How to protect your account from social engineering

Social engineering is the most dangerous online threat.

We are invested in your security, so we provide a whole set of tools to help you protect your account. Two-factor authentication, email confirmations for major account activities, and withdrawal whitelists make it incredibly hard for intruders to get their hands on your funds.

But technical security solutions alone are not enough to fully protect you.

They can be powerless against social engineering.

There are hundreds if not thousands of scammers out there trying to impersonate our employees and steal funds from our traders. This article will help you detect them instantly and not fall victim to deceptive tactics. Should you see such things, please report them to us immediately.

“Helpers” on Twitter

Scammers search for any tweets our traders send to us. Then they reach out to these people directly, using accounts disguised as those of the official HitBTC representatives. They find ways to force you into making some sort of payment or giving them access to your account. At some point the conversation takes a turn along these lines:

To stay safe on Twitter, remember this:

  1. The only official HitBTC Twitter account is twitter.com/hitbtc
  2. The only way to receive the assistance of our technical support team is via browsing support.hitbtc.com.
  3. We never ask for any payment for any kind of support services we provide.

“Helpers” on Telegram

Scammers try to impersonate support team members and moderators of our Telegram group (we also have a Spanish room).

They send direct messages to anyone who has asked questions in the group and pretend to provide help. Then they find ways to force users into making some sort of payment or giving them access to their accounts. Here’s what it looks like:

Once you get involved in a conversation with a scammer, soon you will see something like this:

Also pay attention to the language in which you are being approached. In the absolute majority of cases, the language will be very sloppy and grammatically incorrect. HitBTC puts a lot of care in using grammatically correct, well-formed sentences (although an occasional typo or error is always possible – we are human after all!). So if the message contains too many mistakes or “Sirs,” this may be another telltale sign that something fishy is going on. 

Sometimes their attempts are very simple, stripped of any disguise.

Sometimes they are more involved. Scammers may not even reach out to you directly. Instead, they might provide you with the contact info for a “support team member,” so that you would write to them yourself. Don’t do that.

To stay safe in Telegram, remember this:

  1. Moderators won’t reach out to you privately: their mission is to talk publicly.
  2. If you wish to reach a moderator privately, the only way to find one is to locate the star or the “admin” title near his or her name in the member list.
  3. The only way to receive the assistance of the technical support team is via browsing support.hitbtc.com.
  4. We never ask for any payment for any kind of support services we provide.

“Announcements” from our team

Scammers may try to imitate legitimate HitBTC announcements. They would use such messages to try to convince you to make a payment, download a malicious application, share your personal data, etc.

For example, after we announced the beta-testing of our Android application, the following scam emails started to pop up:

Remember this to stay safe:

  1. The rules for every contest and campaign are described on our blog. Don’t trust any emails if they tell you something different from what the blog says.
  2. Don’t hesitate to contact our support team for a prompt verification of any announcement you may come across online.

“Support phone numbers”

Our team of customer support professionals is always available. You can message them via the Support Center to receive prompt, detailed replies. We don’t provide support over the phone. Do not trust things that look like this:

If you happen to see any other examples of social engineering, please report them to us immediately. We will help you tell apart our legitimate activities from scam attempts.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.
Contact us