Protecting Your Crypto Portfolio

At Gemini, security has been our top priority since our founding. The Gemini team continually monitors for new types of online scams and adjusts our security practices to ensure we are protecting our customers and staying ahead of bad actors.

Educating our customers about the actions they can take to protect their account is an important part of these efforts. We want to remind you of some best practices for identifying scams so that you can protect your crypto portfolio in 2025 and beyond.

Helpful Tips for Identifying Scams

Be Wary of Urgent Requests

Gemini does not typically send communications that request you to take urgent action, but scammers do. Many scams rely on heightened emotions – such as panic, curiosity, or desire for reward – exploited by a message or website. Any email or offer that seems too good to be true, or which demands immediate action for damage to be averted or rewards collected, should be calmly scrutinized. There is usually time to do proper research before clicking a link, downloading an attachment, or divulging sensitive information.

Check the Sender

• Make sure the email was sent from a “gemini.com” URL. Bad actors can display any name they want next to the email address to try to appear legitimate. If the display name says “Gemini” but the “from” email address is not a “gemini.com” URL, the email is not from Gemini. Gemini sends transactional emails from ,marketing emails from , and customer support emails from . For more information on how to inspect the email header, check with your personal email provider.

• Review the sender’s name and email address for typos. Sometimes, bad actors use names and email addresses that appear legitimate but contain a slight error. For example, a fake email address might be missing a letter, contain an extra letter, or use a number in place of a letter. If the sender’s name or email address contains a typo, the email is not from Gemini.

• Check the “reply-to” address. Bad actors can also alter the “from” email address so that it appears legitimate, but when you reply to the email, it gets redirected to a different, fake email address. For information on how to examine the “reply-to” address, check with your email provider. If the “reply-to” email is not a “gemini.com” URL, the email is not from Gemini.

• Open a new support ticket. If you spot any of the above red flags or have any questions about the legitimacy of an email, do not reply to the email. Instead, reach out to Gemini’s support team here to verify it.

We Will Never Text You

Gemini will only call customers in special cases upon request and after coordinating a date and time via email correspondence. Gemini Customer Support does not support inbound phone calls, and Gemini will never instruct you to call a certain phone number to reach our Customer Support. We will never text you, so please do not engage with texts or unknown phone calls claiming to come from Gemini, as bad actors can spoof the phone numbers of legitimate companies like Gemini.

Never Share Personal Information or Login Information

Gemini Customer Support associates will never ask you to share personal or login information, including usernames, passwords, or two-factor authentication (2FA) codes, nor will they ask you to forward an email, share codes of any kind, or install any remote access software on your device.

Check the URL

When logging in to your Gemini account or searching for customer support information, take a close look at the website URL to ensure that it is a “gemini.com” URL. Bookmark the Gemini login page and Gemini Customer Support page on all your devices, and always use the bookmark when logging in to your account or contacting Gemini Support. Do not rely on social media or search engine results to identify the appropriate Gemini URL.

Ask Questions

Even after you’ve taken the above steps, don’t be afraid to ask questions. If you’re concerned about the legitimacy of a person, company, or investment opportunity, remain skeptical. This is especially true if someone is asking you to send them money with a sense of urgency.

Common Scam Examples

Below are examples of common scams impacting customers across the technology and finance industries, including crypto companies.

Tech Support Scams

Tech support scams prey upon people’s fear that their email, bank, or cryptocurrency account has been compromised. In this scam, a bad actor will call, text, or email a target and state that their account has a security concern (e.g. an unrecognized login attempt or a new phone number). The scammer will then ask for the customer’s account credentials, two-factor authentication codes, or ask the customer to download remote software to access the customer’s account in order to ‘fix’ their account after it was supposedly compromised.

Scammers also may use sophisticated means to appear legitimate, such as spoofing customer support emails or phone numbers. Follow the above best practices to ensure that you are communicating with a legitimate representative of the company claiming to be contacting you.

Fake Regulatory Action

Scammers may contact customers with false information that a company is subject to a supposed regulatory action (e.g. a bankruptcy or settlement with a regulator) that requires customers to transfer their funds off of the company’s platform to a private wallet. In this scenario, the bad actor will typically try to create a sense of urgency that immediate action is required for the target to avoid losing access to their assets. In reality, no such regulatory action exists, and the scammer is guiding the target to transfer their crypto into a wallet that the scammer operates.

Similar to tech support scams, scammers may use sophisticated means to appear legitimate. Remain vigilant by following the best practices above. Email if you have any concerns about an email purporting to be from Gemini.The Investment Club Scam

In an investment club scam, bad actors will contact people through messaging apps and social media sites claiming to help others make huge gains with crypto investing. The scammer will convince people to follow their guidance and either direct them to a fake crypto investment website the scammer operates or open an account at a reputable crypto exchange. From there, the scammers guide the target to deposit fiat and then withdraw crypto to a wallet the scammer operates.

The Fake Website

Scammers may create copycat websites for well-known companies and encourage a customer to enter their login credentials and 2FA codes, which are then taken and used by the bad actor. Additionally, scammers list fake support phone numbers and emails on fake or legitimate websites. When the target calls or contacts the listed information, the scammer will pose as a support employee and either request the person’s account credentials or request remote access, allowing them to access the target’s account.

Fake Crypto Recovery Firm

By posing as a legitimate crypto recovery firm, bad actors may claim to help targets locate previously stolen crypto. These scammers will post on online forums like Reddit, Discord, or in the comments of crypto-related videos and social media looking for potential targets.

Romance Scam

In a romance scam, bad actors may pose as an interested romantic partner to take advantage of those looking to find companionship. These scammers will often find their targets on dating apps, social media, or messaging apps and develop a relationship. Once they sense the target is comfortable, they will ask the target to send crypto, sometimes giving a reason for great urgency (e.g. medical expense, frozen bank, taxes) or to help build their future together (e.g. buying a home, car, or new job expenses).

These scams may last for a significant period of time and are commonly known as pig butchering. To read more about pig butchering and how to identify it, .

SIM Swap Scam

By acquiring a target’s name and phone number through fraudulent means and using that information, scammers may hack into systems connected to the target’s phone. One of the more common attacks is called SIM swapping, when an unauthorized individual tricks a mobile carrier into switching an existing phone number to a different device. The unauthorized individual can then intercept texts and calls, including two-factor authentication (2FA) confirmations sent via SMS.

Employment Scams

In this type of scam, bad actors will create fake businesses and solicit targets by email, SMS, professional profiles, and social media sites. The scammer will promise employment, but ultimately aim to steal the individual's personal data, money, or cryptocurrency. The scammer ‘hires’ the individual and asks for bogus fees upfront. They may also ask the job seeker to fill out an application to gather their personal and financial details.

Moving Forward

At Gemini, we remain dedicated to staying ahead of the latest scams and arming our customers with the information they need to keep their accounts safe. Reviewing these best practices and common types of online scams will be instrumental in our industry’s fight against bad actors. Always remember you can email if you receive an unexpected email from Gemini.

Onward and Upward,
Team Gemini

*This post was updated on May 8 to reflect new scam threats. The preceding examples are not a comprehensive list of all possible risks. Suggestions for avoiding online scams do not guarantee your security. You should always exercise caution online and when transacting in digital assets. Transactions in digital assets may be irreversible, and, accordingly, losses due to fraudulent or accidental transactions may not be recoverable. The nature of digital assets may lead to an increased risk of fraud or cyber attack. *