Hi Bitsafe teamI can't believe I used to recommend your service. Here's

1. Hi Bitsafe team
2.  
3. I can't believe I used to recommend your service.
4.  
5. Here's how your team's absolute incompetence and unwillingness to communicate lead to my account being blocked and 837€ missing.
6.  
7. First, a lesson in phishing.
8.  
9. I can't believe I need to spell out such obvious things, but here we are.
10.  
11. Phishing is a common way of stealing information from people, and it's been in use since the dawn of the internet. Anyone who has been online has heard of this scam technique.
12.  
13. Anyone who works within or close to the financial sector should be intimately familiar with how this scamming technique works.
14.  
15. Here's antivirus company Norton's article on phishing:
16. https://us.norton.com/internetsecurity-online-scams-phishing-email-examples.html
17.  
18. Here's the Federal Trade Commission's article on phishing:
19. https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
20.  
21. As we see from the FTC website, the common phishing scam begins with an email that looks to be from a legitimate source, and is suspiciously looking to gather information from the receiver.
22.  
23. Please take a moment to familiarize yourself with the traditional phishing scam.
24.  
25. Now, in the following video, you'll see how a scammer uses a similar domain attack to fool this Youtuber into giving away his account information.
26.  
27. https://www.youtube.com/watch?v=YIWV5fSaUB8
28.  
29. You might be thinking - oh that's just some dumb Youtuber.
30.  
31. No, this is Jim Browning, with over two decades worth of studying and fighting scammers on the internet.
32.  
33. Why did he fall for the scam? Because the attacker's url had "google" in it.
34.  
35. Note, the address didn't end in google.com, as any address would if it was from the Google-company. The word "google" was in the middle of the url.
36.  
37. That's what makes it a scam.
38.  
39. All that being said, you'd imagine a financial service institution of all things would NEVER ask for personal information without first establishing trust and authenticity of the message.
40.  
41. A financial institution would never ask for sensitive information with their company name in the middle of the url.
42.  
43. And yet, we have Sara.
44.  
45. Sara, from the "compliance team."
46.  
47. Sara, who is unfamiliar with common phishing techniques, doesn't understand basic online security, and lacks basic people skills.
48.  
49. Here's what happened today 21.10.2021.
50.  
51. I receive an email from Sara, which is surprisingly similar to a phishing scam email. In the email Sara was asking for personal information relating to my Bitsafe account. And while Sara addressed me by name, the domain she was writing from was not bitsafe.com. It was "bitsafe.support".
52.  
53. As a security professional, my alarm bells immediately went off. Getting an email like this out of the blue was strange to say the least.
54.  
55. So I asked Sara why she wanted to know these things.
56.  
57. No response. Sara's way too important to let a plebeian like myself know what's going on.
58.  
59. Confused, I went to the Bitsafe website to see what the actual contact address for the company is. And as you see in the attached image (img1.png).
60.  
61. The contact address clearly points to a bitsafe.com domain.
62.  
63. So I alerted Bitsafe that there's suspicious emails coming from a person claiming to be from Bitsafe.
64.  
65. But... here's Sara with a brilliant new tactic.
66.  
67. She somehow intercepts my email and sends me a new email from the original "bitsafe.support" address.
68.  
69. Does she react to the fact that her communication looks like a phishing scam? No. With no explanation as to who she is, she instead repeats her earlier inquiry about my personal information.
70.  
71. At this point I'm real confused, so I ask her to provide some proof or credentials that she's actually working for Bitsafe.
72.  
73. As we've noted, Sara doesn't do the communication bit with plebeians like myself, so there's no response.
74.  
75. This all stinks to high heavens, so I start doing some digging on Google and asking a couple of friends how this is supposed to work. I eventually find the "open support ticket" button in my Gmail, which leads me to the https://help.bitsafe.support/ site.
76.  
77. Why didn't Sara point me to this direction in the first place?
78.  
79. Why didn't Sara give any indication as to her motivations and reasons?
80.  
81. Why Sara? Why do you so torture us who are beneath you?
82.  
83. On this sacred support website, I now see the whole conversation and it's linked to Bitsafe, at least in name.
84.  
