The “Gemini verification code text scam” is a sophisticated type of phishing attack known as smishing (SMS phishing) that specifically targets users of the Gemini cryptocurrency exchange (or anyone who might be susceptible to a crypto scam).
The scam is designed to bypass security measures like Two-Factor Authentication (2FA) by leveraging fear and urgency.
How the Scam Works
The scam has two main steps:
Step 1: The Fake Alert (The Text Message)
You receive an unexpected text message that appears to be from Gemini (the cryptocurrency exchange). The message typically contains an urgent, alarming alert and a fraudulent phone number to call.
Example Scams:
- “Your Gemini verification code is: 123456. If you did NOT request this, please call support immediately at (8XX) XXX-XXXX.”
- “A withdrawal of 0.5 BTC has been initiated. This is your withdrawal code: 789012. If unauthorized, call our Fraud Line now.”
The psychological trigger:
The message creates panic by implying your funds are about to be stolen, making you bypass your usual caution and call the number provided.
Step 2: The Social Engineering (The Phone Call)
When you call the number, you are connected directly to a scammer (who may use a fake name and sound very professional). The scammer’s goal is to trick you into revealing your account credentials or even your 2FA code.
-
The Deception:
- The scammer confirms your “compromised account” story and claims they need to perform “security verification” to stop the unauthorized transaction.
-
The Trap (2FA Bypass):
- They might ask you to “read back the code you just received” (the original code sent in the text). Crucially, they may also ask you to log in to your account or install remote desktop software (like AnyDesk or TeamViewer) to “help them secure your wallet.”
-
The Theft:
- If you give them the code, they use it to gain immediate access to your account and transfer your cryptocurrency out. If you install remote desktop software, they can take full control of your computer and wallets.
🛑 What Gemini Will NEVER Do (How to Protect Yourself)
According to Gemini’s official security guidance, they will NEVER contact you in these ways:
| Never Trust This Action | Gemini’s Official Stance |
| Unsolicited Calls | Gemini does not offer phone support. They will not cold call you for any reason, including account management or support. |
| Asking You to Call Them | Gemini will never ask you to call a specific phone number for support related to an account alert. |
| Asking for Codes | Gemini will never ask you to share your password, PIN, or a 2FA code over the phone, email, or text. |
| Asking for Remote Access | Gemini’s support team will never ask for remote access to your computer or phone. |
| Telling You to Transfer Funds | They will never ask you to transfer funds to another account or wallet address for “security” reasons. |
Immediate Steps to Take
-
Do NOT Call or Reply:
- Delete the text immediately. Do not engage with the phone number provided.
-
Verify Independently:
- If you are worried about your account, open the official Gemini app or website manually (do not use any links from the text) and log in to check your transaction history.
-
Report the Scam:
- To your phone carrier: Forward the suspicious text message to 7726 (SPAM) (works in the U.S. and some other countries).
- To Gemini: Use their official support center to report the scam attempt.
- If you suffered a loss: Immediately report the incident to law enforcement via the FBI’s Internet Crime Complaint Center (IC3) at ic3.gov.
Be the first to comment