How To Avoid Phishing and Identity Theft

One day, B.J. Mendelson was playing Roblox with his school-aged nieces when suddenly, he heard a stranger’s voice come out of one of their iPads. A longtime digital security buff, he was pretty creeped out. He knew how to keep himself secure online, but the incident brought home just how many opportunities for privacy breaches there are lurking in everyday devices. Most people, including his own brother and sister-in-law, operate them without a playbook.

That’s why this fall, he decided to start a podcast miniseries with the goal of making digital privacy more accessible. Sexy, even. The result is Stupid Sexy Privacy, a show in which he and co-host Rosie Tran give listeners bite-size, actionable tips on dealing with basic tech stuff like password management, not letting your car harvest your data, and whatever Elon Musk is doing to Twitter. Mendelson was kind enough to share some of these pearls of privacy wisdom with Slate, though you should probably get a VPN before you read them.

This interview has been condensed and edited from two conversations for clarity.

Heather Schwedel: Let’s consider the hypothetical person who knows absolutely nothing about privacy—what are some things they can do to improve their security, like, right this second?

B.J. Mendelson: Use the right browser and get a forwarding email address. I use DuckDuckGo and an @duck email address. These days, most marketing emails have trackers in them that collect data about you. The @duck forwarding address strips away the tracker and forwards it to your real email so you can get messages without companies collecting your information.

You can also use ClamAV to look for malicious software, and use Signal for messaging. Signal is great—it’s not sophisticated, it has a lot of fun features, there’s a group chat option, and it lets you chat securely with your friends and family without worrying whether someone can access your messages. If I can get people reading this to just switch to Signal, I’ve already done a large part of my job.

Also, get a VPN (virtual private network.) It disguises your web activity and limits the data your internet service provider can collect about you.

I thought a VPN was for like, watching streaming services from other countries and buying dark-web drugs. Do I, an average person, really need one?

If you’re at home, then you don’t have to worry about it. But if you’re out and using public Wi-Fi, you absolutely do. Something like 90 percent of Gen Z and millennials own a smartphone. [Actually, it’s roughly 98 percent for Gen Z and 94 percent for millennials.] We’re all out and about using and connecting to different Wi-Fis that are probably not secure. That’s a serious thing. That’s why I use tools like Proton VPN, which has an app. You fire it up, and then off you go.

Can you tell me about some of the biggest takeaways from the recent episode you did about protecting yourself after a breakup?

If you’re going through a breakup, and you’ve shared your device with that partner, you absolutely need a new device. It’s the only way to guarantee that there’s not a keylogger—which lets the person who installed it monitor every single thing you enter on your keyboard, including passwords, emails, etc.—or some other kind of spyware that they’ve put on there.

When I heard that tip, I balked at the idea that it was easy. First of all, you recommend getting a new Mac, which is expensive!

You’re right, it is expensive. And it sucks. And I wish that there was an alternative. But for most people, that is the easiest, most basic way for them to protect themselves.

It also struck me as a little extreme to get a new computer every time you go through a breakup. In a lot of cases, you were with a decent person and it just didn’t work out—should you really be afraid of them?

That’s always the question, right? In the privacy space, they talk about threat vectors, which is really just a nice way of asking what the probability is that someone’s going to do something shitty to you. But, it’s easy to be evil today. Revenge porn is unfortunately a huge thing. That’s why we talk about this stuff.

But you’re right. I have a couple of ex-girlfriends who’ve had access to my stuff. Am I concerned that they’re spying on me? No. But is the possibility there? The possibility is always there.

These costs must start to add up. How much money do you personally spend on privacy stuff annually?

Signal is free. DuckDuckGo is free. The DuckDuckGo forwarding email address is free. ClamAV is free. Proton VPN is one regular expense, which is about $100 a year. Again, the nice thing about privacy is that a lot of this stuff is open-source , which means it’s freely available, and the incentive is usually to protect users rather than turn a profit. There are services like 1Password that I also pay for.

