What Are Withdrawal Email Phishing Scams?

withdraw phishing email scam

Share this article

The rise of cryptocurrencies has brought about numerous investment opportunities, and capital has gradually flowed into it over the last decade, turning Bitcoin into a trillion-dollar asset class. That’s no small change in the darknet market anymore; it’s a big boy asset class with large institutional and even national investors.

While Bitcoin’s growth has attracted higher net wealth investors, it has also attracted a host of cybercriminals looking to exploit unsuspecting users.

Every cohort of users logs in, hits their private chatrooms and forums, and devise ways to scam users out of their funds. These operations can range from Minecraft kids in mum’s basement to sophisticated hacking operations, but their goal is the same: to leave you penniless.

One of the most common tactics they employ is the withdrawal phishing email. These deceptive emails are designed to trick users into revealing their sensitive information, such as login credentials, ultimately leading to those users losing their Bitcoin or other digital assets.

Not your coins, only your turn to claim them

When you use an exchange to hold your funds, you trust a third party to validate your behalf. You have no on-chain proof that you own any Bitcoin; it is only a paper claim with a company.

Your claim that Bitcoin is tied to your email address/phone number and password, so if someone can access that combination, they can exercise the claim of your funds on your behalf.

This is the risk you run when using a custodial service.

Unlike fiat currency transactions like credit card fraud, which can sometimes be tracked and reversed, blockchain-based assets like Bitcoin provide a final settlement, and once those transactions are confirmed on-chain, only the owner of that receiving wallet can move funds.

You, the exchange and the authorities are powerless unless the scammer makes a mistake that can lead to their capture.

What Is a Withdrawal Phishing Email?

Users who choose to leave their funds with an exchange have a high level of trust in that business, that brand and, of course, any communication they put out.

Scammers know this, and they’re actively targeting these people with emails branded as the victims’ preferred custodians.

A withdrawal phishing email is a fraudulent message sent to custodial Bitcoin and crypto exchange customers. These emails often appear to be official communications from the exchange, designed to instil a sense of Urgency and prompt users to take immediate action.

The goal?

This is to trick you into providing sensitive information that can lead to the theft of your Bitcoin.

Sliding into your mailbox

I recently received one of these emails to my Yahoo account; yes, I still have a Yahoo email. Somehow, this domain bypassed spam filters and hit my primary box.

It didn’t bother me because I don’t use Coinbase, and I don’t own Ethereum. Since I’m not the target for this spray-and-pray approach, it went straight to the trash, but for others who use Coinbase and hold Ethereum, the message could trigger a different response, one of panic, and that’s what these hackers want.

While branded as Coinbase, the email comes from an unrelated domain
jobs@macysandbloomingdalesjobs.com and it was sent to 15 other email addresses, which is kind of sloppy and a dead giveaway.

How Do Withdrawal Phishing Emails Work?

  1. Impersonation: The phishing email typically uses a legitimate exchange’s branding and design elements, making it difficult to distinguish it from genuine communications. This creates a sense of trust, encouraging users to take the email seriously.
  2. Creating Urgency: The email often claims that there has been suspicious activity on your account or that your account is at risk of being compromised. This Urgency can lead users to act quickly, bypassing their usual caution.
  3. Fake Login Links: The email contains a link that directs you to a fake website that mimics the exchange’s login page. Unsuspecting users may enter their username and password, inadvertently handing over their credentials to the scammers.
  4. Data Breach Exploitation: Many of these phishing emails are sent to individuals whose information was obtained from data breaches. Cybercriminals often buy and sell these lists, sending out mass emails to see who will respond.
  5. Account Takeover: Once the scammers have your login details, they can access your account and withdraw funds, leaving you with little recourse to recover your lost assets.

Why are email data breaches so common?

1. Human Error:

  • Weak Passwords: Many people use weak, easily guessable passwords that are vulnerable to hacking attempts, and as a result, databases are exposed
  • Phishing Attacks: Cybercriminals often use phishing emails to trick companies into revealing their login credentials so they can access customer databases
  • Accidental Data Sharing: Employees may accidentally send sensitive information to the wrong recipient or share it publicly.  
  • Disgruntled Employees:  Sometimes companies and staff part on bad terms, and during the offboarding, data can be scrapped and sold to third parties like online marketplaces and data brokers.  

2. Technological Vulnerabilities:

  • Outdated Software: Outdated software with unpatched vulnerabilities can be exploited by hackers.  
  • Poor Security Practices: Organisations may need stronger security measures in place, such as firewalls, intrusion detection systems, and encryption.
  • Data Breaches at Third-Party Providers: If an organisation uses a third-party email provider that experiences a data breach, its users’ data may be compromised.  

3. Organised Cybercrime:

  • Advanced Hacking Techniques: Cybercriminals use sophisticated techniques to bypass security measures and steal data.  
  • Data Brokers: Hackers often sell stolen data on the dark web, making it easy for others to exploit the information.

Why Are These Emails So Effective?

The combination of professional-looking design, urgent messaging, and the promise of account security makes withdrawal phishing emails particularly effective. They prey on users’ fears of losing their assets and their desire to take quick action.

Coinbase on Reddit provides the handles they use for customer communication

How to Protect Yourself

  1. Be Skeptical of Urgency: Always take a moment to consider whether an email is genuinely urgent. If it asks you to act quickly, verify the information independently. Beware of Urgent Requests: Legitimate exchanges rarely send urgent emails demanding immediate action.
  2. Check the Sender’s Email Address: Look closely at the sender’s email. Phishing emails often come from addresses that look similar but are slightly different from the official email address of the exchange.
  3. Avoid Clicking Links: Instead of clicking links in emails, navigate to the exchange’s website directly by typing the URL into your browser. This ensures you’re accessing the legitimate site. Type the Exchange’s URL Manually; instead of clicking on links in emails, manually type the correct URL of your exchange into your browser.
  4. Enable Two-Factor Authentication (2FA): Adding an extra layer of security like 2FA to your account can help protect you, even if your credentials are compromised.
  5. Report Suspicious Emails: If you receive a suspicious email, enquire through official channels first and report it to your exchange’s support team. This helps them take action and warn other users.

Self-custody eliminates a lot of risks.

Withdrawal phishing emails are a serious threat to anyone involved in the cryptocurrency space, leaving funds on a custodial service. If you do trust another person or company to manage your funds, it’s important to understand the risks involved and familiarise yourself with all the possible scam tactics used on the customer base.

Understanding how these scams work and implementing protective measures can significantly reduce your risk of falling victim. It is worth noting that these scams are not going away; they will constantly be refined and improved to target different users; there’s a scam for everyone.

A safer alternative is to use a self-custody wallet, where you have control over your private keys. This gives you complete control over your funds, but it requires more responsibility and technical knowledge.

Always stay vigilant, and remember that it’s better to be cautious than to act hastily when it comes to your financial security.

Disclaimer: This article should not be taken as, and is not intended to provide any investment advice. It is for educational and entertainment purposes only. As of the time posting, the writers may or may not have holdings in some of the coins or tokens they cover. Please conduct your own thorough research before investing in any cryptocurrency, as all investments contain risk. All opinions expressed in these articles are my own and are in no way a reflection of the opinions of The Bitcoin Manual

Leave a Reply

Related articles

You may also be interested in

Strata explained

What Is Strata?

It’s about that time of the cycle when everyone and their Uber driver begins to pay attention to Bitcoin, and with more eyes on the

Cookie policy
We use our own and third party cookies to allow us to understand how the site is used and to support our marketing campaigns.