How to protect yourself from phishing and smishing: Bit2Me security guide

How to protect yourself from phishing and smishing: Bit2Me security guide

At Bit2Me, your account security is our top priority. These attacks aim to steal your login details or funds by impersonating our company through two main avenues: phishing (fake emails) and smishing (fraudulent text messages). Below, we explain how they work and what steps you can take to protect yourself.

• What is phishing and how does it affect you?
• The 7 golden rules to identify and avoid fraud
• What should you do if you click a suspicious link?

What is phishing and how does it affect you?

Phishing is a fraud technique where attackers send communications (emails, SMS, chat messages) that appear legitimate, imitating Bit2Me's visual identity and language. The main goal of these frauds is to trick you into clicking a malicious link or entering your credentials (password, 2FA codes) on a fake website.

The 7 golden rules to identify and avoid fraud

To secure your account, you should be familiar with Bit2Me's communication patterns and keep the following in mind:

1. Be wary of SMS messages asking you to take action: smishing: Text messages are one of the most frequent fraud vectors, precisely because they arrive directly on your mobile and create an immediate sense of urgency. This technique is known as smishing (SMS + phishing) and always follows the same pattern: an urgent-sounding message with a link that asks you to do something now.

   • SUSPICIOUS: SMS messages pretending to be from Bit2Me, indicating that your account has been suspended, that an operation is pending confirmation, or that you must verify your data immediately.

   • SUSPICIOUS: Messages that include shortened links (bit.ly, tinyurl, or others) or domains that are not exactly https://bit2me.com. 

   • SUSPICIOUS: SMS messages that include a phone number you should call to "resolve the problem."

   • OFFICIAL: Bit2Me will never send you an SMS with a direct link to log in, confirm security data, or authorize any operation. If you receive one, it is not from us.
     
     

2. Verify the email address: The most important indicator of authenticity is the sender's domain.
   • OFFICIAL: Bit2Me communications always come from verified official domains, such as @bit2me.com.

   • SUSPICIOUS: Domains with misspellings or slight modifications (e.g., @bit2me-soporte.com, @bit2me.net, @bit2meapp.com).
     
     

3. Analyze the links: Before clicking any link, hover your mouse over it (without clicking!):

   • OFFICIAL: The URL must direct you to the main domain: https://www.bit2me.com/ .

   • SUSPICIOUS: Any link that directs you to a URL that is not the main domain (e.g., bit2me.xyz/login).

   • Tip: If in doubt, DO NOT CLICK. Instead, open your browser and manually type www.bit2me.com to log in securely.
     
     

4.  Urgency is a fraud tactic: Phishing and smishing attacks always try to create panic or urgency to make you act without thinking. If a message pressures you to act immediately, it is a clear warning sign. Take a moment, breathe, and verify the source before doing anything.

   • SUSPICIOUS: Messages that say "Your account has been locked" or "Your balance will be suspended in 2 hours."

   • SUSPICIOUS: "We have detected unauthorized access to your account. Verify your identity now or you will lose access."

   • SUSPICIOUS: "Your withdrawal of €2,500 is pending confirmation. If it's not you, cancel it now."
     
     

5. Never share your credentials or 2FA codes: Bit2Me will never ask you for sensitive information via email, SMS, or phone call:

   • SUSPICIOUS: We will never ask for your password, your recovery phrase (seed), or your Two-Factor Authentication (2FA) codes through any external means.

   • Key Tip: If you receive a 2FA code or a verification code that you did NOT request, ignore the message. It is a sign that someone is trying to access your account. Do not click on any links attached to that message.
     
     

6. Use Bit2Me Verify for source confirmation: If a representative, partner, or external source claims to be Bit2Me, you can and should verify their authenticity:

   • KEY STEP: Confirm the authenticity of the source in question by using Bit2Me Verify at https://bit2me.com/es/verificacion 

   • Important: Make sure it is an authorized Bit2Me representative. Avoid interacting with unauthorized or unverified sources, and do not share your account details with them.
     
     

7.  Official contact channels only: Only use secure and verified channels to access and contact Bit2Me:

   • OFFICIAL: Always use the official website (www.bit2me.com) and the official Bit2Me mobile application.

   • OFFICIAL: If you need further assistance, do not hesitate to contact the Bit2Me support team via the support chat available on our website or app.

What should you do if you click a suspicious link?

Immediate actions you can take:

• Change your Password: If you have the slightest suspicion of having entered your data on a fake site, change your password immediately from the official website.
• Activate 2FA: Make sure Two-Factor Authentication (2FA) is active on your account. It is the most important layer of security.
• Report Phishing: If you receive a suspicious email or SMS, forward it to support@bit2me.com so our security team can investigate it and block the attacker.