Common Cryptocurrency Scams
With cryptocurrency becoming a more popular asset class, it has not only received more attention from the general public but from hackers as well. Cryptocurrencies are highly liquid and anonymous, easy to transact and are transacted on immutable ledgers. This makes cryptocurrency transactions practically irreversible once it has been confirmed. As such, it is essential to verify the legitimacy of blockchain addresses you are transacting with and only send your cryptocurrency to trusted merchants.
We have detailed some of the more common cryptocurrency scams below.
Social Media Giveaway Scams
Using a fake social media handle that is very similar to official accounts, scammers will post giveaways with hyperlinks to fraudulent websites. These giveaways typically promise to reward you with a particular cryptocurrency after you have sent them the cryptocurrency to ‘verify’ your address. It is highly unlikely for legitimate giveaways to require you to send cryptocurrencies to their address first before you win a prize. Regardless of the engagement or number of likes on such posts, you must always be wary and perform your own due diligence by digging deeper into these accounts.
- Never send cryptocurrency to giveaways under the guise of address verification.
- Be skeptical of all giveaways and offers found on social media. Do not trust screenshots in reply messages as images can be forged and altered.
- Use your favorite search engine to do research on any entity soliciting you on social media. If the offer sounds too good to be true, it probably is.
- Check the giveaway URL to make sure it directs you to our official paxos.com website
- Report any phishing attempts or scams.
Paxos' legitimate social media profiles are listed in this help article. Any other profiles should be considered fraudulent.
Customer Support Scams
Scammers also create fraudulent customer support emails or phone lines to disguise themselves as official Paxos/ItBit customer support contacts. These scammers will normally request for confidential information from you under the guise of verification purposes. Be very wary of such social engineering tactics and note that Paxos will never request for your login credentials or 2-Factor Authentication (2FA) code under any circumstances. Paxos will also never reach out to customers through phone calls.
- Paxos will never request for remote access to your machine. Anyone who makes such a request is hoping to gain full access to your desktop, online accounts and your digital fingerprint
- Be aware that scammers can spoof legitimate phone numbers when conducting outbound calls.
- Only contact Paxos via our support center on https://help.paxos.com/hc/en-us/requests/new
Investment scams might more commonly be known as Ponzi or Pyramid schemes. These schemes typically require you to invest your own money with the promise of guaranteed returns. You are then pushed to bring more people into the scheme who then contribute their own money which you would get a cut of as your returns. Since all the cash flow into the scheme is from new recruits (they are scams because the products or business proposed are fraudulent and do not generate any returns by themselves), the scheme will eventually fall apart and you will never get your invested monies back.
In the US, if you come across one of these scams, contact the Securities and Exchange Commission, the Federal Trade Commission, or your state's securities regulator to get help. In the UK, contact the Financial Conduct Authority.
Tips for avoiding investment scams:
- Be skeptical of websites or services promising guaranteed returns. If it sounds too good to be true, it usually is.
- Be wary of sending your cryptocurrency to a third party promising returns
- Research the organization thoroughly. Check consumer-protection websites and make telephone calls and send emails to verify authenticity.
As an example, a controversial project like Bitconnect was a Ponzi scheme that went under and showed many of the above red flags.
With all our information stored online, data breaches are becoming more common which allows attackers access to some of our confidential information. Attackers can and will utilize this information to extort more relevant and personal information from you. For example, they might show you an old password you had to threaten you into releasing more information.
If you are victim of an extortion scam, please immediately take these actions:
- Report the email as spam to your email provider.
- Run a scan using a trusted antivirus software to ensure you have no malware within your device that is extracting your personal information
- If you recognize any passwords revealed by the attacker, change it immediately on all your accounts
- Contact your local authorities and file a police report.
While these messages can be threatening, they are almost always fraudulent. For steps you can take to improve your account security, please see this help page.
Load-up scams are a form of payment fraud conducted by scammers who promise profits for victims who can provide an account with high trading limits. They will use stolen funds to deposit into your account but subsequently drain all the funds from your cryptocurrency account.
Report any “loaders” to Paxos at https://help.paxos.com/hc/en-us/requests/new and also to the platform where the fraud was being advertised.
Messaging Platform Scams
Paxos/itBit has no official presence on any messaging platform such as Telegram. All varieties of scams can be found on this platform that target Paxos/itBit users, including fraudulent payment bots and giveaway scams.
These scammers will join cryptocurrency groups and pretend to be official accounts, reaching out to the channel members privately. Never engage with such personnel over messaging platforms.
Job Employment Scams
Any employment opportunity that requires payment for you to begin training or to receive training materials is likely a scam. Scammers will post fraudulent job postings to first gain leads for them to pursue their scam. Eventually, these "job offers" often include official looking offer letters which might even be a form of phishing to obtain confidential information from you.
- All legitimate job postings will be posted on https://www.paxos.com/careers/. Do not trust any other URL for job listings.
- All legitimate communications with Paxos recruiters will come from @paxos.com email addresses.
- Please report any impersonations or fake job recruitment scams to https://help.paxos.com/hc/en-us/requests/new.
Phishing is a fraudulent practice that can happen through different means, including emails, SMS texts, social media posts, and fraudulent URLs. These attackers will brand themselves and pretend to be Paxos/itBit in order to obtain sensitive information, such as passwords and 2FA codes.