DeleteMe, the other service that I think everyone needs, is also unfortunately expensive. It’s a tool that removes personal data captured by data brokers. If you’ve got two weeks’ worth of free time, you can go to all 600 of those data brokers yourself and fill out a form on their individual websites, which is often buried under a bunch of legalese. In doing so, you might even create more data that then go back to them. So what DeleteMe does is constantly look for your information and then scrub it again, which saves you time. I paid about $250 for it.

All told, I spend about $300 or $350 a year on privacy stuff. And I want to be clear: That sucks. I should not have to pay for this. Something like DeleteMe should be something that’s government-funded so that everyone can use it.

What’s the dumbest infosec mistake you see people make?

Clicking on suspicious links in emails and texts. We all fall for it. I’ve fallen for it. My dad recently fell for it. Just understand that not everything you get is safe, especially in email. There’s a company that I do some work with, and we constantly get phishing emails that look like they’re from the CEO. Everything looks so legit and sophisticated that people click on it. And so that’s been the most common thing.

People need to look for typos and spelling errors in these emails. And to check if the domain from the sender was correct. What does the website look like when you do click through? And if you do click, please, for the love of God, do it using Tor. Any time that you’re suspicious of a link, if you’re on a desktop, you can just download Tor and then pop the link in there. That’s a secure way to look at a link without having to worry about it hijacking your system.

Your first book about privacy came out a few years ago, and you’re working on a new one now. What would you say have been the biggest changes in this landscape since the last book came out?

Definitely this thing that’s going on with Twitter. But before that, it was the scope and scale of Russia’s hacking of the DNC [Democratic National Committee]. We didn’t know how deep it was. But I think the level of sophistication is something that people should be aware of.

Here’s the scary thing: The tools and tactics that Russia used have now been co-opted by Republican operatives, fascists, and other weirdos to harass people, dox them, and spread misinformation. Things like trying to smear people with old tweets or things that have been taken out of context have also become so much more common and aggressive for the day-to-day person. When I first wrote the book, we were talking about governments, journalists, and big organizations being hit with these attacks, but now we’re all dealing with it.

I definitely want to talk about Twitter. What should people do about Twitter right now?

If you’re going to stay, the first thing you want to do is protect your tweets by going into your settings, then the Privacy and Safety tab, then clicking Audience and Tagging. That makes them private, so only the people who follow you can see them. This matters, because what’s going to happen when Musk rolls out the new Twitter Blue? If you look at the ad for Twitter Blue, it says, “Rocket straight to the top of @-messages and DMs.” If I were a bad actor, I could purchase Twitter Blue and just start harassing people in a way that’s harder to ignore. Protecting your tweets can help.

The second thing is to use a YubiKey, Google Authenticator, or Authy. Google Authenticator and Authy are two-factor authentication apps that are more secure than SMS. But the most secure option is a YubiKey, which is a physical key that plugs into your USB drive or phone that you need to have with you to log in to Twitter.

The third thing, and this gets into legal territory, is to delete your DMs in case someone breaks into your account. The response that I’ve gotten to this is, “Well, that doesn’t delete them from Twitter servers.” Two things to say about that: First, you should delete all your past and future Twitter DMs just in case someone breaks into your account and finds information that could be used to break into your other accounts.

Secondly, if Twitter employees access your DMs, the company is liable under the Stored Communications Act. Corporate employees of companies like Facebook and Google can face criminal charges for accessing this sort of private information and using it in certain ways.

I think there is a real risk that if you’re the average person using Twitter, you can still be hacked. Plus, privacy is a thing that we need to do together. Not only are you protecting yourself, but you’re also protecting other people whom you’ve had conversations with.

Another idea I’ve always been suspicious of is that I need to put a sticker on my laptop camera.

Again, it’s a crime of opportunity. Let’s say you’re at work, and there’s a breach in the company server. If that happens, people can find a way to get on to your laptop, and it’s entirely possible they could activate your microphone and your video camera without you knowing. For a long time, I was telling people to just put a Post-it note over the camera. I know it sounds silly, but it’s a legit concern.

