Right, confession time. I nearly got taken out by a scam call – and honestly, the only reason I didn’t is because one tiny detail didn’t add up.
Here’s what happened.
I’m at home, coding away, dinner on the go, brain in half-code mode. I get a call:
“This is Crypto.com security.”
They tell me:
“There’s been a login attempt on your account from Germany.”
I’m in the UK. Haven’t logged into the app in months. So yeah – eyebrow raised, but panic… engaged.Then they hit me with:
“We’ve had a breach and need to secure your account.”
The guy sounded professional, calm, knowledgeable – the full corporate script. Zero obvious scammer vibes. And because I was multitasking, the alarm bells didn’t hit immediately.
The Setup
- “Go to your coin withdrawal screen.”
- “See that greyed-out option? ‘Crypto On-Chain’?”
- “Before we close your account, we need to walk you through moving your funds to the Crypto.com On-Chain Wallet.”
Alright… could make sense? Maybe? They sound legit?
Then he drops the nuclear red flag:
“Go to onchain.uk.com”
My brain finally slaps itself awake.
That is NOT a Crypto.com domain.
I ask the obvious question:
“Why isn’t this on a crypto.com subdomain?”
He just “assures me” that it’s owned by Crypto.com.
No explanation. Just vibes.
Not good enough, son.
So I ask him to hold on tick and I start checking.
- WHOIS: domain registered 2 months ago 🚨
- Google search: “[domain] + scam” → yep, it’s a scam 🚨
- Legit Crypto.com support pages? Nowhere to be found 🚨
At this point I’m still half hoping he’s about to give a logical explanation… but he can’t. Because it’s a scam!The pressure ramps up:
“We need to do this NOW before your account is closed.”
Urgency = HUGE red flag!
The Moment the Mask Slipped
“Cool. Show me inside the Crypto.com app where I can find your call centre details. I’ll hang up and call back through the official number.”
He panics:
“Errr… you may not get through to me. I need to close the account down.”
Erm, what?!
“Yeah… the urgency. That’s a red flag for me mate! If you are who you say you are, you should have no issue with me doing a little due diligence…”
Silence.Then I ask:
“So what now then?”
Him:
“I’ll have to close the account down.”
Me:
“Crack on then, mate.”
And that’s when he flips into full douche mode – abusive, insulting, unprofessional. That’s the moment every doubt evaporated!I hang up.
The Clever Bit (Where They Nearly Got Me)
Earlier in the call, he directed me to create an anti-phishing code inside the real Crypto.com app. (I never told him the code.) Then I got an email from Crypto.com with that same code. I do the usual checks, reply address is legit, from address is legit and google have even marked it with a blue tick in my gmail so I know it came from the crypto.com domain.
For a moment, that made him look legit (in the heat of the moment at least). But here’s what I later realised:
He triggered a real failed login attempt, which caused Crypto.com to send a real security email with my anti-phishing code included. He then acted like HE sent it!
Social engineering 101:
Use the real system to gain trust.
The dude was slick, I’ll give him that. And honestly? The only reason I spotted half the tactics – even while distracted – is because we literally get trained on this stuff at work! (I’ll never moan about those courses again!) They break down the exact patterns scammers use. That absolutely helped me recognise the signs mid-chaos.
What I Learned
Look – I wasn’t perfect by any stretch! I should’ve clocked this way faster, but distraction is their weapon, and they used it well!
It reminded me of something a mate once told me when I used to cycle to work:
“Ride like everyone CAN’T see you.”
That advice kept me safe on the road and now I’ve got a new version:
“Treat everyone like a scammer… until they prove they’re not.”
How to Protect Yourself (For Real)
Here are the exact principles that saved me – practical, simple, and actually usable in the moment.
Never trust a caller who creates urgency
- “Do this NOW”
- “Your account will be closed”
- “Funds will be lost”
…it’s a scam every time. Real companies do not rush you on the phone.Never visit a domain read out over the phone
- crypto.com
- coinbase.com
- binance.com
…it’s not real and everything else is cosplay!Hang up and call the real company yourself.
Use:
- the official app
- the official number
- verified support channels
If they’re fake, they’ll panic!
Never move funds because someone asked you to
- ask you to withdraw funds
- tell you to move crypto to a “secure wallet”
- pressure you to transfer assets
Only scammers do that.
Don’t treat real emails as proof
Scammers can trigger:
- real login attempts
- real security alerts
- real anti-phishing emails
A real email only proves that Crypto.com sent an automated message, not that the person on the phone is real!
Keep 2FA on everything
Authenticator apps for sure, avoid SMS where you can and use hardware wallets for your coins (which I do for the majority, but like a div I left a little on the exchange! NOT ANYMORE!)
Assume they’re a scammer until proven otherwise
Trust no one and always verify! If they’re legit, they’ll pass the checks. If they’re not, they’ll crumble like a fresh cookie!
Final Thought
These scams are getting professional! None of the old school Indian call centre stuff. Real apps. Real emails. Real scripts. And they’re designed to hit you when you’re tired, distracted, or elbow-deep in a bolognese!
I didn’t lose anything – but I absolutely could have. However, on the up side…this has absolutely put me on high alert!! Passwords changed across the board as a precaution and I always use 2FA for pretty much everything that supports it anyway!
With that said, if this post stops even one person from falling for something similar, totally worth it!
Stay sharp. Stay suspicious and remember…
