distribution will be made via our Rewards Hub, and users may need to claim their rewards manually from there.
Scenario 5: Impersonating Bybit Social Media Account
-
Always look for verification badges, review profile details, and compare with the official website.
|
Fake Account |
Official Account |
|
|
|
Scenario 6: Ask Users to Transfer Funds to Fake Bybit Wallet Address
-
This scam involves scammers deceiving users by claiming that Bybit is currently collaborating with certain token projects' developers to test the performance of the blockchain.
-
The scammers then provide detailed instructions on how users can deposit funds into their Bybit accounts, appearing helpful to lower users' guards.
-
Subsequently, they provide a withdrawal address bearing the Bybit name, falsely posing as an official address. Users are instructed to withdraw funds to this address under the guise of assisting with testing, promising a reward of X% of the withdrawn amount.
-
Initially, the scammers transfer rewards to users to lure them further. However, as the amount involved grows, the scammers disappear with the users' assets, leaving them unable to retrieve their funds.
Important:
As we have always emphasized, Bybit will never ask you to withdraw to unknown wallet addresses. It's a cautionary tale to always be wary of offers that seem too good to be true and to double-check before sending money anywhere.
Scenario 7: P2P Crypto Scams
Some of the most common P2P crypto scams include fake receipt scams / ESCROW transaction scams, Man-in-the-Middle (MitM) scams, and more. For more details, please refer to How to Avoid Crypto P2P Scams.
In conclusion, staying vigilant and cautious when dealing with emails and online communications is essential in protecting oneself from falling victim to spoofing and phishing scams. By remaining aware of common tactics used by scammers and exercising diligence in verifying the authenticity of communications, you can better safeguard your assets and personal information in the crypto realm. To learn more about how to enhance the security of your account, please refer to here.
Read More
Top 19 Crypto Scams in 2024: How to Avoid Them
Crypto Scam Recovery: Can You Recover Funds After a Scam?
How to Avoid Authorized Push Payment (APP) Scams
Yes
No