Important Security Notice Regarding Phishing Email Reports

Dear 3commas user,

We are reaching out to inform you about reports we have received from several users regarding phishing emails that are falsely claiming to be associated with 3Commas.

The subject line of these deceptive emails is "Reimbursement Plan". Please be aware that none of such emails were sent from our software.

We strongly advise against engaging with any suspicious links or disclosing personal information in response to unsolicited emails. Please refrain from interacting with the email. In the event that you have already engaged with the email (including completing any information on the linked form), we urge you to take the following immediate actions:

• Log in to your 3Commas account and reset your password
• Activate Two-Factor Authentication (2FA) using Google Authenticator for an added layer of security.

The phishing emails were distributed to 3Commas users through a mass email service known as Mailmuch.io. We have taken measures to report this activity to the email service provider, and they are working on suspending the malicious account.

Here are a few examples of the addresses used to dispatch the phishing message: contact@salams.app, info@unlayer.com. However, it is essential to note that these deceptive emails may come from various addresses.

We strongly recommend that you refer to the Help Article, which contains information on official 3Commas email addresses and additional security measures.

If you suspect any fraudulent activity or require assistance in verifying any communication that claims to be from 3Commas, please do not hesitate to contact our dedicated support team. We are here to help address any concerns promptly.

2025 Update: Heightened Phishing Sophistication and New Best Practices

As of 2025, phishing campaigns targeting crypto traders have grown increasingly sophisticated. These attacks often impersonate legitimate service providers, including automated trading software vendors like 3Commas, using AI-generated emails that mimic official messaging styles and visual branding with alarming precision.

Recent reports show a rise in phishing attempts involving fake DCA Bot configuration prompts, account verification requests, or urgent “withdrawal alerts.” These messages often include malicious links directing users to counterfeit login pages designed to harvest API keys and credentials.

What’s New in 2025

• AI-Enhanced Phishing: Threat actors are now leveraging generative AI tools to craft context-aware phishing content that adapts to the user’s behavior, trading activity, or subscription level.
  
• Spoofed Notification Systems: Attackers increasingly simulate transactional alerts or margin call warnings from trusted software interfaces to create urgency and mislead users.
  
• Compromised Browser Extensions: A growing number of phishing vectors in 2025 originate from browser extensions that inject fake overlays on legitimate web apps, including crypto trading terminals.
  

Updated Recommendations for Users

To help safeguard your account, we recommend taking the following steps:

• Enable Hardware-Based 2FA: While SMS and app-based 2FA provide a basic layer of protection, professional traders are strongly encouraged to use hardware security keys (e.g., YubiKey) for critical actions.
  
• Review All Connected API Keys: Regularly audit API access and revoke any unused or suspicious connections. Be cautious of granting trading or withdrawal permissions to third-party apps.
  
• Bookmark the Official Site: Always access 3Commas at https://3commas.io. Avoid clicking on links from email, SMS, or messaging platforms when accessing your trading software.
  

3Commas continues to strengthen its security infrastructure and user protections. While no system is immune to social engineering, maintaining awareness and following best practices remains the most effective defense against phishing in 2025’s rapidly shifting threat environment.