How to Keep Yourself Safe from Email Scams

How to Identify Scams

The rapidly growing cryptoeconomy has attracted not only legitimate users but also cybercriminals who regularly target owners of digital assets. Spoofed or scam emails have become increasingly sophisticated, making it crucial to understand how to identify fraudulent communications.

Cybercriminals frequently use spoofed emails pretending to be from legitimate crypto platforms as their primary method to target customers. These phishing attempts often appear remarkably authentic, copying official branding, logos, and communication styles. However, there are several key indicators that can help you distinguish between legitimate platform communications and fraudulent attempts.

Key Warning Signs of Phishing Emails:

• Suspicious sender addresses: Official emails from legitimate platforms will end with specific domain patterns. For example, authentic communications should come from addresses ending with "@[platform].com" or ".[platform].com". Always carefully examine the full email address, not just the display name.

• Urgent or threatening language: Scammers often create a false sense of urgency, claiming your account will be suspended or that immediate action is required. Legitimate platforms rarely use aggressive tactics or threaten account closure without proper notice.

• Requests for sensitive information: Any email asking for seed phrases, passwords, 2-step verification codes, or remote access to your device is fraudulent. Legitimate platforms will NEVER contact you requesting this information.

• Suspicious links or attachments: Hover over links before clicking to verify the actual URL destination. Phishing emails often contain links that appear legitimate but redirect to fraudulent websites designed to steal your credentials.

• Poor grammar or spelling: While not always the case, many phishing emails contain grammatical errors, awkward phrasing, or inconsistent formatting that professional communications would not have.

Important Security Reminder:

Legitimate crypto platforms will NEVER ask you to:

• Share your seed phrases or private keys
• Provide passwords or 2-step verification codes
• Grant remote access to your computer or mobile device
• Transfer funds to a new wallet for "security reasons"
• Call a phone number to verify your personal information

If you receive an email requesting any of these actions, it is definitely a scam attempt, regardless of how authentic it may appear.

Report the Phishing Email

If you've received a suspicious email that you believe is attempting to impersonate a legitimate crypto platform, it's crucial to report it immediately. Reporting phishing attempts helps protect not only yourself but also the broader community by enabling security teams to track and combat these threats.

When reporting a phishing email, you should forward the complete email message, including the full email headers, to the platform's official security team. Email headers contain critical technical information that security analysts use to trace the source of phishing campaigns and identify patterns in cybercriminal activity.

Why Email Headers Matter:

Email headers reveal the true origin of a message, including the actual sender's IP address, routing information, and authentication details. Without this header information, security teams cannot conduct a thorough investigation or take appropriate action against the perpetrators. The visible "From" field in an email can easily be spoofed, but the headers contain technical data that is much harder to falsify.

Collecting Email Headers from Different Providers

The process for accessing email headers varies depending on your email service provider. Below are detailed instructions for the most common email clients:

For Gmail Users:

1. Open the suspicious email message you want to report
2. Click the three-dot menu icon (⋮) or the down arrow next to "Reply" at the top-right of the message pane
3. Select "Show original" from the dropdown menu
4. A new window or tab will open displaying the full message source, including all headers
5. Right-click anywhere inside the header text and choose "Select All"
6. Right-click again and choose "Copy" to copy all the header information
7. Close the header message source window
8. Compose a new email to security@[platform].com
9. Paste the copied headers into the email body
10. Also include a screenshot of the original suspicious email for reference

For Yahoo Users:

1. Navigate to Options > General Preferences in your Yahoo Mail settings
2. Under "Mail Viewing Preferences", locate the "Message Headers" section
3. Select "ALL" to enable full header display
4. Return to the suspicious email
5. Click the small down arrow next to the "Forward" button
6. Choose "As Inline Text" to preserve all header information
7. Forward the email with complete headers to security@[platform].com
8. Include a brief description of why you believe this email is suspicious

For Other Email Providers:

If you use a different email client (Outlook, Apple Mail, ProtonMail, etc.), consult your provider's support documentation for specific instructions on how to view and export full email headers. Most modern email clients have a "View Source" or "Show Original" option that reveals this information.

After Reporting:

Once you've reported the phishing email, delete it from your inbox to prevent accidental interaction. Do not click any links, download attachments, or respond to the message. If you've already clicked a link or provided information, immediately follow the emergency security procedures outlined in your platform's security guidelines.

How to Protect Yourself from Email Phishing and Scams

Protecting your crypto assets requires a multi-layered approach to security. While platforms implement robust security measures, your personal vigilance is the most critical defense against phishing attacks and social engineering attempts. Below are comprehensive strategies to safeguard your account and personal information.

Essential Security Practices:

Never Grant Remote Access to Your Computer

Legitimate platform support staff will NEVER ask for remote access to your computer or mobile device. Granting remote access effectively gives a scammer complete control over your device, including access to your online financial accounts, stored passwords, authentication apps, and your entire digital life. This is one of the most dangerous scams because once access is granted, criminals can:

• Install keylogging software to capture all your passwords
• Access your email accounts to reset passwords on other services
• Transfer funds from your crypto accounts
• Steal personal documents and identity information
• Use your computer for illegal activities

If someone claiming to be support staff requests remote access, immediately end the communication and report the attempt.

