Back to Academy
Security 2 min read

Email Phishing: How to Be One Step Ahead

Phishing is the #1 threat in crypto. Learn to spot fake emails and report them instantly.

Key Takeaways
  • Phishing emails pretend to be trusted companies to steal your data.
  • Check the sender's email address carefully (e.g. support@binance-help.com is FAKE).
  • Never click links in urgent emails.
  • Report suspicious emails immediately to your provider.

Phishing attacks are a significant problem in the cryptocurrency space, targeting both individuals and organizations. Because transactions are irreversible, a single click on a malicious link can drain your wallet. It is difficult to track exactly how many people have been scammed, but the numbers are in the billions. Your best defense is awareness.

How to Spot a Phishing Email 🎣

Scammers are getting smarter, but they often make the same mistakes. Watch out for these red flags:

  • The "Urgent" Request: Phishing emails often claim there is an urgent issue (e.g., "Your account will be banned!") to panic you into clicking without thinking.
  • The Sender Address: Pay close attention to the actual email address, not just the name.

Secure your email with 2FA →

  • Generic Greetings: Trustworthy organizations usually use your name. Be wary of "Dear Customer" or "Dear User."
  • Suspicious Links: Hover over the link (without clicking) to see the actual URL. If it looks strange or uses a URL shortener (bit.ly), do not click.

The Golden Rule of Crypto

Trustworthy organizations will never email you asking for your password, seed phrase, or 2FA code. If an email asks for this, it is a scam. Delete it immediately.

How to Report Phishing

If you spot a scam, don't just delete it—report it. This helps email providers block the sender for everyone else.

In Gmail 📧

  1. Open the suspicious email.
  2. Click the three vertical dots (â‹®) in the top right corner of the email.
  3. Select "Report phishing".
  4. Confirm by clicking "Report phishing" again in the pop-up.

In Outlook 📧

  1. Open the suspicious email.
  2. Click the "Report phishing" icon (looks like a red exclamation mark inside a triangle).
  3. Confirm your action.

Pro Tip

The Golden Rule of Links: If you get an email from a service (like MetaMask or Binance) saying you need to take action, do not click the link in the email. instead, open your browser and type in the official website address manually. This guarantees you are on the real site.