Scoutinternal

Unsolicited Commercial Spam and Solicitation Emails Sent to BitGo Support

Unsolicited Commercial Spam and Solicitation Emails Sent to BitGo Support

Problem

BitGo support channels (primarily support@bitgo.com) receive a high volume of unsolicited commercial emails that are completely unrelated to BitGo's cryptocurrency custody products or services. These messages include petroleum product offers, freight/logistics quotations from China-based shipping companies, pharmaceutical spam, chemical supplier solicitations, counterfeit goods advertisements, fake procurement/tender requests, and inquiries about unrelated third-party entities (e.g., "Veono Technologies"). These tickets consume agent time and have no actionable BitGo customer issue behind them.

Diagnostics

  • Check the ticket subject line and body: Look for hallmarks of unsolicited commercial email — product catalogs, freight rate quotes, petroleum offers (EN590, D2, D6, JP54, LPG, LNG, REBCO, crude oil, bitumen), pharmaceutical/chemical supplier pitches, or requests for quotation (RFQ) on physical goods.
  • Check the sender address: Determine whether the sender is a known BitGo customer or an external party with no BitGo account. These messages typically originate from non-customer domains (e.g., logistics companies, trading firms, anonymous Gmail/Yahoo addresses).
  • Check for attachments or suspicious links: Messages may contain WeTransfer links, PDF download prompts, or embedded links designed to harvest credentials or deliver malware. Do NOT open attachments or click links from unknown senders.
  • Check for "Veono Technologies" or similar brand inquiries: A recurring pattern involves people asking BitGo whether it is affiliated with "Veono Technologies" (or "Veono technology," "veono technologies.org"). These are not BitGo customers but individuals asking about an unrelated entity.
  • Check whether any BitGo product, wallet, or account is referenced: If the ticket contains zero references to any BitGo service, wallet, coin, or API, it is almost certainly spam or a misdirected message.

Resolution

Scenario: products-supply-freight-quotation#generic-commercial-spam

Trigger: The inbound ticket is an unsolicited commercial solicitation (petroleum products, freight quotes, pharmaceutical ads, chemical suppliers, physical goods catalogs, fake tenders) with no connection to any BitGo product or customer account.

Signals: petroleum, EN590, diesel, crude oil, freight, quotation, logistics, supply, China, pharmaceutical, healing products, brand medication, generic treatment, purchase order, tender, quotation, CIF, FOB, LPG, LNG, REBCO, bitumen, Mazut, Soft Corporate Offer, SCO

Steps:

  1. Confirm the ticket body contains no reference to any BitGo service, wallet, blockchain, or customer account.
  2. Do NOT open any attachments or click any external download links (e.g., WeTransfer, Google Drive, PDF download buttons). These may be phishing vectors.
  3. If the message contains a suspicious attachment prompt or link (e.g., "DOWNLOAD/VIEW ATTACHMENT"), note this in the ticket for potential escalation to the security team.
  4. Close the ticket with no customer response, or if a response was already sent, use a brief reply clarifying that BitGo is a digital asset custody and financial services company and does not deal in physical goods, petroleum, freight, or pharmaceuticals.
  5. Mark/tag the ticket as spam in the ticketing system so it is excluded from SLA metrics and reporting.

Notes: These tickets represent the vast majority of this cluster (over 400 tickets). They require no technical investigation. The recurring patterns include: petroleum offers mentioning Rotterdam/Qatar/Kazakhstan/Houston ports; freight rate sheets from Shenzhen-based logistics companies; pharmaceutical spam with subject lines like "Own best in the world brand healing production here"; and fake RFQs impersonating companies like Pfizer. None are related to BitGo operations.

"Thank you for contacting BitGo support. May I ask what this quotation is for in plain text as we cannot open attachments for security." (ticket #134005)

"We are pleased to offer a wide range of petroleum and petrochemical products of Kazakhstan and Georgia origin, available at major global ports including Kazakhstan Port, Rotterdam, Houston, Jurong (Singapore), Fujairah, and more." (ticket #298818)

"This is Charles from Swieon Logistics headquartered in Shenzhen, China. With years of freight forwarding experience, we can offer the best services and the best price from all main ports in China." (ticket #47210)

Scenario: products-supply-freight-quotation#veono-technology-inquiries

Trigger: The inbound ticket asks whether BitGo is affiliated with, partnered with, or can confirm the legitimacy of "Veono Technologies" (or variants like "Veono technology," "veono technologies.org").

Signals: Veono, Veono Technologies, Veono technology, veono technologies.org, partnership with veono, confirmation of website, doubt regarding Veono

Steps:

  1. Confirm the ticket is asking about "Veono Technologies" or a similar unrelated third-party entity.
  2. BitGo has no known affiliation, partnership, or business relationship with "Veono Technologies." Respond to the sender stating that BitGo is not affiliated with the entity in question.
  3. If the sender appears to be a potential scam victim (e.g., they were told to send funds via BitGo as part of a Veono-related scheme), advise them to exercise caution and contact local law enforcement if they believe they have been defrauded.
  4. Close the ticket. Tag as spam or misdirected inquiry.

Notes: At least 8–10 tickets in this cluster specifically reference "Veono Technologies" across multiple naming variations. This suggests an external scam or fraudulent operation may be using BitGo's name in connection with "Veono." If the volume of these inquiries increases, consider escalating to the compliance or legal team for awareness.

Scenario: products-supply-freight-quotation#phishing-or-malware-attachment

Trigger: The inbound spam ticket specifically prompts the agent to download an attachment, click a WeTransfer link, or visit an external URL to view a "purchase order," "company profile," or "quotation."

Signals: WeTransfer, DOWNLOAD, VIEW ATTACHMENT, purchase order, company profile, PDF, attachment, quotation attachment

Steps:

  1. Do NOT open any attachments or click any links in the ticket.
  2. Note the sender domain and any URLs visible in the ticket body.
  3. If the message appears to be a targeted phishing attempt (e.g., it impersonates a known company like Pfizer or Sinopec, or references a BitGo employee by name), escalate to the BitGo security/InfoSec team immediately.
  4. If it is generic spam with an attachment lure, close the ticket and tag as spam.
  5. If a response has already been sent, ensure the agent did not click any links or open attachments. If they did, notify the security team.

Notes: Ticket #48084 references a WeTransfer link purportedly from a Sinopec email address. Ticket #85073 impersonates Pfizer Manufacturing Belgium with a fake tender for "PISTON RING PUMP" units. Ticket #134005 included a "DOWNLOAD/VIEW ATTACHMENT" button. These are social engineering attempts and must never be interacted with.

"May I ask what this quotation is for in plain text as we cannot open attachments for security." (ticket #134005)

Related

  • none identified — This cluster is entirely composed of off-topic spam and misdirected solicitations with no relevance to BitGo's cryptocurrency custody, wallet, or trading products.