Just talking about hidden cameras for a second, that’s a global epidemic around the world that adversely affects women. And so, getting an RF detector—a small device that detects hidden cameras—can go a long way to keeping yourself and your privacy secure. You can also get a mic blocker to disable mic access so no apps on your phone can listen to you.

OK, one more question. What is the sexiest thing about privacy?

There’s nothing sexier than being able to share images and videos with your partner, especially during times like a pandemic, and not having to worry about, “Oh my God, this is gonna wind up on some guy’s hard drive or website?”

I think intimacy with the knowledge of security is very sexy.

By Heather Schwedel

Source: VPN, phone security tips: How to avoid phishing, identity theft


Related contents:

New Phishing Campaign Impersonates Flipper Zero to Target Cyber Professionals Infosecurity magazine

20:42 Mon, 02 Jan
14:35 Mon, 02 Jan
13:45 Mon, 02 Jan
16:15 Sun, 01 Jan
10:42 Sun, 01 Jan
00:32 Sat, 31 Dec
23:31 Fri, 30 Dec
Fraudulent websites and phishing emails related to The Hongkong and Shanghai Banking Corporation Limited The Government of Hong Kong Special Administrative Region (Press Release)
18:15 Thu, 29 Dec
16:25 Thu, 29 Dec
16:04 Thu, 29 Dec
10:46 Thu, 29 Dec
07:48 Thu, 29 Dec
19:28 Wed, 28 Dec
14:50 Wed, 28 Dec
14:19 Wed, 28 Dec
10:18 Wed, 28 Dec
08:04 Wed, 28 Dec
06:12 Wed, 28 Dec
14:40 Tue, 27 Dec
Marketing Programs You May Like:
3D Pal Toons
7 Minutes Kit
9 figure Success
Ad Raven
ADA Bundle
Ada leadz
Adsense Machine
Adtivate Agency
Agency Client Finder
AIWA Commercial
ALL-in-One HD Stock
Appoint B Agency
Art Of Living
Audio Studio
Aweber Crash Course
Big Audio Club
BigAudio Club
Boost Optimism
Commission smasher
Content Gorilla
Content Tool Kit
CourseAlly eLearning
Credit Repair
Diabetes Guide
Diddly Pay’s
Diet fitness diabetes
Dominate Email
DUX Forex Signals
Easy NFT
EBook Agency
Ejaculation Total
Email Monetizer
Extreme Adz
Extreme Coupon
EZ Local Appointment
Ezy MultiStores
Facebook Cash Machine
Fade To Black
Fitness Nutrition
Followup Builder
Forex Atlatian
Forex Blizz
Forex Blue Stark
Forex expert
Forex Hybrid Scalper
Forex Joustar
Forex Mastery
Forex Scouts
FX Goldminer
Gaming job  s
Genesis Mining
Gluten free
GMB Snap
Graphic Alta
Heal Your Emptiness
High Converting Emails
Hostley Domain Creator
Human Synthesys Studio
Insta Keyword
Instant Website
iTraffic X
Klippyo Kreators
Levidio Royal Podcasting
Linkable DFY
Live Your Truth
Living An Intentional Life
Living an International Life
Local Leader
Local Sites
Mat1 Simple Funnel
Mech Forex Robot
Mobi First
Motion Kingdom Studio
Movid Animation
MT4Code System
My Passive Income
Next Drive
Organic Life Guide
PlanB Muscle Growth
Podcast Advantage
Podcast Masterclass
Power Reviews
PR Rage
Prime Stocks
Profile mate
Push Button Traffic
PWA Agency
QR Verse
Quintex Capital
Quit Smoking
Self Validation
Seniors Income
Stackable Picture
Steven Alvey’s
Stock Mages
Sunday Freebie
Super backdrop
The Internet Marketing
Tonai Voice Content
Toon Video Maker
TV Boss Fire
Ultrafunnels A.I
VIADZ Ad Template
Video Campaignor
Video Games
VideoRobot Enterprise
Viral dash
Viral Quotes
VR Studio
WordPress Mastery
WP Simulator
Writer Arc
writing job
XBrain Forex
Your 3DPal


Love Wordle? Cryptic Crosswords Will Only Feed Your Addiction

In the mid-1980s, there was an article in this masthead next to the cryptic crossword on how to attempt to decipher this type of puzzle. Thanks to that inspiration, I have now completed cryptic crosswords for nearly 40 years: individually, with colleagues, friends, partner and husband.

