We want to make sure that you are safe and secure when dealing with Uphold. As you may have read in the media, there has been a big increase in ‘phishing’ attacks on the customers of financial institutions.

“Phishing” attacks take many forms, but share one goal: getting you to disclose your login credentials to unauthorized third-parties masquerading as legitimate firms.

Although 1.4 million phishing websites are created every month, there are some basic things you can look for to spot the fakes. In the case of Uphold, watch out for:

  • Website domain names designed to look like For example, instead of, you may see, which replaces the “O” with a “Zero”, or, which substitutes the “l” with a lowercase “i”.
  • Emails asking for sensitive data –  like passwords or bank account details –  in order to send funds to your account, or to post checks to your home address.
  • Emails with urgent “calls to action” containing grammatical errors and/or spelling mistakes.

What You Can Do

To avoid phishing scams, you can take some easy steps to protect yourself:

Avoid phishing websites

It’s easy to spot phishing sites when you know how. It’s all in the URL address. Each and every time you log-in to Uphold, you must check our URL. Below are browser examples of the legitimate website compared with fake websites impersonating Our genuine website is protected by an Extended Validation certificate and depending on your browser this will either display our company name Uphold, Inc [US] in the top left of the URL window, or our URL address in green or grey. Either is fine and you are on the genuine Uphold website. If you do not see our company name (in exactly the format above), nor the correct URL address ( the website is fake. Do not click on it or proceed with login.
Just close the page and report it to our support team. We are working hard to take down all malicious websites.

Don’t respond to emails asking for personal details

We never mention cash sums in emails, ask for passwords, or send you checks via the post.

If you get emails like this, trash them – they’re not from Uphold.

Below are examples of fraudulent emails you must avoid.


Do’s and Don’ts

  • Do check the URL address ( in the URL window. Depending on your browser this will either display our company name Uphold, Inc [US] in the top left of the URL window, or our URL address in green or grey. Either is fine and you are on the genuine Uphold website. If you don’t see either, stay clear. The site is fake.
  • Do bookmark our URL rather than using search-engine results every time you want to log-in.
  • Do check the spelling of Uphold in the URL and ensure a rogue character has not snuck in.
  • Do look out for emails with poor spelling or grammatical errors: the classic hallmarks of a scam.
  • On a mobile device, do make sure you’re on the Uphold website, by tapping and holding any hyperlink and checking the URL – it should say

An email on a mobile device appears to show the genuine Uphold URL. However, when the user taps and holds the link, it reveals a fake URL underneath. Always tap and hold links to reveal the true URL.

  • On a PC or laptop, do hover your mouse over any hyperlink to see the URL or web address of the webpage. Remember, it’s only us if it says
  • Our support team will never call you asking for log-in information.
  • Similarly, they’ll never email you asking for log-in information.
  • Last – don’t click any link you’re not sure about and contact our support team immediately if you have doubts! 

What we are doing to protect you

  • Constant monitoring – Our security teams are proactively monitoring the internet 24 x 7 x 365 for fake websites as well as major App stores, including: Apple iTunes App Store, Google Play Store, and other third-party app stores. On detection, we request immediate take-down of the fake website and apps.
  • Constant implementation of new security features as new solutions become available.
  • The introduction of regular security awareness updates to our members.

Remember, check our URL every time you log-in to Uphold. Never disclose your log-in credentials via email or over the phone to anyone. It’s that simple. Together we can beat phishing.