Most common attacks are done using spear phishing techniques. That's where the attackers will first attempt to get access to other services that you use, mainly your e-mail or cell phone account. From there they will try to get access to your financial services. This is why it's very important to keep all of your online accounts secure, not just your LocalBitcoins account. By following these steps you can be sure that your account is protected from most security threats.
- Enable Login Guard from the security settings of your account to prevent logins to your account without an e-mail confirmation. This is not enabled by default for older accounts, please make sure it is turned on.
- Enable Two-Factor authentication on your LocalBitcoins account, this adds a second layer of security in case your password falls into the wrong hands. Make sure you do not store the backup code electronically, write them down and store the code safely. Enable it from your security settings.
- Use a different e-mail address for your LocalBitcoins account that is not used for anything else. Don't give this address out to your customers, use a separate e-mail account for customer correspondence. Gmail accounts are good as you can protect them with two-factor authentication.
- Review your login history & authorized browsers. From the account security settings you can view your account Login history and authorized browsers. It's a good habit to check these from time to time.
- Be wary of any images, links and other files that customers or unknown people send you, it can be an attempt to infect your computer with malware or worse. Run periodic malware and anti-virus checks on your computer.
- Don't use the same password on more than one site, instead use unique and randomly generated passwords. A password manager, like KeePass, allows you to do this without having to remember all your passwords. Using the same password on more than one site very dangerous, it can allow an attacker to get access to many of your accounts by knowing only one password.
- Enable Two-Factor authentication on services that support it, Google, Facebook, Dropbox all support it.
- Educate yourself on cyber security. Having knowledge is probably the best defence, read up on common attack techniques such as spear phishing to know how to identify potential attacks.
Verify
the buyer
If you are selling Bitcoins for a
payment method that is reversible you should verify that it is the buyer who is
making the payment with his own account.
When you receive a new trade, take a look at the buyer's LocalBitcoins profile
to gauge the reputation of the buyer. Go through the buyer's previous
feedback and his trading history.
On the page for the trade itself you will see a box showing security information of your buyer. Always view this information to get a picture of who your trading partner is, check whether the real name of his account matches the name attached to his payment. Check that the users IP address is from the same country as the payment is coming from. Below is an example of what the security information box looks like.
If you're selling using a payment method such as transfer with specific bank where the buyer's name is visible, limiting your advertisement to only users who has verified their ID with LocalBitcoins is a good idea.
On the page for the trade itself you will see a box showing security information of your buyer. Always view this information to get a picture of who your trading partner is, check whether the real name of his account matches the name attached to his payment. Check that the users IP address is from the same country as the payment is coming from. Below is an example of what the security information box looks like.
If you're selling using a payment method such as transfer with specific bank where the buyer's name is visible, limiting your advertisement to only users who has verified their ID with LocalBitcoins is a good idea.
Enable
first time buyer limits
A large part of fraud occurs from
new accounts. Setting first time buyer limits on your advertisement helps you
limit the risk you expose yourself to and any potential damage from fraudulent
buys. They prevent a no-reputation buyer sending high volume trade requests.
Setting the limits itself discourages the fraudulent buyers to contact you. See
more above in the section Setting up an advertisement.
Reversible
payments
Most of online payment methods are
reversible. The payment provider can take back a payment even after it has
arrived to your account. For example, PayPal payments are reversible up to 180
days.
In many countries, online banking is not protected by two-factor authentication. This means that whoever gains the control of user computer, using malware or otherwise hijacked computer, can do unauthorized bank transfers. This is an issue for SWIFT, SEPA and wire transfers. Receiving money from a stolen source may lead to freezing your bank accounts for the duration of criminal investigation. The way to mitigate this risk is to check that the buyer id matches the sender bank account name.
In many countries, online banking is not protected by two-factor authentication. This means that whoever gains the control of user computer, using malware or otherwise hijacked computer, can do unauthorized bank transfers. This is an issue for SWIFT, SEPA and wire transfers. Receiving money from a stolen source may lead to freezing your bank accounts for the duration of criminal investigation. The way to mitigate this risk is to check that the buyer id matches the sender bank account name.
Characteristics
of fraudulent activity
Scammers take advantage of the fact
that Bitcoin transaction are irreversible or they try to trick you into
releasing Bitcoins without sending payment. That's why it is important to never
release Bitcoins from escrow until you have payment. Even if it's a regular
buyer and someone you know, as once the Bitcoins have been released from
escrow, there is no way for you to get them back.
With reversible payments, scammers will attempt to pay using stolen credentials
or purchase proof. Requiring the buyer to have ID verified their LocalBitcoins
account, and always checking that the users real name matches that of the
payment information helps you stop these attempts.
In case you encounter a suspicious user you can always open a dispute for the trade and LocalBitcoins support will help you ensure a safe trade.
In case you encounter a suspicious user you can always open a dispute for the trade and LocalBitcoins support will help you ensure a safe trade.
Quick
tips on identifying scammers
- Fraudulent buyers are often in a hurry. The more a customer asks you to hurry/rush the more suspicious you should be, real customers always have patience.
- Fraudulent buyers often suggest doing all or part of the transaction outside escrow and then do not complete their part of the transaction.
- Be careful about photoshopped payment evidence, don't release Bitcoins until you have confirmed that you have received the money. You are not obliged to release a trade until you can verify that you have received the buyer's payment.
- Don't open any links that your trading partner is sending to you. If you must, use different browser than the one you are using.
- Don't visit websites other than Local Bitcoins site you're using with the browser that you're using to trade. Use a different browser for other websites.
