Why We Update Your Anti-Phishing Words (And Why You Should Care)
In this article:
If you are a contact of The Bitcoin Way, you have a set of anti-phishing words assigned to your account. These words appear in every direct email we send you. If the words are correct, the message is from us. If they are missing or wrong, it is not.
Simple system. Works every time.
But like any security measure, it only works if it stays ahead of the threats. That is why we are introducing regular updates to your anti-phishing words, starting May 5, 2026.
Why update them?
Your anti-phishing words are a shared secret between you and us. The longer a secret stays the same, the more opportunities there are for it to be exposed. Maybe you saved it in a note that someone else saw. Maybe it was visible on a screen. Maybe an old email with your words in it was accessed by someone who should not have seen it. None of these are likely. But none of them are impossible either.
It is also just good practice on our end. Nothing online is fully secure. Not for you, not for us, not for anyone. Rotating shared secrets regularly is something we believe in as a principle, not just as a reaction to a specific threat. It keeps things fresh and limits the window of exposure if anything were ever compromised on either side.
In Bitcoin, we do not wait for something to go wrong before we act. We prepare. Rotating your anti-phishing words on a regular basis means that even if your current words were somehow compromised, the old words stop working. The new words take over. Anyone who had the old ones can no longer use them to impersonate us.
Think of it like changing your passwords. You do not wait until someone breaks into your account. You rotate them because it is good practice.
How often will we update them?
At minimum, once a year. Sometimes more frequently if we believe it is necessary. We will always notify you in advance when an update is coming, and we will always send you both your old words and your new words in the same email so you can verify the update itself is legitimate.
What happens on update day?
On the day of the update, you will receive an email from us containing:
- Your current (old) anti-phishing words, so you can verify the email is real
- Your new anti-phishing words, which will be used in all communication going forward
From that point on, any email from us will use your new words. If you receive an email using your old words after the update, treat it as suspicious.
What you need to do
When you receive the update email:
- Verify it is real by checking that your current anti-phishing words are correct
- Save your new words in a secure location (password manager, secure note, or offline record)
- Replace the old words wherever you have them stored
- Going forward, check for the new words in every email from us
That is it. Takes less than two minutes.
What if you miss the update email?
If you do not see the update or you are unsure whether your words have been changed, contact us directly at info@thebitcoinway.com and we will confirm your current words.
A reminder of how the system works
- Every direct email from us includes your unique anti-phishing words
- If the words are correct, the message is from us
- If the words are missing or wrong, the message is not from us. Do not reply, do not click links, do not share any information
- The only exception is automated scheduling emails from Cal.com, which do not include anti-phishing words because their system does not support it
- We will never ask for your seed phrase, private keys, or wallet passwords. Ever. There is no legitimate reason for anyone to request these.
Why this matters
Phishing attacks in the Bitcoin space are getting more sophisticated. They look professional. They use familiar language. They create urgency. And they work, because most people do not have a reliable way to verify whether a message is real.
You do.
Your anti-phishing words give you a simple, definitive answer every time. And by rotating them regularly, we make sure that answer stays reliable.
This is how we operate. Verify, do not trust.