In recent times, the rise of advanced scamming techniques has led to an increasing number of individuals falling victim to fraudulent schemes. Given the unique nature of cryptocurrencies, the loss of assets due to deception is often difficult to trace. Hence, users should remain vigilant at all times to safeguard their assets. Follow the prevention tips below so that you can discern whether emails or messages originate from our official platforms and avoid common fraudulent tactics currently in use.

 

 

• Tip 1: Check the Sender’s Contact Information
• Tip 2: Remain Vigilant of Suspicious Email Content & Text Messages
• Tip 3: Complete Email Authentication
• Tip 4: Verify the Anti-Phishing Code
• Tip 5: Contact Bybit TR Customer Support via Official Channels

 

 

 

 

1. Check the Sender's Contact Information

Verify the sender's contact information (e.g., email address, phone number, website URLs, etc.) against known legitimate Bybit TR official channels by looking for any inconsistencies or suspicious elements.

 

You can easily check whether the sources are from Bybit TR by using our Authenticity Checker to verify their authenticity. Simply select the channel type and fill in the details to get the result.

 

 

This function can be accessed easily on the website by going to the main Bybit TR menu or scrolling down to the bottom of the webpage.

 

 

 

Important:

Please note that the sender's address in emails and text messages can be easily forged. Therefore, even if the Authenticity Checker displays that the verification result is official, it does not necessarily mean that the email or text message you received was truly sent from Bybit TR's official mailbox. Please exercise caution and discernment!

 

 

 

 

 

2. Remain Vigilant of Suspicious Email Content & Text Messages

Phishing emails and text messages aim to provoke users to make irrational and rash decisions that would compromise their sensitive information and online safety. This type of social engineering often employs a coercive, concerned, or persuasive language to prompt user actions driven by fear, urgency, and even curiosity. 

 

To remain alert of such tactics, here are a few things you should take note:

 

 

a. Bybit TR will never ask you to transfer assets to an unknown deposit address or ask for your wallet recovery phrase.

Whenever you receive an email or SMS requesting your personal information, password, or assets, you should maintain a skeptical attitude at all times. 

 

As mentioned above, even if the verification result is official, the sender’s contact information can be easily forged using spoofing techniques. Below is a typical example demonstrating how scammers conceal and forge sender email addresses to solicit assets from Bybit TR users.

 

 

 

 

b. Never click on any suspicious links or give away your personal information on unverified platforms.

Carefully examine any links and URLs you’re about to click, especially when they redirect you to unknown third-party sites. It is common for phishing links to also use URL shortening services to mask malicious websites.

 

Scammers and phishers will use the collected information to exploit any vulnerabilities in your system, making you susceptible to hacking or other malicious online activities.

 

 

 

c. Do not download any attachments (e.g., DOCs, PDFs, PNGs, EMLs) from suspicious emails.

Bad actors often use double extensions to trick users into accessing or interacting with files that appear harmless but in reality contain malicious codes that act as executables upon access, which would automatically embed themselves into your device.

 

 

 

 

 

3. Complete Email Authentication

You can inspect the full headers of an email to verify its legitimacy. Albeit slightly more technical, this method allows you to inspect the email’s metadata in better detail, including the content, date and path, subject lines, recipient information, sender and recipient addresses, registered IP address, and so on. 

 

Given that spoofing techniques work by disguising harmful materials as a trusted and legitimate source, email authentication adds an extra layer of safety measures to identify any anomalies and circumvent phishing attacks. 

 

 

 

a. View Email Headers (Gmail)

Please click on the Ellipsis (three dots) at the top right corner of your email, then select Show Original. You will be then redirected to a page with details of your email headers.

 

 

Note:

The methods to view email headers may vary across email service providers. Thus, it is advisable that you follow the official guides from your respective email service providers to safely do so.

• Outlook

• ProtonMail

 

 

 

b. DKIM/SPF/DMARC authentication results

Once you are able to access the email headers, please check the details of the following security signatures SPF/DKIM/DMARC.

