Cryptocurrency exchanges are digital platforms where you can buy, sell, exchange or store your various cryptocurrencies.  There are many legitimate cryptocurrencies.  Luno is a secure cryptocurrency exchange founded in in 2013 with millions of clients in many countries.  Recently many Luno clients suffered data breaches and had their accounts stolen, however, the fault was not in Luno, but rather the individual clients who fell victim to a common socially engineered phishing scam.  The targeted victims each received an email that appeared to come from Luno indicated that an incoming payment to their account was being placed on hold due to an error in their profile data.  The email contained a link which the victim was instructed to click on to go to what appeared to be the legitimate Luno login page.  This phony login page is copied below and looks quite legitimate, however, the URL of the linked page, upon closer examination is not a URL of Luno.  Victims falling for the scam typed in their email address, password and mobile number, but were then taken to a page indicating a 403 error.  Unfortunately, at this point the victims had turned over their account information and password to the scammers who promptly emptied their accounts.

The fake login page looks like the real one, although with an entirely different URL


They key to avoiding devastating phishing scams like this that attempt to steal the access credentials to your financial accounts is to use dual factor authentication whenever possible.  Luno does provide for dual factor authentication for all accounts so even if someone was duped by the socially engineered phishing email and provided their personal information including their password, their account would not have been in jeopardy if they had dual factor authentication because the scammer would not have been able to access the account merely using the stolen password.  Always use dual factor authentication whenever it is offered and particularly with financial accounts.

You also should be wary of any email or text message that asks you to provide personal information such as your username and password for any account.  Trust me, you can’t trust anyone.  Whenever you get such an email or text message, you should carefully confirm the email address of the sender and the URLs of any links.  You should also avoid clicking on any links unless you have confirmed that they are legitimate because merely clicking on an infected link can download harmful malware, such as ransomware or keystroke logging malware that can lead to your becoming a victim of identity theft.

For those of you receiving the Scam of the day through an email, I just want to remind you that if you want to see the ever increasing list of Coronavirus scams go to the first page of the website and click on the tab at the top of the page that indicates “Coronavirus Scams.”  Scamicide was recently cited by the New York Times as one of three top sources for information about Coronavirus related scams.

If you are not a subscriber to and would like to receive daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of and insert your email address where it  states “Sign up for this blog.”