How to avoid phishing and online scams?
What is Phishing?
Phishing is the fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details or other sensitive details, by impersonating oneself as a trustworthy entity in a digital communication.
Using phishing attacks, scammers may try to trick you to pay an amount in cryptocurrency. Cryptocurrency transactions are irreversible, if you send cryptocurrency to a third party, you cannot reverse it or stop payment. When you send cryptocurrency to a blockchain address, you must be certain of the legitimacy of any involved third party services and merchants, and only send cryptocurrency to entities you trust.
Tricks used by scammers
Emails and text messages that look like they’re from a company you know or trust (spoofing).
They may look like they’re from a bank, a credit card company, a social networking site, an online payment website or app, or an online store. Or more specifically, they may look like they are from Idoneus, Coinbase, Kraken, etc.
The email addresses they use will look very similar to the official email addresses. For example:
- firstname.lastname@example.org (see that the last digit of the email address is a “0” (zero) instead of a “o” (letter o).
- email@example.com (see how the “o” in “support” is actually a “c”, and that “.co” is used instead of “.com”.
The content of the email will look exactly the same as from from the official emails, including logo’s, names, addresses, etc which will all make it look legit, but it is not.
They may tell a story to trick you into making a payment.
These scammers are skilled in social engineering, making false claims to deceive and manipulate their target into providing personal information that will be used for fraudulent purposes, or to make payments in cryptocurrency. For example:
- They will say that you need to pay for a subscription fee or an account opening fee.
- They may even include a fake invoice.
- They may claim that there was an issue with a previous transaction, and that you now need to send funds again.
- The email says your account is on hold because of a billing problem.
- They may insert a Bitcoin (BTC) address for you to pay these funds to.
While, at a glance, this email might look real, it’s not. The scammers who send emails like this one do not have anything to do with the companies they pretend to be. Phishing emails can have real consequences for people who give scammers their information. And they can harm the reputation of the companies they’re spoofing.
Fake look-a-like websites
Phishing sites are malicious websites which mimic an authentic site in order to trick visitors into entering their login credentials or other sensitive information. These fraudulent websites are distributed through a variety of methods including email, SMS text messages, social media, and search-engine advertisements.
One of the best ways to avoid phishing sites is to always make sure you’re accessing https://idoneus.io/ directly. Phishers will often try to use URLs like www.idoneus.i0 to conduct these scams.
Fake promotions on social media
Scammers are using social media to perpetuate giveaway scams. They post screenshots of forged messages from companies and executives promoting a giveaway with hyperlinks to fraudulent websites. Fake accounts will then respond to these posts affirming the scam as legitimate. The fraudulent websites will then ask that you “verify” your address by sending cryptocurrency to the scam giveaway.
Fake job offers
Scammers will impersonate recruiters with fake job offers, actively seeking job hunters to steal cryptocurrency and personal information. Most frequently, the scammers will reach out to individuals who have posted their resumes online, and ask for payment to begin training. These “job offers” often include convincing offer letters and they may ask for confidential personal information.
How to avoid phishing and scams?
- Make your online accounts more secure (idoneus accounts, email accounts, cryptocurrency exchange accounts, etc).
- Your email spam filters may keep many phishing emails out of your inbox. But scammers are always trying to outsmart spam filters, so it’s a good idea to add extra layers of protection.
- Always check the email addresses from senders, especially if in the email you are being asked to provide personal information, make a payment in cryptocurrency, or click a link.
- Always check the URL of the website to make sure it is the correct one, and that it has the little lock icon next to it.
- Never send cryptocurrency to external addresses on behalf of alleged support agents or representatives. Idoneus staff will never ask you to send cryptocurrency to external addresses.
- Never give out your 2FA security codes, passwords or private keys. Idoneus staff will never ask you to share sensitive authentication credentials. If someone claiming to be from Idoneus asks you for this information, it is a scam.
- Never accept outbound calls asking for your confidential personal information. Be aware that scammers can also spoof legitimate phone numbers when conducting outbound calls.
- Never give support staff (or anyone else for that matter) remote access to your machine. This effectively gives the scammer full access to your computer, online financial accounts, and digital life.
- Watch for grammatical errors in communications or on websites. Scammers often make grammar or spelling mistakes.
- Never send cryptocurrency to giveaways under the guise of address verification.
- Be skeptical of all giveaways and offers found on social media. Do not trust screenshots in reply messages as images can be forged and altered.
- Idoneus’ legitimate social media profiles are listed on the Contact page. Any other profiles should be considered fraudulent.
How to report phising or scam attempts?
1. If you were a victim of a scam, please report this to your local authorities.
2. In case you got hacked, or clicked on a malicious link, please check here for recommendations to recover your device / account.
3. If you believe you’ve encountered a phishing site, please email firstname.lastname@example.org with the full URL.
If the phish / scam was sent via email, please include full emails headers with your report. Email headers show the network path that an email took to your inbox. Without them, Idoneus cannot complete a full investigation as we have no way of identifying which mail server is involved.
To collect email headers, please reference your email providers support documents or review this webpage: https://mxtoolbox.com/public/content/emailheaders/ to find instructions related to your specific email client.
If the phishing / scam message was sent via text message or SMS, please submit a screenshot of the phishing text in a message to email@example.com.
When we receive your report, our security team will investigate your submission and take prompt action to shut down any malicious sites targeting Idoneus customers.
Thank you for helping keep Idoneus and our customers safe from phishing sites!
Links to third-party websites will open new browser windows. Except where noted, Idoneus accepts no responsibility for content on third-party websites.