🔐 Security Alert: Protect Yourself From Social Engineering Attacks

We want to make you aware of an increasing threat from a growing cybersecurity risk: social engineering attacks — a tactic used by cybercriminals to try and manipulate you into revealing confidential information or performing unauthorized actions, often by acting like support staff or customer service, or impersonating trusted sources like BitPay.

At BitPay, your security is our top priority. That’s why we’re sharing this guide to help you recognize and avoid social engineering attacks.

Your awareness is the first line of defense. Staying vigilant can help stop fraud before it starts.

What Is a Social Engineering Attack?

A social engineering attack is when a cybercriminal tries to trick you into revealing sensitive information or taking an action that compromises your security. These scams often involve impersonating trusted companies—like BitPay—through various communication channels, often including customer service or support channels.

Attackers may reach out to you via:

• Email

• Phone calls

• Text messages

• Social media

Their goal? To gain access to your personal data, account credentials, or funds.

How to Tell If It’s Really BitPay Contacting You

When it comes to cybersecurity, knowing what real communication from BitPay looks like can help you quickly identify threats. Here are some key signs:

✅ BitPay Will Never:

• Ask for your account password

• Ask for your 2FA (two-factor authentication) codes

• Ask for your private keys, seed phrases, or recovery phrase

• Provide support using any social media channel (i.e. Facebook, TikTok, Reddit or X)

If you’re ever asked to share this kind of information, it’s a scam.

✅ BitPay Official Emails Only Come From:

• @bitpay.com

• @e.bitpay.com

• @em.bitpay.com

Be on the lookout for lookalike domains, even a single letter off or misspelling could signal a phishing attempt.

✅ Real BitPay Messages:

• Are clearly written and professional without any misspellings or typos

• Do not use fear tactics or pressure to act immediately

• Will never ask for urgent payment or “account verification” via unsolicited messages

Red Flags to Watch For

Not sure if a message is legitimate? Look out for these common warning signs:

 🚩 A sense of urgency or threat (“Your account will be locked in 30 minutes!”)
🚩 Unexpected links or attachments
🚩 Requests for sensitive personal or financial information
🚩 Misspelled words, strange grammar, or formatting errors

What to Do If You Receive a Suspicious Message

If something feels off, trust your instincts. Here’s what to do:

• Do NOT click on links or download attachments

• Do NOT respond to the message

• Contact BitPay directly:

  • Use BitBot at our official support page: https://support.bitpay.com

  • Or email us at support@bitpay.com

Stay Vigilant. Stay Safe. Stay Informed.

Social engineering attacks rely on human error—and that’s why awareness is your best defense. By understanding how scammers operate and knowing how BitPay communicates, you can better protect yourself and your digital assets.

We’re here to help. If you ever have questions about the authenticity of a message, don’t hesitate to reach out.