You’ve seen them. At work, on holiday, waiting for an appointment, at the airport, at home. Solvers flexing their brain organ, pumping muscle tissue. Why? To stretch their mind and its boundaries. To acquire knowledge out of their usual comfort zones. To challenge their brain with new information. And, as I’ve become more senior and frail, these crosswords still sing to me.

In our new world, of so many notifications sent our way, in all its different media, mediums and devices, we are encouraged to skim in our “fomo” for information. Enter the cryptic crossword, promoting a sense of stillness and mindfulness through the required focus and concentration.

We live in an age where reading between the lines and beyond the words should be more relied upon to understand the true intent of the scribe.

We know that having fun makes learning easier. And that in many jobs, there is less time to connect in a personal way. Cryptic crosswords provide a connection between colleagues beyond their work, during coffee breaks, lunches and snippets of time where one needs to think of something else.

I taught for 33 years in government secondary schools, and one end-of-year activity with me was students learning to decipher clues and write their own cryptic crosswords.

The sparkle in the eye when an answer is recognised is a connection made, in the relationship and in the brain. The sense of achievement upon completion of an entire cryptic crossword is the ultimate goal for all solvers.

It’s teamwork that promotes a healthy culture of learning and problem-solving together.

It can identify how someone thinks, which can be very beneficial when certain roles or situations arise in the work environment and a certain thinking style and performance is needed.

The easier cryptic crosswords can be completed with assistance from companion clues in the neighbouring Quick crossword. Then there’s the cryptic with setter’s initials so that you know who it is you are tackling. Then there are ones with no setter initials, leaving you none the wiser where they might be coming from.

Reading the setter, understanding their character and decoding how someone thinks is a large part of what it is about. The setter’s character, their backstory or stem, and where they are coming from are crucial in the speed and mind frame you choose as the solver to determine the answers.

Solving cryptic posers teach you about yourself and those around you attempting to crack the code. It shines a light on how you best problem-solve and in which areas you could improve. Alone, with others, when in a relaxed environment, when pressed for time, under pressure.

You don’t know what you might learn about yourself, others and the world. May cryptics provide you with many years of joy.

By : Shirley Barbara-Heyworth

Source: Love Wordle? Cryptic crosswords will only feed your addiction



Whether to take your mind off work at the end of a long day, or to just take a mental break over lunch, tackling a cryptic crossword is a great way to unwind with something that is both fun and challenging!

The difference between a cryptic crossword and a regular crossword is that the route to finding solutions to a cryptic crossword is more convoluted. Whereas a regular crossword is a straightforward exercise in thinking of synonyms – words with similar meanings to those in the clues, it’s not clear initially with a cryptic crossword what part of each clue you need to find a synonym for.

And when you work that out, the answer you come up with has to fit with all the other parts of the clue. But the more you do them, the easier it becomes because you get to know the setter’s style. This is why many people often have a preferred crossword in a particular newspaper or magazine.

If you’re not used to doing crosswords, then you might want to get used to thinking about synonyms by doing regular crosswords first, and then working your way towards the cryptic sort.

There’s also a more serious side to crosswords. Along with other cognitive activities such as learning a new language, playing a musical instrument, or playing cards, doing crosswords is one of the brain-training skills that is thought to help reduce the risk of dementia and delay its symptoms.

By keeping the brain active as we get older, scientists think that we might be able to reduce the amount of brain cell damage associated with dementia and even grow new connections between brain cells.

Doing crosswords, therefore, might help your brain keep working better for longer.1 So instead of turning on the tv or watching TikTok, get out a crossword and get that grey matter working!

