One of the ways that online hackers and scammers try to get confidential information from customers is through phishing which is a type of social engineering attack often used to steal user data like your login credentials.
Phishing is a fraudulent practice that can happen through different means, including emails, SMS texts, social media posts, and fraudulent URLs. These attackers will brand themselves and pretend to be Paxos/itBit in order to obtain sensitive information, such as passwords and 2FA codes.
Please refer to the below examples of different phishing methods in order for you to properly identify these scams and protect yourself against it:
When hovering over the hyperlink in an email, please make sure that it directs you to a page that is paxos.com. If not, you are now the target of a phishing attack – do not engage with these emails in any way.
Always double-check who the email sender is. It may appear to be coming from "Paxos" or "itBit," but you will find that the email address is not from a sender with a @paxos.com email address. Official communication will come from an email address ending in @paxos.com only. Any variation from this may be indicative that the email you received is malicious in nature.
Website
Always take note of the URL you are in before entering your login information. For example, taking the URL of www.pax0s.com, even if the landing page looks familiar, but the "0" between “www.pax” and “s.com” in the URL signifies that this is not the official Paxos landing page.
Scammers can easily create fake websites replicating the look of official websites and ask for sensitive information to gain control of your accounts.
Paxos employees will NEVER ask you to share your password, 2-step verification codes, or private keys. If someone claiming to be from Paxos asks you for this information, it is a scam.
TIP: Utilizing your browser’s bookmark function to access Paxos websites is a good way to safeguard any URL typos.
SMS
If you receive a text message reporting that you’ve received digital currency that you did not authorize, it is likely a phishing attempt. Paxos does not send out texts to verify transactions. Do not click these links.
Reporting Phishing
If you believe you've encountered a phishing site, please report the Paxos phishing sites or emails you encounter here with the full URL.
If the phish was sent via email, please include full email headers with your report. Email headers show the network path that an email took to your inbox. Without them, Paxos cannot complete a full investigation as we have no way of identifying which mail server is involved.
To collect email headers, please reference your email providers support documents.
If you are a victim of a phishing attack, please immediately take action to secure your account by changing your email and Paxos password. If you have further questions or suffered a financial loss due to this attack, please contact our support team.