Dear CoolWallet Community,
The cryptoverse can be a dangerous place if you’re new or not cautious about securing your virtual assets. We’d like to bring to your attention an old scam with different variations that have been robbing cryptocurrency exchanges (like Electrum) and wallet users ( read about Ledger Live’s malware) blind in recent months.
We’re talking about Phishing Scams. In this article, we’ll discuss how you can protect yourself against the different kinds of phishing scams.
What is a Phishing Scam?
A phishing scam is where a malicious actor impersonates a legitimate entity during electronic communication in order to steal personal information and money from you.
Please note: We are not aware of any current phishing scams targeting CoolWallet S users, so there’s no reason to be alarmed. HOWEVER: Forewarned is forearmed.
3 Critical Security Facts You Need To Know:
1. CoolBitX/CoolWallet does not provide any customer phone support
For security and logistical reasons, CoolBitX, the company making the CoolWallet, doesn’t offer phone support for customers. This is in line with industry standards as followed by almost all crypto service providers, including Ledger and Trezor.
If you see a customer support phone number from us… It’s FAKE.
2. We’ll NEVER ask for your private key or recovery seed phrase
Not in person, not in an email, SMS or private message. NEVER. Never reveal your recovery seed phrase to anyone.
First off, your private key is hidden safely within your CoolWallet’s CCEAL5+ certified Secure Element. It received a life sentence when it was generated and it’s never getting out. No one can extract it, not even us. So whoever asks you for it, is trying to steal your crypto assets. Plain and simple.
Secondly. Guard your recovery seed with your life!
Anyone that gains access to your recovery seed phrase (usually 12-24 words or numbers), can access your virtual assets via another wallet and steal them.
3. CoolWallet will NEVER ask you to send crypto to an unknown address
CoolBitX or CoolWallet will NEVER ask you to send coins to an address for any reason, other than to our trusted crypto payment partners at CoinGate as a form of payment.
However, in some cases where you’ve lost or damaged your CoolWallet, we might ask you to set up a new wallet address and temporarily move your funds over. However, only you will have access to that address!
Please DON’T SEND ANY CRYPTO to any address that claims to belong to CoolWallet or CoolBitX! It’s a SCAM!
The 3 Most Popular Crypto Phishing Scams
- By phone
- By email
- By website URL (Google Search)
1. Phishing Method 1: By phone
This one has only recently made a comeback in June 2019.
If you search for a phone number for your wallet’s customer support on Google, it is very likely that you’ll come across some websites that provide phone service numbers for you to call and interact with customer support staff.
Surprise. It’s a Scam!
Be warned, these numbers and the operating staff are all bogus. They’re scammers impersonating legitimate crypto companies and trying to get you to reveal your recovery seed phrase or private keys, so that they can steal your virtual assets.
Now repeat after me:
NEVER EVER REVEAL YOUR SEED PHRASE OR PRIVATE KEYS TO SOMEONE OVER THE PHONE.
Phishing Method 2: Google URL search result
As you may know, hackers are increasingly targeting crypto owners through compromised email or software (see Electrum’s ongoing botnet hack).
Here’s an Example of a Phishing URL:
How to Avoid a URL Phishing Attack
Please make sure that when you click on a link to visit our website (and others of course) or get redirected to our domain, that you are on the right site. Here’s how:
When visiting coolwallet.io, please ensure that:
- the URL address starts with https://.
- there’s a green lock icon to the left of https://.
Here’s what it should look like:
Occasionally if you visit our homepage or certain pages, you might see a weird-looking URL, like this:
Don’t panic. It’s safe.These are just pages we set up to run different tests in order to optimize our site and make it as easy to use as possible.
If in doubt, click on the green lock next to the URL.
You’ll be able to view more security information in the finest of details. Please note that any reputable website in 2019 should have a secure https certificate in order to protect its visitors.
Phishing Method 3: Don’t Open Suspicious Emails from Us or Other Companies
Scammers might impersonate us in an email. If you’re not sure that a received email originated from us, please contact our Customer Support team.
A good way to ensure you don’t get phished is to add a verified email address from us to your email whitelist if possible.