At Robinhood, we prioritize the security of your crypto and personal information. With the increasing popularity of crypto, it's important to stay vigilant against consumer scams and use best practices for account security. This guide to security and scam prevention outlines critical steps you can take to protect your crypto and personal data.

Protecting your account starts with verifying your identity, which helps us ensure only you have access to your account. You'll need:

• A photo of your government-issued ID: Acceptable forms of ID include a driver’s license, state ID, passport, passport card, or permanent resident card.
• A live photo of yourself: You might be asked to take a selfie with your mobile device or webcam. Make sure you’re in a well-lit place to take your photo.

Two-factor authentication (2FA) provides an additional layer of security to your account. 2FA makes it much harder for attackers to gain access to both of these, which helps protect you in case an attacker learns your password. 2FA is more secure because it requires 2 sources of verification: Something you know (your password) and something you have (the code you generate or receive on your device).

1. Set up an authenticator app: First, you’ll need to download an authentication app—we support many major third-party apps, including:
   • Google Authenticator: iPhone, Android
   • Duo Mobile: iPhone, Android
   • Authy: iPhone, Android
2. Confirm your mobile number: You’ll get a code in a text message to the phone number linked to your Robinhood account. When prompted, enter that code to confirm your phone number.
3. Verify your email address: We’ll send an email to the email address associated with your Robinhood account. Select the link in the email to confirm your email address.
4. Select Account → Settings
5. Select Security and privacy → Two-Factor Authentication → On
6. Choose the authentication app
7. Select Open App
8. Confirm that you’d like to add Robinhood
9. Copy the verification code generated by your authentication app, and when prompted, paste it into your Robinhood app
10. You’ll receive an emergency backup code from Robinhood that allows you to log in if you ever lose access to your device. Be sure to save this code in a secure place, such as within a password manager, saving a screenshot in a password-protected folder, or writing it down and locking it in a safe.

Verify transaction details

• Coin and address compatibility: Make sure you are transferring the correct crypto to the compatible address. Mistakes in this process can lead to irreversible losses. Often, a single asset can be sent across multiple networks. It's important to familiarize yourself with the compatible crypto addresses for each coin. For instance, sending Litecoin to a Bitcoin address would result in the loss of your Litecoin. Given that crypto transfers are irreversible, there is no way to retrieve the Litecoin once sent incorrectly.
• Wallet address accuracy: Use copy-paste or QR scan methods to enter addresses. Double-check the first and last 5 characters to ensure accuracy. This also applies to coins that have similar names or symbols—sending ETC to an ETH address will result in the loss of those coins.
• Also, sending unaccepted coins across a similar network won't be credited or returned. This can include unsupported ERC20 tokens being sent to ETH or ETC receiving addresses.

Beware of QR code scams

• QR codes are convenient but can be manipulated to redirect you to fraudulent sites. Always verify the scanned address matches the intended recipient's address.
• Be careful using a QR code to scan a crypto address because it can lead you to fraudulent sites or phishing scams.
• When using your Robinhood QR code to receive funds, always make sure the address scanned matches the address shown in your app.
• When scanning a QR code outside of Robinhood, make sure you are only scanning QR codes from a trusted source. Also, make sure the full address matches the one you scanned and intended to send to.

Double check how much crypto you’re transferring

• Unlike dollars, crypto can be divisible into very small amounts. A bitcoin, for example, can be divided into eight decimal places. When entering an amount of crypto to transfer, double check your decimal places to make sure you’re transferring the intended amount.

Double check the security of your email and crypto accounts

• Enabling crypto transfers means your coins can be sent outside of Robinhood. Once crypto is sent out of your Robinhood account, the transaction can’t be reversed. This makes security incredibly important. Make sure you’re using a strong, unique password—we recommend using a password manager—and also checking the security settings of the device you’re using for two-factor authentication. For more information, check out Security best practices.

• Phishing attempts: Scammers may impersonate Robinhood through emails or text messages, attempting to steal your login information. Always verify the sender's information and never share your password or 2FA codes.
• Fake investment schemes: Be wary of unsolicited offers promising guaranteed returns on crypto investments. Research thoroughly before investing and trust only reputable sources.
• Social engineering: Scammers might try to manipulate you into revealing sensitive information. Stay cautious of anyone asking for access to your Robinhood account or personal details.
• Romance or impersonation scams: Scammers often create emotionally compelling fake profiles to initiate romantic or personal relationships online. They may also impersonate trusted figures or organizations, asking for crypto under the guise of investment opportunities or urgent financial need. Always question unexpected requests for money or information, especially from new online acquaintances or unverified individuals claiming to represent reputable entities.
• Imposter scams: These scams involve individuals falsely claiming to be from government agencies, tech companies, or other trusted entities, insisting on payments or personal information. They might say you're in trouble, owe money, or are eligible for a refund or financial gain but must pay in crypto or provide account access. Be skeptical of unsolicited contacts and verify through official channels before responding.
• Tech support scams: In tech support scams, fraudsters claim your computer or accounts are compromised and insist on immediate payment for support services, often demanding crypto. They may direct you to fraudulent websites or ask for remote access to your devices. Never grant access or make payments based on unsolicited tech support offers. Verify the legitimacy of any tech support claim by contacting the service provider directly through their official contact methods.

Crypto transactions are irreversible and unauthorized activity can lead to fund loss. By implementing the security measures outlined above and staying informed about common scams, you can reduce the risk of compromising your account.

Still have questions? Contact Robinhood Support