Help Center
KYC and Security Matters
Additional Safety Features

How to Identify Phishing Threats and Avoid Common Scams

logo
Last updated on 2025-11-17 03:32:29
Share

Cybercriminals are always on the lookout for the next loophole to exploit. Given blockchain’s decentralized nature and ever-heightened cybersecurity defences, their target has shifted to the user data instead—a prime entry point for broader cybercrimes. To accomplish this, cybercriminals rely on common deceptive techniques known as spoofing and phishing.

 

 

 

 

What are spoofing and phishing?

Spoofing and phishing refer to the practices of disguising harmful content as legitimate communications from official sources. These techniques operate in one of two ways:

  1. To trick users into revealing their important information and credentials, giving malicious parties access to their digital assets.

  2. To impersonate official sources in an elaborate scam so that users give their digital assets away by their own will.

 

Both tactics involve psychological manipulation and system vulnerabilities. After all, it is certainly much more convenient for bad actors to mine the targets’ personal data for access rather than brute force their way into an airtight security system. Therefore, understanding and recognizing how spoofing and phishing work in various cryptocurrency scams is crucial to keep your information and assets secure.

 

 

 

 

 

Types of Cryptocurrency Scams

Scenario 1: Fake Bybit Website or Scam App with Fake Bybit Support

 

 

 

Scammers sometimes lure users by redirecting them to fake crypto trading platforms or digital wallets. These fake sites either work as phishing pages, which steal users’ private information, or offer fake services that appear as legitimate investment opportunities.

 

 

 

 

 

Scenario 2: Impersonating Bybit Official Staff to Contact Users

  • Individuals who are not official Bybit staff but act as Customer Support to contact users via social media such as Telegram, WhatsApp, X (formerly Twitter), or more.

  • Never share personal details, such as passwords, bank accounts, or wallet information, with unverified sources.

 

 

 

 

 

Scenario 3: Fake Bybit SMS Scam Alert

We have detected a phishing scam where fraudsters send fake SMS messages to random users. These messages often claim that if the verification code was not requested by the user, they should call a provided phone number. 

 

In an attempt to appear as legitimate communication, the schemes sometimes use fake sender IDs to mask the original senders in the SMS header. This means that these deceptive texts may even show up in the same conversation thread as previous Bybit’s official messages. 

 

 

 

 

Please be advised:

Bybit will never provide or request users to contact any phone number. We do not offer customer support via hotline calls and will never send SMS messages containing links (URLs), requests to contact customer service, or instructions to make phone calls.

 

Please remain vigilant and do not trust any suspicious calls or text messages claiming to be from Bybit. Always verify information through Bybit’s official channels.

 

 

 

Solution

In the event that you receive an SMS scam alert, we strongly recommend that you block the suspicious or unknown number to prevent receiving further scam messages.

 

For Android users:

Step 1: Open the Phone app.

 

 

Step 2: Tap the three-dot menu in the upper-right corner and select Settings.

 

 

Step 3: Choose Block numbers or Block and report spam.

 

 

For iPhone (iOS) users:

Step 1: Open the text message from the number you want to block.

 

 

Step 2: Tap the sender’s number, then tap the info (i) icon.

 

 

Step 3: Select Block this CallerBlock Contact.

 

 

For more information on how to protect yourself from phishing text messages, please refer to the Prevention Tips.

 

 

 

 

 

Scenario 4: Fake Airdrop or Rewards 

  • The common tactic is to persuade users to transfer a certain amount to an unknown deposit address to claim an airdrop or reward.

  • Always be cautious of promotions that seem too good to be true, and verify suspicious messages or offers by contacting Bybit’s official support.

 

 

 

 

 

 

Scenario 5: Wallet Scam

By accessing a phishing dApp webpage, users inadvertently connect their wallets and trigger wallet authorization. Subsequently, they unknowingly grant authorization to a malicious contract. For instance, the malicious contract might include terms authorizing the transfer of all assets to the hacker. Users who fail to notice or are unfamiliar with these contract mechanisms may inadvertently grant authorization to the hacker.

