Table of Contents

Our official & controlled domains The golden rule of security How to spot a phishing scam Frequently asked questions (FAQ) What should I do if I find a phishing website? A website is asking me to enter my 24 recovery words to "sync" my wallet. Is this legitimate? Are your old shiftcrypto.ch domains still safe to use?

To ensure your security, it is vital to interact only with official BitBox websites and emails. Scammers often create convincing copies of our website to trick you into revealing sensitive information.

This guide will help you confidently identify our official domains and teach you how to spot and avoid phishing scams.

Our official & controlled domains

We control the following domains. If you encounter a website that looks like ours but is on a different domain, consider it a phishing attempt and please .

bitbox.swiss the main website
shop.bitbox.swiss online web shop
shiftcrypto.support support website with FAQs, troubleshooting guides and other such info
shiftcrypto.io redirect to the main website
digitalbitbox.com redirect to the main website
shiftcrypto.org redirect to the main website
shiftcryptosecurity.ch redirect to the main website
shiftcryptosecurity.com redirect to the main website
shiftdevices.com redirect to the main website

All our official domains are configured to use a secure HTTPS connection. You should always see a lock icon 🔒 in your browser's address bar.

The golden rule of security

The single most important rule to keep your crypto safe is simple:

Never enter your wallet backup (your 24 recovery words) on any device other than your BitBox02 hardware wallet.

 

We will NEVER ask for your recovery words for any reason. Any app, website, or person asking for them is a scammer.

How to spot a phishing scam

Scammers are clever, but they often leave clues. Before you click, look for these warning signs:

  • Wrong Sender Address: Check the sender's email. Is it from one of our ? Scammers often use public domains (@gmail.com) or misspelled versions of our domain.
  • Urgent Threats & Tone: Scammers create a false sense of urgency, pressuring you with threats like "Your account will be suspended!" or "Your funds are at risk!"
  • Bad Grammar & Spelling: Official communications are professionally written. Obvious mistakes are a major red flag.
  • Suspicious Links: Hover your mouse over any links before clicking to see the true destination URL. If it looks suspicious, do not click. Instead, manually type bitbox.swiss into your browser.
  • Requests for Personal Info: This is the biggest warning sign. We will never ask for your recovery words, seed phrase, or passwords.

Frequently asked questions (FAQ)

What should I do if I find a phishing website?

Do not enter any information. Close the browser tab immediately. Please report the URL to our support team at support@mail.bitbox.swiss so we can take action to have it taken down.

A website is asking me to enter my 24 recovery words to "sync" my wallet. Is this legitimate?

No, this is 100% a scam. Your recovery words should only ever be entered directly onto your BitBox02 device. Any website or app asking for them is trying to steal your funds.

Are your old shiftcrypto.ch domains still safe to use?

Yes. All of our former domains, like shiftcrypto.ch, are still controlled by us and now automatically and safely redirect you to our main website, bitbox.swiss.

Related Articles

Was this article helpful?

Give feedback about this article