As bitcoin becomes more popular and attracts mainstream users, scammers are resorting to tried-and-tested tricks like phishing emails and imitation websites to steal your funds.
Follow these tips to keep yours safe.
1) Don’t be greedy
Phishing emails targeted at bitcoin users have so far come in a variety of flavours, the most blatant of which involves a person ostensibly sending you their wallet backup file and private key and asking you to send their bitcoin to another wallet address.
The bait here is that you’ll take the money and run. But as Imgur user GreenFox detailed in January, the wallet file actually contains an executable program (.exe) disguised as a text file, that will make off with your coins should you accidentally install it.
In short, don't let your greed get the better of you.
2) Don't click links in unsolicited emails
This applies to any of the more popular bitcoin services. At their most effective, phishing emails imitate the branding, language and function of emails from well-known and trusted companies.
Instead of appealing to your greed, these types of emails co-opt your concerns about security. And rather than downloading malicious software, these emails will more likely ask you to visit a website to enter your password, but both are possible.
There are two things you can do to double check that an email is legitimate.
Firstly, look at the actual email address (not the screenname) that the email has come from. If it isn’t from precisely the website it claims to be from, that’s a big red warning flag.
Secondly, don’t blindly click web addresses. Hover over the link with your cursor and the web browser will show you the real URL in the bottom left hand corner of your screen on the 'status bar'. Note that, in some browsers, Safari, for example, this grey strip may be hidden. Go to View > Show Status Bar to reveal it.
However, as DeathAndTaxes suggests on BitcoinTalk, “A good rule of thumb is to simply never click on links in emails for site which may be important.”
3) Beware Google adverts
Not a phishing email exactly, but the use of fake Google adverts to direct people away from legitimate bitcoin services towards fake imitation sites has been a recent concern of the bitcoin community.
Secondly, as a general rule, check a website’s URL in the browser before inputting any data. As user @juanjblog pointed out in a recent tweet, it’s pretty hard to see that the recent fake Blockchain.info site pictured above isn’t the real deal.
Hopefully, after reading the above, you are now a little less likely to have your bitcoin stolen.
However, keeping your bitcoin secure requires constant vigilance and a bit more effort than simply not clicking links on emails or dodgy ads. Try starting with CoinDesk's primer on paper wallets, one of the most secure ways of safely storing bitcoin.
If you must keep coins online, two-factor authorisation and multi-signature wallets are far more secure than those with a single password.
Fisherman image via Shutterstock
CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk offers all employees above a certain salary threshold, including journalists, stock options in the Bullish group as part of their compensation.