Blockchain Blog

Don't take the bait: spotting phishing emails (with Kristov Atlas)

Phishing attempts are nothing new, but we’ve noticed a consistent increase in the number and variety of phishing emails targeting our users and bitcoin users in general.

Our Security Engineer, Kristov Atlas, took some time to collaborate with me on a post that will help sharpen your senses on these suspicious and sneaky emails. Keep reading to find out how phishing attempts can present themselves, and 6 red flags to keep in mind when checking your inbox. These tips can help make sure you don’t get fooled, and help you protect your bitcoin wallet and overall online presence.

What is phishing?

Phishing is used to deceive someone in order to obtain their personal or financial data. The phisher will attempt to lure the user (often through a seemingly innocent email that appears legitimate) into: unknowingly visiting a link to a malicious website; downloading malware; disabling their security settings; or sending funds directly to the phisher.

6 tell-tale signs something’s phishy with an email

1. Urgent! Take action now(or else…)!

Social engineers who create phishing emails often use urgency to try to cloud the judgement of recipients. They may claim that funds are about to be lost by the user, that their bitcoin wallet has been locked, or some other worrisome scenario for the user. This can often come across as, “If you don’t confirm your wallet within 48 hours, your account will be closed.”


2. False promises (double your bitcoins!)

If it sounds too good to be true, it probably is. These emails will commonly entice you to join in on an investment plan that will guarantee profits on the bitcoins you deposit. This tactic takes advantage of new bitcoin users who don’t know that there is a limit to the number of bitcoins that can exist, and that they can’t be doubled with any magical formula.


3. Different, yet deceivingly similar domain names

Emails delivered from us will come from either or, and links in the email body will also point to the same domains. Phishers often register similar but illegitimate domains. Look out for domain typos (“”) and domains that merely refer to’s products (“”).

4. Links where the text & actual URL don’t match up

When you hover over a link (the same as a long tap on a link on mobile), your email or browsing software should tell you what URL you’ll be directed to. This means you can tell where the link will take you before you visit it, and the destination should be consistent with the description. Any time that this differs from the link you see in the email is a sure sign that something suspicious is going on.


5. Unusual finer details that just don’t look right

It’s common for phishing emails to contain obvious errors like old company logos, spelling and grammatical mistakes that are unbelievably bad, awkwardly written opening phrases, or to just seem a little off to you in some way.

6. It ended up in your junk folder

To protect our bitcoin wallet users, we have configured our mail servers to direct any illegitimate-looking emails sent from our domains to users’ Junk or Spam folders. If you receive an email claiming to be from Blockchain that ends up in one of these folders, open with caution and see if it includes any of the above inconsistencies.

If an email claiming to be from Blockchain (or any other legitimate service) pops up in your inbox or spam folder and shares one or more of these criteria, chances are it’s a phishing attempt. If you’re ever unsure about an email or you want to report a phishing attempt, reach out to us on Facebook, Twitter, or our Support Center.