More contents:

This New 2022 Law Will Ban Use Of Dumb Passwords In Smart Devices

The U.K. government has, and not before time, many would argue, moved to introduce legislation that will ban the use of dumb passwords in so-called smart devices.

The Product Security and Telecommunications Infrastructure (PSTI) Bill has yet to become law; according to government sources that will happen as soon as parliamentary time allows. This means that we should see the law come into play in 2022.

However, what has happened already is that the legislation has been published, and we now know what the months and years of consultation and industry expertise have brought to bear.

What consumer security protections will the new law introduce?

In effect, the PSTI Bill will provide for three regulatory steps to shore up the security sinkhole as it applies to smart devices:

  1. Default, factory set, weak passwords will no longer be allowed. Instead, all relevant devices will need to come with unique passwords that cannot be set back to a single, universal, factory default.
  2.  A contact for researchers, hackers, bug bounty hunters and the like to report security vulnerabilities must be published publicly.
  3.  Consumers must be advised of the period for which the device they are buying will receive security updates, and so advised at the point of purchase. If the device cannot receive such updates or patches or won’t get any, that must be declared.

“One of the most commonly used attack vectors is through default passwords, which are easy to guess and preloaded on multiple devices,” George Papamargaritis, a director at Obrela Security Industries, said. “The fact that this new legislation bans default passwords is a huge step forward and it will encourage device manufacturers to consider security before marketing products, otherwise they could face business destroying fines.”

“We’re getting to a place where security by design will be a mandatory requirement and not an afterthought,” Laurie Mercer, a security engineer at HackerOne, said. “This is a significant milestone towards more secure consumer connectable products, and shows the U.K. is leading in creating a safe digital connected society.”

What smart devices will be covered by this new law?

What devices are covered? Well, it’s consumer goods legislation and covers routers, security cameras, games consoles, TVs, smart speakers and assistants, baby monitors, doorbells and, yes, smartphones. It doesn’t cover laptops and desktops, medical devices, cars, or smart meters.

This is a good step forward in that the law will apply to both manufacturers of the devices and those who import and sell them. It will be overseen by an as yet to be appointed regulator and come with fines of £10 million or 4% of global revenues; ongoing breaches can carry a daily £20,000 penalty. Of course, California already has Senate Bill 327 that requires similar password rules and came into effect on 1 January 2020.

Overall, it’s a good thing but has limitations as many smart devices are pretty stupid when it comes to security and have no ability for firmware patching; the law will only require it to be declared there are none. Even for those that can be patched, there’s no requirement for this to be automated. Without such automation, most consumers will not bother and declaring that vulnerability could make the device less secure as threat actors will then find exploits.

The expert opinion: an interview with David Rogers MBE

I’ve been chatting with David Rogers MBE, the CEO at Copper Horse and chair of the GSM Association (GSMA) Fraud and Security Group. Rogers also sits on the executive board of the Internet of Things Security Foundation. With more than 20 years of experience in embedded device security, David volunteered to draft a set of technical requirements, which ended up with the U.K. Code of Practice for Consumer IoT Security.

“The government always said if they didn’t see improvement to the market situation that they were prepared to legislate and regulate,” Rogers says, “and we’re here now where there is demonstrable market failure.” He points to research by his company that found four out of five IoT device companies didn’t have any way for security researchers to contact them, for example. “That is a truly shocking state of affairs and is really the tip of the iceberg,” Rogers continues, “what does it say about the ability of these companies to secure their own products?”

An important first step

Rogers agrees that the new PSTI Bill is a first step that addresses the top three mandates of the code of practice. “This to me hits the major issues, and if we only resolve those parts, we go a long way to protecting consumers,” he says. But it’s far from the end of the story, and the key message to the industry has to be, Rogers insists, “why wait? What is your excuse? Bad stuff is happening, and it’s IoT manufacturers’ responsibility to be part of the solution, not the problem!”Rogers admits it’s a difficult challenge because it should be a constantly moving target if you think about product security. If a vulnerability is discovered, it should be addressed and patched if possible. “That’s why it really comes down to that point about how long vendors are providing security updates for,” he says, “and providing that information clearly to consumers and retailers.”