85. So I respond to the support thread, demanding some explanation as to what's going on. I still have no clue who Saint Sara is. I still have no reason to trust what she says, much less provide her with any sensitive details about my account.
86.  
87. But since I now have some semblance of trust that Bitsafe.com and this shoddy support site are somehow connected, I respond to her inquiry.
88.  
89. As for Sara's inquiry. She asks:
90.  
91. 1) Why did you open a Bitsafe account, where do you use it for?
92. 2) What is the source of your incoming funds?
93.  
94. Now, I realize Sara doesn't communicate on the same level as us normal ground dwellers. I realize it would be presumptuous of me to assume she meant literally what she wrote in the question.
95.  
96. But literal or not, when it comes to accurately assessing someone's financial background, these questions are as vague as they come.
97.  
98. Note that I have tried to ask for more information and for Sara to elaborate on her motivation to ask these questions, without result.
99.  
100. As such, my responses are accurate, honest and fair.
101.  
102. The first question: Why did you open a Bitsafe account?
103. My answer: For bank transfers.
104.  
105. This is true. I can't for the life of me think of another purpose for a bank account.
106.  
107. The second question, also known as the latter part of the first question: Where do you use it for?
108.  
109. Here of course lies the true poetry of Saint Sara. Instead of asking something a mere mortal like myself would comprehend like "What do you use it for," she asks "Where do you use it for." Which can mean a thousand things.
110.  
111. So I answer again: From bank transfers.
112.  
113. This is true. This is where I use it for. I probably made a grammatical error here though, so that's on me. I guess the correct answer would've been "Into bank transfers" or something like that.
114.  
115. The third question, which is also the second question: What is the source of your incoming funds?
116.  
117. And my answer: Bank transfers.
118.  
119. This is 100% true and this is where my incoming funds are sourced.
120.  
121. I imagine this is where Sara's high horse huffed and puffed and galloped away in a cloud of hubris, because suddenly "Bitsafe management" dropped in to respond to my questions.
122.  
123. Fortunately "Bitsafe management," while rude and unreasonable, was more responsive than Sara.
124.  
125. Unfortunately, "Bitsafe management" was also unwilling to listen to my wild claims about phishing and online security, and hurried to come up with reasons to block my account.
126.  
127. Bitsafe management promptly said their whole team, on the behest of Saint Sara, had declared a unified decision to shut down my account post haste.
128.  
129. No amount of reason would change their mind. They just wanted a copy of my bank statement so they could get my funds out of Bitsafe ASAP.
130.  
131. As I sent my details, their responsiveness soon died out, and I now have no idea whether I'm going to get my funds back, much less when I'll get my funds back.
132.  
133. You'd imagine a professional support rep would at least confirm receiving the documents requested.
134.  
135. Now, to be quite serious, due to the absolute ineptitude of these people, I'm now down 837 euro.
136.  
137. 401 euro is in transfer limbo. Will it ever arrive to the Bitsafe account? I don't know.
138.  
139. 436 euro is stuck on hold. Will it ever be returned to my other bank account? I don't know.
140.  
141. Was any of this necessary?
142.  
143. No.
144.  
145. If you had the slightest clue of how to run an online business, you'd make sure your customers know who, how and when will contact them.
146.  
147. Oh and you'd make sure the email addresses on your website are the same. Yes, it's only when I was looking for the COMPLAINT PROCEDURE did I notice that you also mention the "bitsafe.support" contact on your website.
148.  
149. See attached image (img2.png)
150.  
151. If Saint Sara would've just for a moment exercised even the slightest bit of customer care and informed me that this is the official Bitsafe support-email contact, we wouldn't be in this mess in the first place.
152.  
153. So what do we do, Bitsafe? When do I get my 837€?
154.  
155. I know communication isn't your strong suit, but if you need more information or whatever, could you please just let me know what you need so I can give it to you?
156.  
157. I don't want to have to drag this out for months and escalate such a non-issue to however many consumer complaints departments in Europe. I'm happy to close my account since you clearly don't want my business, but please let me take my money out first.
158.  
159. But make no mistake. If this isn't resolved in a calm and prompt manner and I don't have my money back within a reasonable timeframe, every financial protection organization will hear of this.