One of the most unfortunate aspects of the crypto space is its tendency to attract scams. The world bore witness to this in early July when one of the boldest hacks in Internet history – the hijacking of several prominent Twitter accounts, including those of presidential candidate Joe Biden as well as tech titans Bill Gates and Jeff Bezos – turned out to be a ruse to harvest some bitcoin.

CoinDesk was one of the hijacked accounts, too (our handle is all better now, thanks), and it was far from the first time our brand was exploited by crooks looking to make a quick buck. Nor has it been the last.

Previously, scammers impersonated CoinDesk reporters on Telegram and other networks, typically promising coverage in exchange for payment (something we would never do).

Now, some enterprising hoodlums have taken their tricks to a new level.

Over the past few weeks, CoinDesk has seen evidence scammers are copying our newsletters in their entirety, adding a malicious link at the top and changing the subject line to emphasize that link. They then send the email to a list of active and perhaps crypto-curious email addresses likely acquired from privacy-ignoring data brokers or the dark web, completing the phishing scheme.

This is maddening to both us and the victims, since often they never signed up for the mailings in the first place. When they attempt to unsubscribe from the email, they’re either taken to a link that doesn’t work or worse – pulled into the phisher’s trap yet again.

A telltale sign

Admittedly, it can be hard to tell the difference between one of our legit newsletters and one of these phishing copies. The fonts are wrong – but if you’ve never subscribed, how would you know?

There is a giveaway but you need to be paying attention: The malicious link is often in a short “news” item that comes right after the byline, usually touting a company you’ve never heard of.

None of our newsletters begin this way, so if you see one of these, flag it right away by forwarding the email to fraud@coindesk.com.

Compare one fake email we were forwarded...

...to the genuine article:

Rest assured we’re working to identify these scammers so they pay for their crimes (and they are crimes) as well as upgrading our newsletter experiences to improve security.

In the meantime, be sure to practice good inbox management: Be wary of suspicious-looking links; block or filter senders instead of clicking on unsubscribe buttons; and remember, absolutely no one is going to send you back double your bitcoin. Not even your mom.

Not an exchange

CoinDesk is often confused with Coinbase, the popular cryptocurrency exchange, and in the summer of 2021 a scammer apparently tried to take advantage of this by sending emails bearing our logo to a hapless victim:

To be clear: CoinDesk is a media and events company, not a crypto exchange. No one “trades with us.”

There is no Linda Xie at CoinDesk. The phishers may have been impersonating a former Coinbase executive by that name.

The grammatical errors were a red flag. Another is that the email was sent from a Gmail address. Any legitimate email from a CoinDesk staffer would come from an “@CoinDesk.com” address.

Unfortunately, the recipient still fell for the ruse and sent the phishers $17,000, according to a subsequent email the victim received which CoinDesk reviewed. (Subject line: “Fault and bridge [sic] of contract warning.”)

If you or someone you know receives an email resembling the one above, DO NOT SEND ANY MONEY. Again, forward any suspicious messages to fraud@coindesk.com.

UPDATE (Oct. 26, 2021, 01:15 UTC): Adds section at bottom about recent email scam.