The massive boom in Bitcoin price fascinated investors, businesses, and fintech geeks everywhere. While these enthusiasts are testing the waters in their newly found world, uninvited guests known as hackers are laying traps in crypto marketplaces through phishing and other ways you wouldn’t expect.

Bitcoin’s booming adoption rate entices fraudsters whose malicious traps are often directed towards BTC traders and investors—because of this, being cautious is always a must. At Paxful, your trading safety is our top priority, so to help you better protect your money and account, here are some of the most common Bitcoin phishing attempts and how to dodge them.

1. Check the website’s domain address

To know if you’re accessing a secure link, check the address of the domain you’re visiting. If you’re visiting Paxful’s website, your address bar should look like this:

If you’re logging in to your Paxful account, make sure you’re on accounts.paxful.com before entering your account details. You probably think it’s impossible to get lured by this tactic, but fraudsters create deceptive domain addresses and fake websites that look exactly like the real ones, so be extra careful!

2. Make sure you’re following Paxful’s official accounts on social media

Billions of people around the world communicate virtually every day through various social media platforms. Unfortunately, fraudsters are taking advantage of this massive space to connect with potential victims and lure them into shady transactions and other malicious intentions. Most of the time, they mask their real identities by using fake profiles and accounts to deceive people.

To make sure you don’t fall prey to these phishing attacks, check out our community page and make sure that you’re following our official social media accounts. If you think you’re connected with a fake account and are still considering whether to disconnect from them or not, here’s the green light you’ve been waiting for.

3. Be on the lookout for suspicious links

Hackers often use deceptive links to access your phone or computer system without you knowing. Clicking on a malicious link can redirect you to an unsafe website where hackers will attempt to steal and access your personal information. This often includes your account password, so if you aren’t cautious, cybercriminals can easily get the key to your digital wallet. These links can be shared with you through images or QR codes in text messages, emails, or social media.

Here are examples of phishing links shared through a QR code and an image:

Here’s an example of a fraudster spreading fraudulent links on Twitter.

This fake account pretends to be someone from Paxful and uses our official logo to gain the victim’s trust. On Paxful’s post, the fraudster replied to one of the users and asked them to reach out to a fraudulent email address. Note the fraudster used a confusing Twitter handle to lure its potential victims. Aside from social media platforms, these links can also be sent by fraudsters via the trade chat.

Some fraudsters may try to trick you into transacting outside of Paxful and convince you to click on unknown links. This is one of the tricks a fraudster plays to mislead you and make illicit transactions on the platform.

Don’t provide any confidential information and always check your trade partner’s reputation score on their Paxful profile. For your safety, it’s best to avoid transactions that require you to use third-party links.

4. Don’t interact with users posing as Paxful customer support

Cybercriminals are always on the prowl and are looking for every means to hack your account, including emails. If you receive an email with a subject line requiring you to perform an immediate action about your account or other personal information, don’t open it right away. While this might not always be the case, emails with suspicious subjects and unknown attachments from unfamiliar senders are likely to be phishing attacks.

Sadly, many people still fall prey to phishing emails with subjects like “Password Check Required Immediately” or “Action Required: Pay your seller account balance.” Aside from these clickbaity emails, hackers also pretend to be a known entity or someone from their target organization.

Note that all emails coming from our team always end with @paxful.com. If you receive an email claiming to be from Paxful, check the sender’s email address carefully. If it doesn’t match, someone is likely trying to get into your account. It’s best not to interact with them and reach out to our 24/7 customer support team right away.

5. Be on guard against profiles pretending to be Paxful moderators during a trade

In a case where someone is claiming to be a Paxful moderator, someone might suggest actions like clicking unknown links and entering unfamiliar codes to “resolve” particular trade issues and get the target’s attention. Take a look at this example:

This is probably the most tricky among the items on this list, which is why some traders still fall into this trap. However, these three indicators will help you know whether you’re talking to a real Paxful moderator or not.

• Speech bubble. Paxful moderators always use the purple speech bubble when sending in-trade messages.
• Paxful logo with purple background. Our moderators only use display pictures with the official Paxful logo on a purple background.
• Paxful Moderator. Below the message, you’ll see the words “Paxful Moderator” beside a purple Paxful logo, next to the message timestamp.

Here’s what your in-trade chat will look like when you’re talking to a moderator:

If you think someone is trying to impersonate a Paxful moderator on your trade chat, report it to us immediately via live chat or reach out to our support team.

6. Be wary of unexpected text messages from unknown senders

Fraudsters also attempt to capture their target’s data through mobile numbers. Note that Paxful will never ask you to share any personal information through a short message service (SMS). Paxful will only send you automated SMS that contains the security codes related to your account’s two-factor authentication (2FA) and phone verification.

7. Improve your account’s security level by enabling 2FA

If you haven’t enabled the two-factor authentication (2FA) on your Paxful account, consider this to be a friendly reminder to do so. This adds another layer of security to your account by requiring a code before you can log in, withdraw funds, and send BTC or Tether (USDT). Enabling 2FA gives you the security that only you have access to your crypto.

Don’t let your guard down!

To help you further protect your account, bear in mind that Paxful will never ask for your full credit card number or financial details, account password, and 2FA code. When working on a dispute, always review your dispute evidence before submitting them. Make sure your password, bank account number, 2FA code, email address, and other financial details are not disclosed. Using different passwords for different accounts is another excellent way of keeping your account secure.

Lastly, if you’re buying crypto and the seller asks you to cancel the trade after completing the payment, don’t cancel the transaction and file a dispute instead. For sellers, avoid releasing your coins until you’ve verified the payment. If you can’t prove the buyer’s payment, start a dispute and let our moderators investigate the case.

We hope these tips will help you steer clear of Bitcoin phishing attacks! You can visit our knowledge base page on account security tips. Stay vigilant at all times and never let your guard down. Happy trading!