The recent boom in interest in cryptocurrency has seen an uptick in phishing attacks on cryptocurrency exchanges. It’s super important to us that our customers know the signs of phishing scams and how to avoid them. 

What’s Phishing? 

‘Phishing’ is a cybercrime where fraudsters pose as legitimate businesses to target people. They create fake websites, emails, adverts, SMS and phone calls. Phishing websites are sometimes created to look like Uphold’s website but they’ll ask you to give away sensitive information to scam you. With phone and SMS phishing the fraudsters will contact you saying they work for Uphold. The scammers will usually say your account is ‘at risk’ or that you need to move your money to a ‘safe account’. This is to make you panic so you’ll be more likely to move your money into their account without thinking twice. 

These messages & calls can be worrying and we want to make sure you know how to spot when you’re being scammed. Here’s how you know if it’s Uphold or not: 

We’ll only ever email you from: 

We’ll never: 

  • Ask you to move your money to a ‘safe account’ because your money is in ‘danger’.
  • Ask you to move your money to an alternative Uphold account.
  • Ask you for password details/PINs or sensitive information. 
  • Ask you for your full 16 digit card number or the 3 digits on the back of the card.

Our Social Media Channels: 

If you’re chatting with us over social media it’s important that you make sure it’s us! Here’s a list of our official social media accounts: 








How to Protect Yourself: 

A great way to stop phishing scams from being successful is by setting up 2-Step Verification (2-SV), you can read more about the benefits here. When you enable 2-SV you’ll be given a Security Key that you’ll use in your Authenticator App. The Authenticator App will generate a different Verification Code every 30 seconds, that you’ll need to withdraw funds from your Uphold account. As you’ll have your mobile with you it means that the scammer isn’t able to log into your account remotely, even if you gave out your username and password as a result of a phishing scam. 

If you’re still unsure about whether you’re speaking to us or not, take 5 and check the details or end the conversation and contact us directly through support.