Remember: cryptocurrency transactions are irreversible. Once a transaction leaves your account, funds cannot be recovered. Kraken is unable to reverse or recover funds for you, so please do not reach out to request this.
As a Kraken client, it's important to be aware of the various scams and phishing attacks that can target your account. We are here to help you protect your account and avoid falling victim to these malicious activities.
Please note:
- •If you receive a Kraken Support email from any other address besides @kraken.com, @futures.kraken.com, or @email2.kraken.com, please do not click on any links that may be provided, as they are not legitimately from Kraken Support and should not be trusted.
For more information see Is this email from Kraken?
- •Our marketing emails are sent via the domain @marketing.kraken.com,@email.kraken.com, or @rewards-email.kraken.com and can be considered safe if you receive them in your inbox.More email addresses can be found here.
- •Kraken's social media team provides general support, but never give them sensitive information.
Phishing scams
Phishing scams are a common threat to Kraken clients, where scammers try to trick you into revealing your login credentials or sensitive information, most commonly through links.
How do phishing scams work?
- •Scammers create fake websites that mimic Kraken's platform, with a different, but very similar URL. (Kraken’s official sign-in URL is: https://www.kraken.com/sign-in).
- •Unsolicited emails or texts ask you to click on links or sign in to your account. This could be from someone impersonating Kraken or another trading platform or wallet provider.
- •These links will lead to malicious websites that request your username, password, or wallet seed phrase.
How to protect yourself:
- •Bookmark Kraken's website: Avoid using search engines to navigate to Kraken's site. Bookmark https://www.kraken.com/sign-in instead.
- •Verify website addresses: Ensure the URL starts with "https" and has a closed lock icon.
- •Never click on links in emails or texts: Instead, navigate to Kraken's website manually.
- •Keep your passwords a secret: Never disclose your 12 or 24 wallet seed phrase online.
- •Use PGP email encryption: Verify the legitimacy of Kraken's emails using PGP encryption.For more information, see What is a PGP/GPG encryption?
Kraken will never ask you for:
- •Your passwords.
- •Removal of 2FA methods or Master Key.
- •Access to your devices via remote desktop access software like AnyDesk or Teamviewer.
Imposter scams
Impostor scams are a growing threat to individuals, where scammers impersonate employees from legitimate businesses to gain access to your devices and steal your cryptocurrency.
What is an imposter scam?
- •You receive an unsolicited phone call or email from someone claiming to be from a legitimate business, such as Apple, Amazon, or Microsoft.
- •The impostor claims that you have a refund for an item that was returned, but requires you to make a payment or install remote access software.
- •The impostor convinces you to install remote access software, such as AnyDesk or Teamviewer, to gain access to your device.
- •Once the impostor gains access, they will instruct you to sign into your online bank and make it appear as though too much money was refunded to your account.
- •The impostor will attempt to withdraw your money from your bank to a cryptocurrency platform account, which they will then use to convert your money to cryptocurrency and withdraw it to their wallet.
How to protect yourself:
- •Verify the caller's identity: Do not rely on the caller ID, as phone numbers can be changed to display anything.
- •Navigate to the company's legitimate website: Find the company's phone number on their legitimate website, rather than using a search engine.
- •Hang up on unsolicited calls: Hang up immediately on unsolicited calls from businesses that offer "refunds" or claim to fix your device.
- •Secure access to your devices: Refuse to install remote access software, as this can grant the impostor complete access to your device and allow them to steal your sensitive information.
Unregulated broker scams
Unregulated broker scams are where scammers pose as investment advisors or traders to steal money from unsuspecting investors. They will often guarantee profits and will request that you only fund your account with cryptocurrencies.
Red flags to look out for:
- •Unsolicited cold calls, emails, or social media private messages.
- •Pressure to invest immediately.
- •Claiming to be part of a regulated or legitimate trading platform.
- •Refer to themselves as an "investment advisor", "broker", or "account manager".
- •Provide "promotional" offers.
- •Offer "bonuses" to those who deposit larger amounts.
- •Do not allow you to fund your account directly.
- •Demand you to pay a "tax", "fee", or "commission" to withdraw your profits.
- •Will require the use of Remote Access Software.
- •Unable to explain how they got your contact information.
How to protect yourself:
- •Learn about how unregulated broker scams work and how to avoid them.
- •Be wary of offers that seem too good to be true.
- •Research the trading platform and verify its legitimacy.