Protect Your Authentication Credentials

Your passwords and 2-step verification codes are the keys to your account. Legitimate platforms will NEVER ask you to share:

• Account passwords
• Two-factor authentication (2FA) codes
• Backup codes
• Authenticator app codes
• SMS verification codes

These codes are designed to verify that you are accessing your account. Sharing them with anyone defeats their purpose and gives that person complete access to your account. Even if someone claims to be verifying your identity for security purposes, this is always a scam.

Verify Contact Methods Independently

Scammers often create fake support pages with fraudulent phone numbers and email addresses that closely resemble legitimate contact information. They may also spoof legitimate phone numbers when making outbound calls, making their caller ID appear authentic.

Important: Legitimate platforms will NEVER proactively call you and ask you to verify your personal information for security reasons. If you receive such a call:

• Do not provide any information
• Hang up immediately
• Contact the platform through official channels listed on their verified website
• Report the suspicious call to the platform's security team

Always verify contact information by:

• Visiting the official website directly (type the URL manually, don't click links)
• Using contact details from the official app
• Checking the platform's verified social media accounts

Never Transfer Funds at Someone Else's Request

Legitimate platform support staff will NEVER ask you to:

• Send cryptocurrency to external wallet addresses
• Transfer funds to a "secure wallet" for protection
• Move assets to resolve a security issue
• Pay fees or taxes in cryptocurrency to unlock your account

These are all common scam tactics. Your funds are secure in your account, and no legitimate support operation requires you to move them elsewhere.

Use a Dedicated Email Address

We strongly recommend creating a new email address used exclusively for your crypto platform account. This practice significantly enhances your security because:

• Reduces data exposure: If your primary email is compromised in a data breach, scammers won't automatically know about your crypto holdings
• Breaks data connections: Cybercriminals often cross-reference leaked databases to identify high-value targets. A dedicated email makes this much harder
• Limits phishing surface: You'll receive fewer phishing attempts because the email address isn't widely known or associated with your other online activities
• Easier to monitor: With only platform-related emails coming to this address, it's much easier to spot suspicious communications

When creating a dedicated email:

• Use a strong, unique password
• Enable two-factor authentication on the email account itself
• Never use this email for any other purpose
• Don't share this email address with anyone

Immediate Action if You've Clicked a Phishing Link

If you've accidentally clicked on a suspicious link or provided information to a potential scammer, take immediate action:

1. Lock your account immediately: Most platforms offer an emergency account lock feature that prevents all transactions and access
2. Change your password: Use a strong, unique password that you haven't used elsewhere
3. Review recent activity: Check your transaction history for any unauthorized actions
4. Enable or update 2FA: If you haven't already, enable two-factor authentication. If you have it enabled, consider switching to a different authentication method
5. Contact official support: Reach out through verified channels to report the incident
6. Monitor your accounts: Keep close watch on all your financial accounts for suspicious activity
7. Run security scans: Use reputable antivirus software to scan your device for malware

Additional Security Measures:

• Keep software updated: Regularly update your operating system, browsers, and security software to patch vulnerabilities
• Use hardware security keys: Consider using physical security keys for two-factor authentication, which are immune to phishing
• Enable email notifications: Set up alerts for all account activities so you're immediately aware of any unauthorized access
• Educate yourself: Stay informed about new phishing tactics and scam techniques by following security blogs and official platform announcements
• Be skeptical: If something seems too urgent, too good to be true, or requests unusual actions, it's likely a scam

Remember: Legitimate crypto platforms prioritize your security and will never use high-pressure tactics or request sensitive information through unsolicited communications. When in doubt, always verify through official channels before taking any action. Your vigilance is your strongest defense against cyber threats.

FAQ

What are the common signs of a phishing or scam email?

Common signs include unfamiliar greetings, grammar errors, suspicious links, mismatched email addresses, urgent requests for personal information, and poor formatting. Always verify sender identity before clicking links or sharing data.

How can I verify if an email is really from a legitimate company?

Check the sender's email address for official company domain, verify contact details on the official website, look for spelling errors or suspicious links, and use email authentication tools to confirm legitimacy.

What should I do if I accidentally clicked on a suspicious link in an email?

Immediately disconnect from the internet and do not enter any personal information. Change your passwords from another device, enable MFA, and run a full antivirus scan. Monitor your accounts for unauthorized activity.

How can I protect my email account from being hacked or compromised?

Create strong, unique passwords and enable two-factor authentication. Regularly review account activity and log out from untrusted devices. Update security settings frequently and avoid clicking suspicious links in emails.

What are the most common types of email scams and how do they work?

Common email scams include phishing, where attackers impersonate legitimate entities to steal credentials, and fake invoice scams requesting unauthorized payments. Always verify sender authenticity and avoid clicking suspicious links or downloading attachments from unknown sources.

Should I report scam emails and where can I report them?

Yes, report scam emails to the Federal Trade Commission (FTC) at (877) IDTHEFT or online. If you disclosed sensitive information, contact major credit reporting agencies. Notify your bank if the email resembled official correspondence.