A baseline of security across all electronic devices?

But what about the covered devices, or rather those that aren’t? “Of course, I want to see a baseline of security across all electronic devices,” Rogers continues, “but there are clearly sectoral differences and already existing regulation, particularly in the automotive and medical sectors. They cover safety aspects that go above and beyond where we are here, and it doesn’t seem to make sense to land grab those spaces.”

Rogers also thinks that an impact is being made even before the legislation gets Royal Assent and becomes law. “Interest in conformance schemes for IoT security in the industry has gone through the roof,” he says, “simply with the threat of legislation by a host of countries.”

To be fair to the responsible companies out there, Rogers points out that they have been pushing for this too. “GSMA’s excellent IoT security work was underway in 2014, already drawing on existing work from the mobile device space,” he says, “what we’ve seen is an alignment across government, industry and also the hacking community. Everyone knows what the problems are and, crucially, how to fix them. So, let’s do it!”

We can’t look back and fix the past

When it comes to the existing volume of smart devices already in the market, Rogers take a pragmatic view. “One thing many of us were conscious about was not adding to the already-existing mountain of IoT e-waste or unnecessarily penalizing people who can’t afford expensive products,” he says. “We can’t look back and fix the past,” Rogers concludes, “but we can look forward, and the lifecycle of technology is still very swift.


More broadly, it is more about bad practices that we’re seeking to eliminate, and we’re seeing a broad swathe of work that is intolerant to poor and unacceptable engineering practices, whether it be around supply chain security or protecting people’s privacy.”

“This is the start of a huge movement towards a safer online society, but it won’t be changing overnight,” Jake Moore, a cybersecurity specialist at ESET, concludes. “These proposals are exactly what is required to help guide people in the right direction after typical security measures by design haven’t been strong enough to help those who desperately need it.”

Follow me on Twitter or LinkedIn. Check out my website or some of my other work here.

Davey is a three-decade veteran technology journalist and has been a contributing editor at PC Pro magazine since the first issue in 1994. A co-founder of the Forbes Straight Talking

Source: This New 2022 Law Will Ban Use Of Dumb Passwords In Smart Devices


Cybercriminals Are Coming for Your Business. Here Are 5 Simple Ways to Keep Them Out

Now, more than ever, is a crucial moment to button up cyber security measures at your company. Small businesses were easy prey for cybercriminals during the pandemic. A shift to remote work meant hackers had their pick of unsecured home networks and devices. Now, even though many businesses have moved back to in-office work, it’s likely they’ll still be targeted by hackers. Savvy thieves often see small businesses as a “Trojan Horse” to the larger businesses with which they partner.

Panelists at a Chamber of Commerce event on Thursday shared tips on what businesses need to keep in mind in order to protect their data and assets from cyberattacks.

Ransomware comes in via email and can hide for several days.

Some cyberattacks will do damage instantly, taking down all of your systems and locking you out. But some, such as ransomware emails, require more time to take root.

“So maybe an employee clicks on an email that goes through their device, and they send that email to somebody else that hits another application or device. It can really be in your system for several days before you notice it,” said Tara Holt, senior product marketing manager at Iron Mountain. The delayed timeline is crucial to keep in mind as you work to nail down when and how a breach occurred.

Backup critical data, both on- and off-site.

Holt and other cybersecurity experts encourage businesses to store a backup of your most critical data as a second line of defense. This should be both off-site and online. Your business may still be able to operate during a cyberattack, even in a limited context, if there’s a backup handy.

Make sure payment processors are PCI compliant.

An overlooked area of cybersecurity is your third-party payment processor. Businesses that make hundreds of transactions per day must ensure that security standards are in place to prevent theft. Most merchants that accept credit cards must adhere to the Payment Card Industry Data Security Standard, or PCI.

