Phishing is a fraudulent act where a victim receives an email with instructions such as “Click here to confirm your details”, and where they are asked to enter personal information. It is a common practice used by phishers to try to illegally gain access to your account or your personal information.

The message may seem entirely legit, branded with a company’s logo that you know, but with a careful look, you are very likely to identify a foul play. Here are some important things to consider when it comes to a possible phishing scam.

Is the website that you’ve been directed to secure?

You can verify this via the padlock icon displayed in your browser’s address bar section. By clicking on the padlock icon, you’ll also be able to view any website’s SSL/TLS Certificate. Phishing websites most likely won’t have an SSL/TLS Certificate.

While we suggest that you don’t click on any suspicious link - just in case you do, the website URL might appear as something like rather than

Pay attention to what the sender is asking

Are they requesting sensitive information such as your bank account details or your password? Coinmetro will never ask you any of these questions nor will never threaten to deactivate your account if you do not comply.

Protecting Yourself Against Phishing

It’s extremely important to familiarise yourself with how phishing works and the measures phishers take to attempt to gain access to your Coinmetro wallet. We’ve written a guide on how to keep your account secure but here we’ll cover it here as well.

From time to time, Coinmetro may get in touch with you via email or by giving you a phone call. Before you respond, make sure that it’s coming from us. When we do get in touch with you, we will ask you security-related questions in order to verify your identity. Some of these questions may include the information you used to sign up for Coinmetro, such as your registered email address and your mobile number.

When you receive an email, be sure to check the sender's email address from the sender to verify that it’s legit. Email correspondence from us will always come from the or domains.

Coinmetro will never:

  • Ask for your password. Account privacy is yours and yours only. Coinmetro will never ask you for your password or attempt to gain access to your account.

  • Ask you to share your One Time Pin (OTP) pin with us. Requesting your OTP is one way how phishers gain access to your account. Never reveal this information to anybody because it should strictly be used by you only.

  • Ask for your two-factor authentication (2FA) code. Similar to the OTP code above, your 2FA code exists as an additional layer of security on your account. Be sure to never divulge this code to anybody.

  • Ask for your authorization links or to authorize your transactions. Authorization links are generated for customers to authorize transactions. There’s no reason why we will ever need to ask you for these links or to authorize transactions on your behalf.

  • Threaten to deactivate your account if you don’t perform an action. Phishers and fraudsters may threaten to deactivate your account as a way to fake urgency. We will never ask you to click on a link and then threaten to deactivate your account if you don’t. The only time Coinmetro will deactivate your account is when you have been acting in contravention of our Terms of Use or when you submit a request to close your account. In these scenarios, we'll guide you through a defined exit process.

    We will never require you to upgrade and close your account if you don’t upgrade. We’ve set two (2) tier account systems with deposit and withdrawal limits that apply to each level - the basis for this is that the more you want to transact, the more we need to know about you. When you’re approaching the threshold on one level, we may ask you to upgrade to the next level. If you don’t upgrade, you’ll remain on the same level with the same limits. We won’t deactivate your account if you don’t upgrade.

    If you have an existing support query with us, we may contact you to directly communicate about your submitted query.

At any time, if you’re unsure about any suspicious activity, please report it to us immediately at

Did this answer your question?