Last updated: 10 October 2019
Luno follows strict internal security practices aimed at keeping your cryptocurrency safe, which we’ve detailed here. It is however, important that you also take certain precautions to ensure that you are the only person with access to your account. If someone gains access to your account, your cryptocurrency may be at risk
Some of the most common methods that scammers may use to gain access to and perform unauthorised transactions on your account are explained below:
Account takeovers: Luno relies on your email address and phone number for communication with you. If someone gains unauthorised control over these, they could potentially gain access to your Luno account. It is therefore, important to make sure that you have strong security on your email and Luno accounts.
Phishing: This is when you are tricked into revealing personal information, such as usernames, passwords or other sensitive information. Phishing can take many forms, for example:
Emails: You may receive an email that appears to be from Luno but was actually sent by a scammer, asking you for information or leading you to a fraudulent website.
Phishing websites: These websites are set up to look like Luno’s website, but everything entered there (like your username and password) gets recorded in order for scammers to access your actual Luno account. In some cases, these websites are promoted by running adverts that look like they’re taking you to the legitimate Luno website.
Phone scams: Someone may call you, pretending to be from Luno, asking you to provide your username, password and other information in order to access your Luno account.
SMS / instant messaging scams: In this case a fraudster will send you a message purporting to be from Luno and prompting you to share your username, password or other information, or to select a link.
Luno will never call, email or SMS/instant message you and ask you for your password. If anyone contacts you claiming to be from Luno and asks for this information, you should end communication and get in touch with us by contacting support yourself.
Malware: This is an advanced method where scammers gain access to your devices through sophisticated software programs that allow them to take control of your computer, steal your passwords or other sensitive information.
Identity theft: This is when someone obtains access to your personal information and pretends to be you in order to, for example, open an account in your name and/or transact on your account. Identity theft may occur when your identification document, passport or other information is stolen (either physically, through phishing or by other forms of social engineering). There is also a risk of identity theft taking place when your device is stolen.
Transactions in BTC and ETH are generally irreversible, which means that losses due to fraudulent or accidental transactions are not recoverable. It is therefore very important that you understand how to identify and avoid falling victim to these types of attacks. Here are some precautions you can take:
Strong password security: Use a unique, strong password with at least 16 characters and never share it or reuse it on other websites. Password managers make it easy to generate and store strong passwords. Luno recommends LastPass, but there are several alternatives.
Enable two-factor authentication (2FA): This is an added level of security that requires a unique code every time you log in to an account. The code is generated by your device, which is required in addition to your username and password.
Protect your email account: Keep your email account secure to ensure that nobody can access your Luno account through your email account. Most email providers support 2FA.
Don’t share sensitive information: Luno employees will never ask you for your password, 2FA code, one time pins (OTPs) or ask you to authorise transactions.
Check the URL: Before signing into Luno or clicking an advert, ensure that you are on www.luno.com
Check the email domain: Any communication from Luno will come from a @luno.com or @luno.mailer.com address.
We encourage you to visit our Learning Portal where you can learn more about securing your Luno account, and how to avoid being scammed. Also keep an eye on our monthly newsletter as well as our blog where we publish topical information.
If you believe your account has been compromised, please let us know by submitting a ticket to us as soon as possible.