Phishing is an attack that attempts to steal your money or identity. This is done by having you enter personal information - such as credit card numbers, bank details, or passwords - on websites that pretend to be legitimate. Cybercriminals pose as normal businesses, friends, or acquaintances in a fake message that contains a link to a phishing website. For more information about recognizing fake messages, please refer to this support page.
You are also sometimes asked to take actions to further secure your account. These links may contain malware or ransomware, but can also be used to commit bank help desk fraud. For more information about bank help desk fraud, please refer to this support article.
These fake websites also use the name Bitvavo. In this article we explain when you are dealing with a fake Bitvavo website and when you are dealing with the real website.
How can you recognize fake websites?
We have listed some examples that will help you distinguish the fake websites from the real ones.
- The real Bitvavo website always ends in .bitvavo.com. If the link you receive differs from this, or the page the link takes you to differs from this, you can assume that it is a fake. You can see an example of this in image 1 below. If you have any doubts, please contact fraud@bitvavo.com.
- The links on the real Bitvavo website always point to other Bitvavo pages (which also end with the same domain). If you are in doubt, we recommend that you hover your mouse over the links/buttons to see which page the button actually links to.
- The real Bitvavo website never encourages downloading external software (e.g. virus scanners or wallets). You can see an example of this in example 2 in the first image.
- Misinformation is often shared on fake websites. In example 3 in the second image, you can see the scam website claiming that we always call customers from an anonymous number. This is not true. This helps the scammer's action seem more plausible.
What should I do if I've clicked on a fake website?
If you've accidentally clicked on a fake website (and have possibly shared data with the scammer), we recommend that you follow the steps below as soon as possible:
- Change the passwords of both your email address and Bitvavo account to strong and unique passwords.
- Set up 2FA. We also advise you to protect your email address with 2FA.
- Did you click on a malicious link on the fake website? Call a computer specialist and have them investigate whether you have accidentally installed a malicious extension in your browser, a rogue application on your computer, or any other potential danger (malware/ransomware) on your computer.
- Email all details, including the fake website URL and a screenshot of the page, to fraud@bitvavo.com so we can check your account.