 

In essence, DKIM (DomainKeys Identified Mail), SPF (Sender Policy Framework), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are three main email security protocols set in place to prevent tampering or unauthorized access.

 

 

As illustrated by the image above, a “pass” status for each signature indicates that the email has been properly authenticated and proven likely to be from a trustworthy source. In the event you have received an email with one or all three signatures displaying a “fail” status, such an email might have been altered or sent from an unauthorized source.

 

 

 

c. Check the registered IP Address

The email header also records the designated IP address, from which the email has been sent. You can use various IP reputation checkers (e.g., Google Safe Browsing Transparency Report and VirusTotal) to verify the IP address’ ownership and origin and make sure it has not been reported for any malicious activities.

 

 

 

Note: While these sites have amassed comprehensive databases, it is always a good exercise to cross-reference the results with various sources. Keep in mind that this step is only complementary to other verification methods and it is highly advisable that you reach out to our customer support for assistance, should you have any doubt.

 

 

 

 

 

4. Verify the Anti-Phishing Code

Bybit TR’s Anti-Phishing Code is a security feature comprising a unique set of alphanumeric and special characters. Once activated, this personalized code would appear in all official Bybit TR emails and text messages thereafter, allowing users to easily verify the authenticity of information they receive.

 

 

 

Here’s how you can use the anti-phishing code feature to safely access verified communications and filter out phishing scams:

1. Before opening any email or text message, please ensure that the anti-phishing code is present and matches your unique code. You can do so by viewing the code from your pop-up notifications or email inbox.

 

 

2. A missing or incorrect anti-phishing code is a strong indicator of a fraudulent email or text message. In that case, exercise greater caution with your browsing activities and immediately update your account credentials (e.g., password, phone number, etc.) to secure your data. It is likely that a bad actor has obtained some of your information elsewhere and uses it to target you in a phishing scam.

3. If you suspect that an email or a text message might be a phishing attempt, please refrain from interacting with it and contact our customer support (see tip no. 5).

 

 

Important:

You are strongly encouraged to enable the Anti-Phishing Code function. If you have not set up your Anti-Phishing Code, please follow this guide, then go to your Account & Security page to get started. For more information, please refer to How to Enhance the Security of Your Account.

 

 

 

 

 

 

5. Contact Bybit TR Customer Support via Official Channels

While all the prevention tips above greatly minimize the risk of scams and phishing attacks, we strongly advise you to reach out to Bybit TR’s official Customer Support for thorough assistance. 

 

If you think you might have encountered a scam or a phishing attack by someone impersonating Bybit TR representatives on any website, email, social media, or messaging app, please alert us in one of the following ways:

 

 

a. Via the Help Center Live Chat or Webform

You can talk to our customer support directly via Live Chat or simply fill out this form with your inquiry, and our dedicated team will attend to your case. You may furnish supporting documents (e.g., screenshots, TXIDs, etc.) to help with the investigation and review process.

 

 

b. Via the Authenticity Check page

Alternatively, you can make a report directly on the Authenticity Check page and the security team will swiftly review and handle your inquiry.

 

 

i. Phishing threats, scams, and other fraudulent activities

If you would like to report suspected phishing threats, scams, and other fraudulent activities, please click on Report from the available section to start your inquiry. Select the type of activities accordingly, and provide additional information that you deem relevant.

 

 

Important

In the case of a phishing email, please provide the .eml format file of the email message for our Customer Support to review. Kindly follow the guide below on how to do so:

 

 

Download email as an .eml file (Gmail)

To retrieve the file, please click on the Ellipsis (three dots) at the top right corner of your email, then select Download Message. The email will then be saved as an .eml file on your computer. 

 

 

Note:
The methods to save email as an .eml file might be slightly different for other email service providers. Please consult the official guides of your respective email service providers to safely do so.

• Outlook

• ProtonMail

 

 

Bybit TR remains committed to providing a safe and secure environment for all users. Your vigilance in reporting any suspicious activity helps us safeguard the community.