Protecting Your Crypto Portfolio in the New Year

At Gemini, security has been our top priority since our founding. The Gemini team continually monitors for new types of online scams and adjusts our security practices to ensure we are protecting our customers and staying ahead of bad actors.

Educating our customers about the actions they can take to protect their account is an important part of these efforts. As we embark on a new year, we want to remind you of some best practices for identifying scams so that you can protect your crypto portfolio in 2025 and beyond.

Helpful Tips for Identifying Scams

Check the Sender

When you receive an email from Gemini, look closely at the sender’s email address, and be aware that bad actors can alter email headers to look legitimate, so remain cautious. Some best practices include:

Make sure the email was sent from a “gemini.com” URL. For reference, Gemini sends transactional emails from no-reply@em.gemini.com and marketing emails from hello@news.gemini.com. Check with your personal email provider for information on how to examine the address an email was sent from.

If you have any questions about the legitimacy of an email, reach out to Gemini’s support team here to verify it.

We Will Never Text You

Gemini will only call customers in special cases upon request and after coordinating a date and time via email correspondence. Gemini Customer Support does not support inbound phone calls. We will never text you, so please do not engage with texts or unknown phone calls claiming to come from Gemini, as bad actors can spoof the phone numbers of legitimate companies like Gemini.

Never Share Personal Information or Login Information

Gemini Customer Support associates will never ask you to share personal or login information, including usernames, passwords, or two-factor authentication (2FA) codes, nor will they ask you to forward an email, share codes of any kind, or install any remote access software on your device.

Check the URL

When logging in to your Gemini account or searching for customer support information, take a close look at the website URL to ensure that it is a “gemini.com” URL. Bookmark the Gemini login page and Gemini Customer Support page on all your devices, and always use the bookmark when logging in to your account or contacting Gemini Support. Do not rely on social media or search engine results to identify the appropriate Gemini URL.

Ask Questions

Even after you’ve taken the above steps, don’t be afraid to ask questions. If you’re concerned about the legitimacy of a person, company, or investment opportunity, remain skeptical. This is especially true if someone is asking you to send them money with a sense of urgency.

Common Scam Examples

Below are examples of common scams impacting customers across the technology and finance industries, including crypto companies.

Tech Support Scams

Tech support scams prey upon people’s fear that their email, bank, or cryptocurrency account has been compromised. In this scam, a bad actor will call, text, or email a target and state that their account has a security concern. The scammer will then ask for the customer’s account credentials, two-factor authentication codes, or ask the customer to download remote software to access the customer’s account in order to ‘fix’ their account after it was supposedly compromised.

Scammers also may use sophisticated means to appear legitimate, such as spoofing customer support emails or phone numbers. Follow the above best practices to ensure that you are communicating with a legitimate representative of the company claiming to be contacting you.

The Investment Club Scam

In an investment club scam, bad actors will contact people through messaging apps and social media sites claiming to help others make huge gains with crypto investing. The scammer will convince people to follow their guidance and either direct them to a fake crypto investment website the scammer operates or open an account at a reputable crypto exchange. From there, the scammers guide the victim to deposit fiat and then withdraw crypto to a wallet the scammer operates.

The Fake Website

Scammers may create copycat websites for well-known companies and encourage a customer to enter their login credentials and 2FA codes, which are then taken and used by the bad actor. Additionally, scammers list fake support phone numbers and emails on fake or legitimate websites. When the victim calls or contacts the listed information, the scammer will pose as a support employee and either request the person’s account credentials or request remote access, allowing them to access the victim’s account.

Fake Crypto Recovery Firm

By posing as a legitimate crypto recovery firm, bad actors may claim to help victims locate previously stolen crypto. These scammers will post on online forums like Reddit, Discord, or in the comments of crypto-related videos and social media looking for potential victims.

Romance Scam

In a romance scam, bad actors may pose as an interested romantic partner to take advantage of those looking to find companionship. These scammers will often find their victims on dating apps, social media, or messaging apps and develop a relationship. Once they sense the victim is comfortable, they will ask the victim to send crypto, sometimes giving a reason for great urgency (e.g. medical expense, frozen bank, taxes) or to help build their future together (e.g. buying a home, car, or new job expenses).

These scams may last for a significant period of time and are commonly known as pig butchering. To read more about pig butchering and how to identify it, please read our blog here.

SIM Swap Scam

By acquiring a victim’s name and phone number through fraudulent means and using that information, scammers may hack into systems connected to the victim’s phone. One of the more common attacks is called SIM swapping, when an unauthorized individual tricks a mobile carrier into switching an existing phone number to a different device. The unauthorized individual can then intercept texts and calls, including two-factor authentication (2FA) confirmations sent via SMS.

Employment Scams

In this type of scam, bad actors will create fake businesses and solicit victims by email, SMS, professional profiles, and social media sites. The scammer will promise employment, but ultimately aim to steal the individual's personal data, money, or cryptocurrency. The scammer ‘hires’ the individual and asks for bogus fees upfront. They may also ask the job seeker to fill out an application to gather their personal and financial details.

Moving Forward

At Gemini, we remain dedicated to staying ahead of the latest scams and arming our customers with the information they need to keep their accounts safe. Reviewing these best practices and common types of online scams will be instrumental in our industry’s fight against bad actors.

Onward and Upward,
Team Gemini

*The preceding examples are not a comprehensive list of all possible risks. Suggestions for avoiding online scams do not guarantee your security. You should always exercise caution online and when transacting in digital assets. Transactions in digital assets may be irreversible, and, accordingly, losses due to fraudulent or accidental transactions may not be recoverable. The nature of digital assets may lead to an increased risk of fraud or cyber attack. *