- •Stick with well-known and popular trading platforms that are well-established and trusted.
- •Put the company's name + "scam" into Google to find results regarding the company's legitimacy.
- •Get information about fees and rates upfront and in writing.
Phone scams
Phone scams are a growing threat to Kraken clients, where scammers try to trick you into revealing sensitive information about your account through a fraudulent phone number.
Types of phone scams:
- 1.Outbound phone support scams:
A scammer calls you, pretending to be from Kraken's support team, and asks for sensitive information to gain access to your account. - 2.Inbound phone support scams:
A scammer uses a fake phone number to impersonate Kraken's support team and asks for sensitive information to gain access to your account.
How to protect yourself:
- •Verify phone calls: If you receive a call from someone claiming to be from Kraken, but you didn't request the call, hang up immediately and report the incident to Kraken's support team.
- •Use bookmarked links: Bookmark support.kraken.com and use it to navigate to Kraken's phone number, which can be found here: How to contact Kraken Phone Support
- •Be cautious of search engine results: Do not use search engines to locate Kraken's support phone number or website, as this may lead to fake results.
Kraken will never ask you for:
- •Password.
- •Two-Factor Authentication Code.
- •Device Approval Code.
- •Wallet Addresses or seed words.
- •Master Key.
- •Remote access to your computer.
- •Changes to your security settings.
Investment scams
Investment scams are a growing threat to individuals in the cryptocurrency industry, with many new companies being introduced, scammers now use various tactics to steal money from unsuspecting investors.
Types of investment scams:
- 1.Fake Investment/Broker Platforms:
Scammers create fake investment or broker platforms that mimic the look and functionality of legitimate trading platforms. They promise high returns with little to no risk and ask for deposits in cryptocurrencies. - 2.ICO (Initial Coin Offering) Scams:
Scammers use ICOs to raise money for fake or non-existent companies. They promise investors a new crypto coin in exchange for Bitcoin or Ethereum. - 3.Cloud Mining Scams:
Scammers offer cloud mining contracts that promise guaranteed returns, but are often transparent about the true costs and diminishing returns. - 4.Multi Level Marketing (MLM) Scams:
Scammers use MLM schemes to lure people in with promises of extraordinary profits. They operate by taking money from new investors to pay previous investors.
How to protect yourself:
- •Check the platform's registration status through reliable financial regulatory websites.
- •Conduct thorough research by checking multiple sources for any red flags or warnings from other investors.
- •Read the fine print and ensure that the company's claims are feasible and not too good to be true. If it does seem to be too good to be true, it likely is.
- •Approach new investment platforms with caution and conduct thorough research before investing.
- •Be cautious of companies with few or no online reviews.
- •Be wary of companies with little to no information available outside of their website.
Romance or impersonation scams
Romance or impersonation scams are where scammers pretend to be a well-known or trustworthy person in your life to steal money from unsuspecting victims. This is a common scam and the impersonation can take many forms, both personal and impersonal. Romance or impersonation scams can be sophisticated and convincing.
Types of romance / impersonation scams:
- 1.Impersonation of famous people:
Scammers create fake social media accounts impersonating famous people and ask you to send cryptocurrency to a specific website. - 2.Relative scam:
Scammers pretend to be a distant relative or a lawyer claiming a relative of yours is in jail or legal trouble. - 3.Romance scams:
Scammers use online dating sites and apps to manipulate your feelings and force you to send them funds.
How to protect yourself:
- •Verify the person's identity: Ask for a video call to see if the person is real or just a photo taken from another profile.
- •Be cautious with personal details: Never give out financial details and be careful with any details you provide.
- •Watch for red flags: If you notice a sense of urgency in their requests for details about you or a need for funds, this should be a red flag.
- •Take your time: Take your time to feel out this person's intentions and whether they are legitimate or merely trying to scam you out of your crypto.
Crypto giveaway scams
Crypto giveaway scams are a common type of social engineering attack used to convince you to send cryptocurrency to scammers often found on social media platforms.
What is a crypto giveaway scam?
- 1.A hacker will compromise or impersonate a prominent public figure or company and claim to be giving away cryptocurrency. For example; fake giveaway accounts on X may have a blue verified check mark, making them appear more legitimate or on YouTube may showcase a celebrity livestreaming with bots commenting they received the giveaway.
- 2.To participate in the crypto giveaway, you must first send an amount of cryptocurrency to the address they advertise.
- 3.In many cases, they will promise to send back double what you send them.