 

Example: User A received an email from a scammer, pretending to offer a legitimate service, investment, or reward on his Wallet. The scammer gained the user's trust with convincing details in his email which led User A to follow the steps indicated and ultimately authorize access to their wallet to the scammer.

 

Web3 Scam 01.png

 

Without a comprehensive understanding of the technology or attentiveness to the authorization content, users face the risk of having their assets transferred away. 

 

Here is a guide to revoke authorization granted to unknown third parties and wallet addresses

 

Step 1: Please connect your Bybit wallet to the Revoke.cash website and grant the necessary permissions from the Bybit wallet extension to Revoke.cash. 

 

 

 

 

 

Step 2: Once you have completed the authorization, please select the chain network of the dApp you want to revoke in the top right corner.

 

 

 

 

 

 

Step 3: On the wallet address section, please select the chain network of the wallet address you want to revoke. A list of the most recent token approvals will appear on the dashboard.

 

 

 

 

 

 

Step 4: Please click on the Revoke button in the Actions column. Upon completing these steps, the token approval will be canceled immediately.

 

 

Please be aware that Bybit will never encourage users to transfer funds to any specified wallet address to unlock rewards from any event. Kindly refer to our Official Announcement Center to consult our events’ rules, requirements and terms & conditions. Moreover, rewards distribution will be made via our Rewards Hub, and users may need to claim their rewards manually from there.

 

 

 

 

 

Scenario 6: Impersonating Bybit Social Media Account

  • Always look for verification badges, review profile details, and compare with the official website.

  • Bybit does not use any WhatsApp channels to communicate. Any WhatsApp group or message claiming to be from Bybit is fraudulent. You can view Bybit’s official communities and social media accounts here: https://www.bybit.com/en/promo/global/communities.

 

Fake Account

Official Account

Scam 01.png

Scam 02.png

 

Alternatively, you can visit Bybit’s official social media channels via the quick links located at the footer of the Bybit website.

 

 

 

 

Scenario 7: Ask Users to Transfer Funds to Fake Bybit Wallet Address

  • This scam involves scammers deceiving users by claiming that Bybit is currently collaborating with certain token projects' developers to test the performance of the blockchain. 

  • The scammers then provide detailed instructions on how users can deposit funds into their Bybit accounts, appearing helpful to lower users' guards.

  • Subsequently, they provide a withdrawal address bearing the Bybit name, falsely posing as an official address. Users are instructed to withdraw funds to this address under the guise of assisting with testing, promising a reward of X% of the withdrawn amount. 

  • Initially, the scammers transfer rewards to users to lure them further. However, as the amount involved grows, the scammers disappear with the users' assets, leaving them unable to retrieve their funds.

 

Important: 

As we have always emphasized, Bybit will never ask you to withdraw to unknown wallet addresses. It's a cautionary tale to always be wary of offers that seem too good to be true and to double-check before sending money anywhere.

 

 

 

 

 

 

Scenario 8: P2P Crypto Scams

Some of the most common P2P crypto scams include fake receipt scams / ESCROW transaction scams, Man-in-the-Middle (MitM) scams, and more. For more details, please refer to How to Avoid Crypto P2P Scams.

 

 

 

 

 

 

In conclusion, staying vigilant and cautious when dealing with emails and online communications is essential in protecting oneself from falling victim to spoofing and phishing scams. By remaining aware of common tactics used by scammers and exercising diligence in verifying the authenticity of communications, you can better safeguard your assets and personal information in the crypto realm. To learn more about how to enhance the security of your account, please refer to here.

 

 

Read More

Top 19 Crypto Scams in 2024: How to Avoid Them

Crypto Scam Recovery: Can You Recover Funds After a Scam?

How to Avoid Authorized Push Payment (APP) Scams

7 Crypto Scams That Actually Happened So Far

How to Avoid P2P Crypto Scams and Fraud

Was it helpful?
Related Articles
How to Enhance the Security of Your AccountTroubleshooting: Unable to Use Yubikey AuthenticationHow to Set Up and Disable Your Fund PasswordNotice to users in the UKHow to Set Up and Manage Passkey on BybitHow to Set Up the Anti-Phishing CodeHow to Report Stolen Assets