A few credit card companies allow merchants that are not PCI compliant, but tread carefully with them — you’ll likely be stuck with the bill in the event of a breach. “If you get a breach, and you’re not PCI compliant, it’s a minimum of $80,000 apiece and MasterCard will have to charge you, because they’re going to have to resubmit new cards for those people whose cards may have also been compromised,” said Renee VanHeel, president of Pay It Forward Processing.

You can pay the ransom, but don’t expect to get your data back.

While taking cybercriminals at their word is always a risky undertaking, when it comes to ransomware, few crooks are honest players. Businesses that pay ransoms must deal with the very likely possibility that any data they get back will either be incomplete or corrupt.

An estimated 92 percent of victims who pay the requested ransom don’t get their data back, according to a 2021 Sophos State of Ransomware report.

Use a “zero-trust network” and multi-factor authentication.

Chances are, your team probably needs a refresher on what makes a strong, unique password, which can go a long way toward securing your systems. Best practices include combining three or more unrelated words — proper nouns are good — with numbers or special characters separating them.

Requiring the use of VPNs is also key. Saïd Eastman, CEO of JobsInTheUS, says his company uses both an internal VPN and a third-party VPN for customers. “We do that because we believe it’s important for us to provide a secure environment for our employees to get in to do their jobs, but also a place for our customers,” he said.

Holt also suggests that businesses create what is called a “zero-trust network” that authenticates users every time they log-in. Multi-factor authentication, where users must enter a passcode that is sent to their phone or email, is another good safeguard.

“Adding in as many different layers of security as you can can really be that first step to protect you,” said Holt.

What’s The Deal With Bitcoin ATM and How Does A Bitcoin ATM Work?

What is a Bitcoin ATM, and does it actually function as an ATM? The short answer is yes.

Technically, these aren’t traditional ATM’s (Automatic Teller Machines) as they do not allow physical withdrawals of BTC from an account you own. Instead, these machines will enable you to purchase Bitcoin, depending on the specific machine. There are a number of machine types around from various companies, the top 3 being: General Bytes, Genesis Coin, and Lamassu.

  1. You verify your identity through an one-time-password sent to your mobile or email. Again, this varies from machine to machine.
  2. You decide if you want to buy or sell BTC (if you have the option).
  3. To buy, you must choose the amount you want to in terms of BTC or your target fiat currency.
  4. You then deposit the fiat currency into the machine.
  5. Several things may happen depending on the machine:
  • A QR code may appear on the screen for you to scan
  • A QR code may be printed off corresponding to your new BTC wallet.
  • The machine will ask and scan the QR code of your pre-existing wallet.
  • You input your email address to have a QR code sent to you.

To sell, you must send the appropriate amount of BTC to the address displayed on the screen. Once the transaction is confirmed, you will receive the agreed fiat sum. How long this takes depends on the machine.

Bitcoin ATM’s v.s Crypto Exchanges

Bitcoin ATM’s are connected to exchanges. When using one, you are essentially buying or selling your chosen coin on an exchange. However, you’re interacting with a physical machine in a specific location rather than online. The price difference between using an online exchange and an ATM is generally around 5-10%. This means that ATMs cost 5-10% more to buy, and selling means you receive 5-10%.

Despite the premium that must be paid, many are attracted by these machines’ convenience and ease. They allow for a more visual and straightforward financial transaction that most are already familiar with. In addition, machines do not require any confusing registration processes or the need to learn about online trading interfaces.

When selling through an online exchange like Phemex, the platform’s spot markets offer more control over the price you are transacting with. You can also take advantage of limit orders and stop orders if you are not happy with current market prices.

Bitcoin ATM Map

There are many services and locations apart from bitcoin ATMs which provide exchange of bitcoins for cash and vice versa.You can send cash-to-cash payments to your relatives or friends in other countries by using two bitcoin ATMs. Find where to buy or sell bitcoins and other cryptocurrencies through ATMs for cash here…


Source: Bitcoin ATM’s: How Does A Bitcoin ATM Work? – Phemex Blog



“FINTRAC Advisory regarding Money Services Businesses dealing in virtual currency”. Retrieved 2016-11-22.

%d bloggers like this: