Scammers may attempt to send fake text messages or emails that look like they’ve come from Uphold. Their goal is to get you to reply with your personal or financial information.
Typically, they’ll:
- encourage you to take urgent action;
- ask you to verify new payees, transactions or devices;
- look similar to real messages. They may show up in the same thread as genuine messages you’ve received from an organization.
If you've received an email or SMS you believe is suspicious:
❌ Don't:
- Click on any links
- Download any attachments
- Reply
✔️ Do:
- Report the message to us at fraudprevention@uphold.com. We may ask you for a screenshot.
Smishing is a type of social engineering attack that involves tricking individuals into revealing sensitive information, such as login credentials, credit card numbers, or personal information, by sending text messages (SMS) that appear to be from a trustworthy entity. The goal of a smishing attack is to steal sensitive information, either directly or by using it to gain unauthorized access to an individual's accounts or financial information.
Smishing attacks often come in the form of a text message that appears to be from a legitimate source, such as a bank, online retailer, or well-known technology company. The message may contain a sense of urgency, such as a request to update account information or a warning of a potential security breach, and includes a link or phone number that the recipient is instructed to click on or call.
For example:
SMS Phishing: An individual may receive a text message that appears to be from their bank, asking them to click on a link to update their account information. The link leads to a fake website that is designed to look like the bank's website, where the individual is prompted to enter their login credentials. The attacker then uses this information to access the individual's bank account and steal their funds.
Phone Call Phishing: An individual may receive a phone call from someone posing as a representative from a trustworthy entity, such as a bank or technology company. The attacker may use personal information that is easily accessible online, such as a person's name and address, to build trust and make the individual feel more comfortable with providing sensitive information.
Smishing attacks are becoming increasingly sophisticated, and it can be difficult to detect a fake text message or phone call. It is important to be vigilant and to never enter sensitive information into a website or provide personal information over the phone without first verifying the authenticity of the request.
To protect against smishing attacks, you should use strong and unique passwords, enable two-factor authentication, and be wary of unsolicited text messages or phone calls that contain links or ask for personal information.
Phishing is a type of online scam that involves tricking individuals into revealing sensitive information, such as login credentials, credit card numbers, or personal information, by posing as a trustworthy entity. The goal of a phishing attack is to steal sensitive information, either directly or by using it to gain unauthorized access to an individual's accounts or financial information.
Phishing attacks often come in the form of an email, message, or website that appears to be from a legitimate source, such as a bank, online retailer, or well-known technology company. The message or website may contain a sense of urgency, such as a request to update account information or a warning of a potential security breach, and includes a link or attachment that the recipient is instructed to click on.
For example:
Email Phishing: An individual may receive an email that appears to be from their bank, asking them to click on a link to update their account information. The link leads to a fake website that is designed to look like the bank's website, where the individual is prompted to enter their login credentials. The attacker then uses this information to access the individual's bank account and steal their funds.
SMS Phishing: A phishing attack may also come in the form of an SMS message, asking the recipient to click on a link to verify their account information. The link leads to a fake website that looks like the company's official website, where the individual is prompted to enter their login credentials or personal information. The attacker then uses this information for fraudulent purposes.
Website Phishing: An individual may be directed to a fake website that appears to be the official website of a well-known company, such as a cryptocurrency exchange or payment processor. The individual may be prompted to enter their login credentials or personal information, which the attacker then uses for fraudulent purposes.
Phishing attacks are becoming increasingly sophisticated, and it can be difficult to detect a fake website or email. It is important to be vigilant and to never enter sensitive information into a website or respond to an email or message that appears to be from a reputable source without first verifying the authenticity of the request.
To protect against phishing attacks, you should use strong and unique passwords, enable two-factor authentication, and be wary of unsolicited emails or messages that contain links or attachments.