We’ve all received strange emails, an unexpected message from an unknown sender requesting funds or an unsolicited password reset. These emails look genuine, but should we trust them?
Phishing (pronounced “fishing”) is an online attack that attempts to steal your money or identity, by getting you to reveal personal information.
At Blockchain.com we’re committed to help keep you safe online, so in this article we dissect an actual phishing attempt email, highlighting the tactics used.
Tactic 1: “From” address impersonation
In this example, the scammer has sent this email from an email address which is similar to our official email address: firstname.lastname@example.org
Be vigilant about possible omissions or incorrect characters in email addresses.
You can also check our official email communications address here
Tactic 2: Log-in information requests
If you get an email or text message (SMS) asking for your Blockchain.com account email, phone, password, or Private Key it most likely is a scam.
We’ll never ask you for login information or recovery phrases in a text or email. This includes:
- Credit or debit card numbers
- Bank account details
- Account passwords
- Blockchain.com Private Keys
- Blockchain.com Secret Recovery Phrase
Tactic 3: “Appearing” helpful
See here, the scammer is advising to use 2FA in order to increase security.
We often see scammers sprinkling through what appears to be “helpful” hints and tips as a decoy tactic.
Tactic 4: Using official logos and links
Many phishing emails will consist of standard company logos and official sounding language to make it appear to be real.
While there is no clear way to check if the logo is being used genuinely, it’s important to remain vigilant that scammers will try their best to make the email look as professional as possible.
Phishing attacks are getting more and more sophisticated, with new tactics emerging all the time. The most important thing to remember is that at Blockchain.com, we will never ask for your login information, through any form of communication.
If you have any doubt, open a Support Center Ticket here to confirm the validity of a request.