Back to Articles

Bitcoin phishing fraud (and how we're fighting it at Luno)

Liza Visser
6 minute read

Summary: there are two things you can do to greatly protect yourself: enable two-factor authentication right now and always make sure you are on www.luno.com when you log into your account.

Every day it seems that more Bitcoin phishing scams come to light. In this article, we will review the main types of phishing fraud, what you can do to protect yourself against it and the lengthy measures we take to fight it.

BTC phishing fraud image

The most common types of Bitcoin phishing scams

As we’ve written before: Bitcoin fraud happens in many ways, but one of the most persistent scams are phishing scams.

With phishing scams, people trick you into giving away your account information. These scams are not unique to Bitcoin —they happen in most industries like finance, e-commerce, payments, social media and email.

Since Bitcoin is money that can be sent and not reversed, it means that if you accidentally give someone your Luno account information, your money will be gone for good.

Below are the most common ways people get tricked.

Email phishing

With email phishing, you may receive an email that appears to be from Luno, but in fact comes from a scammer, asking you for information or leading you to a fraudulent website.

email phishing image

This email clearly comes from a scammer, as is evident from the email address. The link takes you to a phishing website.

Phishing websites

Phishing websites are set up to look like Luno’s website, but everything entered there (like your username and password) gets recorded and can give scammers access to your actual Luno account.

Telephone or SMS phishing

With phone phishing someone may call you or send you a text message, claiming to be from Luno, to get you to give up your account password or other information.

Advertising phishing

We’ve also seen an increase in advertising phishing especially Google Adwords phishing scams. When you do a search for “Luno” on Google, someone might be running adverts that look like they’re taking you to the legitimate Luno website but instead takes you to a lookalike phishing site, where your information gets stolen.

phishing advert image

A phishing advert that tries to get you to click through to a phishing website.

How you can protect yourself against Bitcoin phishing

Two-factor authentication

You can protect yourself against phishing scams and most other attacks, simply by enabling two-factor authentication.

With two-factor authentication enabled, you will need two things to gain access to your account: your username and password (something you know) and a one-time PIN that gets generated on your mobile phone (something you have).

This means that even if you accidentally gave away your username and password to a scammer, they won’t be able to access your account, since they won’t have access to your mobile phone. It’s simply the best thing you can do in the next five minutes to make sure your account doesn’t get accessed by anyone but you.

Check the URL

Consider using the Luno app for Android, available on Google Play, or iOS, available on the App Store. If you are using the website, always make sure that you double check the domain name in the browser before logging in. It should say www.luno.com (and most browsers will display a green padlock next to it).

Luno website image

Other suggestions

We wrote a more detailed article on how to keep your accounts secure, including securing your email account, securing your social media accounts, implementing a password management tool and two-factor authentication.

How Luno is fighting Bitcoin phishing fraud

Since day one, we have been committed to keeping our customers and our platform safe from harm. We do this by balancing user experience, monitoring, security and customer education. We take many proactive steps to protect Luno customers and work hard to keep the ecosystem educated and secure.

Smart products

Luno isn’t just a wallet, it’s a smart wallet. We show contextual information to customers: someone in Nigeria might see a list of relevant merchants to her location, a customer in Malaysia may see the Malaysian ringgit exchange rate and information about local meetups.

We apply this logic in educating our customers, too. When an account becomes attractive to hackers (when it has has a positive balance), we guide customers to help them secure their account.

secure your account

Smart features

Two-factor authentication

As mentioned earlier: two-factor authentication is one of the simplest, most secure ways to protect your account(s). We provide this feature on all Luno accounts, customers simply have to activate the optional (and highly recommended) feature.

Suspicious logins

If you don’t have two-factor authentication enabled on your account and we notice any suspicious activities —like login attempts from strange devices or locations— we implement systems to warn you and protect your funds, such as requiring a one time PIN (OTP) to log in.

login verification

Constant monitoring

We have registered for trademarks on the word “Luno” in many countries around the world, which helps kerb fraudsters from creating fake advertisements in many countries.

We also have systems in place to automatically scan for phishing attempts and other fraudulent behaviour.

Once we identify a phishing website, we take quick action to bring the fraudsters down. This includes, but is not limited to:

  • Reporting the suspicious domain with all the major search engines
  • Reporting the domain with the domain registrar for removal
  • Copyright takedown requests (for using our Logo and content)
  • Reporting the emails to the mail sender as fraudulent.
  • If we find a phishing site, we run scripts that pollute the site with nonsense usernames and passwords, which could stall their efforts
  • Reporting phishing advertisements with the relevant platforms

Other channels

In addition to the actions we take and the notices and nudges inside the Luno products, we use multiple communication channels to help educate customers.

Social

We often pay to distribute educational content about scams and phishing.

As example, at the height of the OneCoin and MMM Ponzi schemes in Nigeria, we ran paid advertisements and sponsored posts on Facebook and Twitter, targeting individuals who have liked or followed these dubious scams.
That’s right: we spent money out of our own pocket to tell people to stay clear from these schemes. There was negative backlash from some of the participants at the time and it resulted in us losing customers and revenue, which other less scrupulous platforms were happy to pick up.

Facebook scam post

Content

We constantly write new content, focused on online security and protecting yourself against Bitcoin scams.

These are some of our most popular articles:

Email

We send a mix of targeted and general emails to our customers. We frequently feature stories on the ever-evolving landscape of Bitcoin —the good and the bad— with suggestions on how to stay safe.

Compliance

Even though Bitcoin is currently unregulated in most countries, we’ve taken the decision to implement existing rules and regulations from the financial services industry. There are many exchanges and wallets that don’t have know-your-customer (KYC), anti-money laundering (AML) and anti-terror financing (ATF) measures in place and as a result, these platforms have a much cheaper business model in acquiring customers (since they will accept anyone).

We don’t just do this because we know that regulation will eventually come to the industry, we do it to prevent criminal actors from operating on our platform (in specific) and the industry (in general).

Summary

There is no “silver bullet” that can provide absolute security, but there’s a lot that we can do (and are doing) as leaders in the industry.

We will continue to fight and stay well ahead of potential fraudsters, to keep building our smart platforms that don’t sacrifice usability and we will keep working hard to educate customers on how to secure themselves and their money online.

Avatar Liza Visser
Author

Liza Visser

Liza holds a BCom Management Sciences degree in Marketing and Economics from Stellenbosch University. She previously worked for two national event companies and is passionate about digital marketing and e-commerce.

It’s never too late to get started with Bitcoin. Learn, buy and use Bitcoin with Luno now.

Desktop Icon Apple App Store Logo Google Play Store Logo