- 4.They will often use fake accounts to leave comments and make it look like people are actually receiving the cryptocurrency.
How to protect yourself:
- •Almost all types of crypto giveaways are scams.
- •Be aware of the fear of missing out (FOMO) tactic used by scammers to rush you into a bad decision.
- •If someone offers you a giveaway or asks you to send cryptocurrency, be cautious and do not send any funds.
- •Verify the authenticity of the giveaway and the person or company behind it.
- •Crypto transactions are irreversible, meaning there is no way to get your cryptocurrency back.
Employment scams
Employment scams are a growing threat to job seekers, where scammers promise gainful employment but ultimately steal your money or cryptocurrency.
What is an employment scam?
- •You're offered a job without an in-person or virtual interview.
- •You're asked to receive money via a cheque or deposit to your bank account.
- •You're instructed to withdraw a portion of the money, convert it to cryptocurrency, and send it back to the company.
- •The money you received is likely from an unknowingly compromised bank account or from illicit activity.
How to protect yourself:
- •Be cautious of unsolicited job offers: Be wary of job offers that come through unsolicited emails, text messages, or social media messages.
- •Research the company: Verify the company's legitimacy and reputation before applying or accepting a job offer.
- •Never send cryptocurrency or money to an unknown entity: Refrain from sending cryptocurrency or money to an unknown entity, especially if it's part of a job offer.
Government scams
Government office scams are where scammers pose as government officials, utility companies or other business entities to steal money from unsuspecting victims by demanding a debit to be paid immediately.
Red flags to look out for:
- •Scammers call you and demand payment of a debt, often using threats of arrest or jail if you don't comply.
- •Scammers ask for payment in the form of cryptocurrency, which should be an immediate red flag.
- •Scammers pose as government officials or utility companies, such as the IRS or a local power company.
How to protect yourself:
- •Stop and think, why would a government official call and not send a postal message? Almost all communications with the government begin with mail or an official document.
- •Be wary of cryptocurrency requests: Most governments only accept their own currency, so a request for cryptocurrency should be an immediate red flag.
- •Verify the caller's identity: If you feel that the person who contacted you is not an official representative of the entity/agency, cease contact immediately.
- •Contact the legitimate organization directly: Find the link to the legitimate organization they say they represent, and contact them for verification.
- •Don't call the number used to call you: Instead, search for the legitimate number of the organization and reach out to them directly.
Situational scams
Situational scams occur when scammers take advantage of unsuspecting or vulnerable people during large events, such as natural disasters or holidays.
Types of situational scams:
- 1.Natural disasters:
Scammers create websites or Facebook groups claiming to collect funds for disaster relief and ask for cryptocurrency to be sent. - 2.Holidays:
Scammers offer good deals for in-demand products, such as electronics, video game systems, or other unique items, and demand cryptocurrency as payment.
How to protect yourself:
- •Ensure that the entities involved, such as charities or online retailers, are legitimate and reputable.
- •Don't rush into a decision, especially if the deal seems too good to be true.
- •Ask yourself why the seller is asking for cryptocurrency and not working within the confines of traditional online retailers.
- •Make sure you are dealing with a legitimate seller and not a scammer.
- •Be aware of the emotional appeal of situational scams, which can be designed to play on your emotions and cloud your judgment.
- •Don't let the pressure of a limited-time offer or a sense of urgency lead you to make a hasty decision.
Large purchase scams
Large purchase scams are where scammers try to steal money from unsuspecting buyers by selling expensive items such as apartments, cars, boats, concert tickets or high ticket items from places such as Amazon, Craigslist and AirBnB with cryptocurrency as the payment method. Large retailers don’t normally accept cryptocurrency and if they do, it will rarely be through a direct crypto transfer conducted over email.
Red flags to look out for:
- •The purchase price is much lower than typical market value, making it seem like a great deal.
- •The scammer will try to take communications outside of the official website, using emails that may be spoofed or designed to look like they are from the real business.
- •The email address may have a similar but different domain name, making it seem like it's from the official website.
- •The scammer will try to convince you to buy or sell the item outside of the legitimate retail website, which can be a red flag.
How to protect yourself:
- •Verify the seller's identity: Make sure you are dealing with a legitimate seller and not a scammer.
- •Research the legitimate website: Find the official website and verify the email address you are corresponding with.
- •Be cautious of low prices: If the price is too good to be true, it probably is.
- •Don't communicate outside of the official platform: Keep all communications within the official website or platform.