How to Avoid Phishing Attacks Online

The recent boom in interest in cryptocurrency has seen an uptick in phishing attacks on cryptocurrency exchanges. It’s super important to us that our customers know the signs of phishing scams and how to avoid them. 

What is Phishing? 

‘Phishing’ is a cybercrime where fraudsters pose as legitimate businesses to target people. They create fake websites, emails, adverts, SMS and phone calls. Phishing websites are sometimes created to look like Uphold’s website but they’ll ask you to give away sensitive information to scam you. With phone and SMS phishing the fraudsters will contact you saying they work for Uphold. The scammers will usually say your account is ‘at risk’ or that you need to move your money to a ‘safe account’. This is to make you panic so you’ll be more likely to move your money into their account without thinking twice. 

These messages & calls can be worrying and we want to make sure you know how to spot when you’re being scammed. Here’s how you know if it’s Uphold or not: 

We’ll only ever email you from: 

• [email protected]
• [email protected]
• [email protected]
• [email protected]
• @help.uphold.com
• @unboxed.uphold.com
• @uphold.com

We’ll never: 

• Ask you to move your money to a ‘safe account’ because your money is in ‘danger’.
• Ask you to move your money to an alternative Uphold account.
• Ask you for password details/PINs or sensitive information. 
• Ask you for your full 16 digit card number or the 3 digits on the back of the card.

Our Social Media Channels

If you’re chatting with us over social media it’s important that you make sure it’s us! Here’s a list of our official social media accounts: 

@UpholdInc

@AskUphold

Facebook

Instagram

LinkedIn

Reddit

YouTube

How to protect yourself from phishing

A great way to stop phishing scams from being successful is by setting up 2-Step Verification (2-SV), you can read more about the benefits here. When you enable 2-SV you’ll be given a Security Key that you’ll use in your Authenticator App. The Authenticator App will generate a different Verification Code every 30 seconds, that you’ll need to withdraw funds from your Uphold account. As you’ll have your mobile with you it means that the scammer isn’t able to log into your account remotely, even if you gave out your username and password as a result of a phishing scam. 

If you’re still unsure about whether you’re speaking to us or not, take 5 and check the details or end the conversation and contact us directly through support.

How to spot phishing websites

It’s easy to spot phishing sites when you know how. It’s all in the URL address. Each and every time you log-in to Uphold, you must check our URL. Below are browser examples of the legitimate https://uphold.com website compared with fake websites impersonating https://uphold.com. Our genuine website is protected by an Extended Validation certificate and depending on your browser this will either display our company name Uphold, Inc [US] in the top left of the URL window, or our URL address in green or grey. Either is fine and you are on the genuine Uphold website. If you do not see our company name (in exactly the format above), nor the correct URL address (https://uphold.com) the website is fake. Do not click on it or proceed with login. Just close the page and report it to our support team. We are working hard to take down all malicious websites.

Don’t respond to emails asking for personal details

We never mention cash sums in emails, ask for passwords, or send you checks via the post.

If you get emails like this, trash them – they’re not from Uphold.

Below are examples of fraudulent emails you must avoid.

Do’s And Don’ts to avoid phishing scams

• Do check the URL address (https://uphold.com) in the URL window. Depending on your browser this will either display our company name Uphold, Inc [US] in the top left of the URL window, or our URL address in green or grey. Either is fine and you are on the genuine Uphold website. If you don’t see either, stay clear. The site is fake.
• Do bookmark our URL https://uphold.com rather than using search-engine results every time you want to log-in.
• Do check the spelling of Uphold in the URL and ensure a rogue character has not snuck in.
• Do look out for emails with poor spelling or grammatical errors: the classic hallmarks of a scam.
• On a mobile device, do make sure you’re on the Uphold website, by tapping and holding any hyperlink and checking the URL – it should say https://uphold.com

An email on a mobile device appears to show the genuine Uphold URL. However, when the user taps and holds the link, it reveals a fake URL underneath. Always tap and hold links to reveal the true URL.

• On a PC or laptop, do hover your mouse over any hyperlink to see the URL or web address of the webpage. Remember, it’s only us if it says https://uphold.com
• Our support team will never call you asking for log-in information.
• Similarly, they’ll never email you asking for log-in information.
• Last – don’t click any link you’re not sure about and contact our support team immediately if you have doubts! 

What we are doing to protect you from phishing scams

• Constant monitoring – Our security teams are proactively monitoring the internet 24 x 7 x 365 for fake websites as well as major App stores, including: Apple iTunes App Store, Google Play Store, and other third-party app stores. On detection, we request immediate take-down of the fake website and apps.
• Constant implementation of new security features as new solutions become available.
• The introduction of regular security awareness updates to our members.

Remember, check our URL every time you log-in to Uphold. Never disclose your log-in credentials via email or over the phone to anyone. It’s that simple. Together we can beat phishing.