Luno will keep your cryptocurrency safe but only you can protect your wallet from being accessed by intruders. If your sign in details are stolen and used to steal Bitcoin or Ethereum from your Luno wallet, there is nothing you or Luno can do to get it back.

That’s why we’ve written this list of good practices to help you keep your wallet safe.

Be vigilant of phishing

Website

When navigating to the Luno website, make sure the website address (or URL) is the legitimate luno.com address. If you see anything else in the address bar on top of your browser, leave the site immediately and report it to us by sending a screenshot to fraud@luno.com. We’ll try to have the fake site shut down. 

Email

Make sure whenever you receive an email from Luno that it was truly sent by Luno. Check the origin of any email before interacting with any of the links – you can do this by double-checking the sender’s address.

If you do receive a phishing email, do not interact with any of the links in the message. Your email provider should have a “report as phishing” option. Use it.

Phone calls

Be vigilant when receiving phone calls and always ascertain who’s calling you. A tactic that phishers employ is to masquerade as a legitimate entity in order to gain access to your account.


When calling, we may ask you some security-related questions in order to verify your identity. However, Luno will never ask you for:

  • Your password

  • Your banking details

  • Your two-factor authentication codes

  • Your OTP pin

  • Authorisation links

Stay alert

Read any notifications sent by Luno and report any activity that looks suspicious as quickly as possible to phishing@luno.com.

Two-factor authentication

This is such a powerful security measure, it shouldn’t be regarded as optional. With enough time and computer power any password can be guessed.

We’ve written a piece to help you in setting up your two factor authentication security in the Security Centre.

Passwords

Bitcoin is popular and high on the list of things hackers want to steal from you. It’s extremely important you use a strong password. Not only must your Luno password be strong, it must be unique.

If you’re using the same password on your Luno account as your email or your social media accounts, then you’re basically betting the keys to your Bitcoin wallet on you never having clicked on a phishing link.

To protect yourself even further, it’s good practice to use a Password Manager, which allows you to create and remember secure passwords.

You can change your password in the Security Centre.

Active Devices

This feature in Security Centre gives you the control to see which devices are currently being used to access your Luno account. Here you have the ability to deactivate any suspicious devices that you may not recognise.

API Keys

An application programming interface key, or API key, is a unique key that allows a program to gain access to your Luno account. Should you wish to view or manage your API key, you can do this in the Security Centre.

You can read more about API keys here.

Touch ID

This feature is currently available for customers using iOS devices and gives you the option to set up biometric authentication for various security features within your Luno account.

Secure your email

Luno will interact with you through your email. This is our way of communicating with you. If criminals have access to your email, you are at risk.

Here’s a few things you can do:

  1. Use a unique and strong password.

  2. It's recommended to update your password frequently. A strong password is at least 14 characters in length and contains a mix of letters, numbers and special characters.

  3. Set up two-factor authentication for your email

  4. Most email providers support Google Authenticator or even SMS security. Check your settings.

  5. Check your forwarding settings to make sure.

  6. Attackers will sometimes gain access to your email. They’ll remain stealthy. Without your knowledge, they set up a forwarding address to have all your incoming mail forwarded to them. They wait until the opportunity arises to steal from you. In this way, your Bitcoin can be stolen even if your account was compromised months ago. Check your mail forwarding settings and make sure there aren’t any unknown devices logged into your mail.

  7. If you signed up to Luno using a Gmail address, here are some additional resources for you:

In summary, no time spent on improving security is ever wasted. We know adding security means less convenience, but we’ll have peace of mind knowing you have peace of mind. Stay safe, and feel free to reach out to us if you have any security related questions. We’re here to help.

Related articles

What is two-factor authentication?

How to enable two-factor authentication

I lost my phone or deleted my two-factor authentication app. How to do a 2FA reset?