In January, the operators of the LockBit ransomware exposed the data of users of the BTC-Alpha crypto exchange to the public, and in February they stole the database of the PayBito platform.
Cryptocurrency exchange CEO KuCoin Johnny Liu explains what phishing is and how to avoid such attacks.
What is phishing
Phishing (phishing from English “fishing”) is a type of Internet fraud in which an attacker tries to gain access to confidential user data using social engineering.
Most often, ransomware sends messages to users on behalf of brands or services, but they can also call on behalf of local banks.
Typically, the letters contain links to clone sites, where the user is prompted to enter a login, password, card number or CVV/CVC.
The main tools of phishing are fear and greed. Fraudsters make incredibly profitable offers or threaten to lose – funds or account. At the same time, they create an atmosphere of an urgent situation, for example, they ask you to urgently follow a link, enter a card number or wallet address.
Other signs of phishing:
- letters from colleagues and clients that are not related to your competence;
- messages about winning money or a prize in a lottery;
- recipients of the letter in the “Cc” field, which you do not know;
- the tone of the letter, inspiring fear;
- requests to transfer personal data;
- unusual investments;
- mangled links to a resource.
Phishing is still associated with “Nigerian emails”, but now the phenomenon has become widespread and has reached the cryptocurrency industry. This year alone, hackers attacked users of the Treasure, OpenSea and Binance platforms.
Countering attacks
Pay attention to everything that seems strange and unusual. Remember that banks, shops and trading platforms never ask for personal information, and crypto exchange support staff do not write first.
If this happens, close the letter or hang up, and then contact the company representative at the phone number listed on the official website.
Set complex passwords on sites and use two-factor authentication – via email, SMS or Google Authenticator.
Always check the site’s SSL certificate: its presence confirms that the domain name has been verified by the certification authority, and the transmitted data is encrypted.
If the site has a certificate, a padlock icon is displayed next to the address in the browser. You can click on it to see who issued the certificate.
Bookmark the addresses of frequently used platforms to make sure they are correct when you sign in to your account.
Never click on links in messages. If it’s really necessary, make sure the URL is correct, including on buttons like “Confirm” or “Cancel payment”.
“Due to the rise in phishing attacks, KuCoin has implemented additional security checks. For example, when receiving a letter or message, users can verify that the contact information is correct. To do this, you need to insert it on a special page Official Media Verification‘ explains Johnny Liu.
KuCoin users can check the exchange website, phone number, authentication code, WeChat, Twitter, and Skype accounts.
In addition, KuCoin allows you to set an Anti-phishing Safety Phrase in your account security settings. The exchange will add it to emails and display it when you enter the site.
The absence of the phrase means that you received a phishing email. In this case, you need to close the page and do nothing on it.
Familiarize yourself with the platform’s security system in advance. The lack of 2FA or withdrawal confirmation is a warning sign.
“KuCoin boasts cutting-edge security technology. Our team is constantly updating security systems to ensure the safety of users’ assets and personal data. We use tools that allow attackers to avoid access to sensitive information, as well as eliminate the possibility of its leakage, ”says the CEO of the crypto exchange.
Last but not least is learning new information, which is why KuCoin regularly publishes anti-scam articles in company blog.
We eliminate the consequences
What to do if the attack did occur? Johnny Liu advises you to immediately contact the service support service to freeze your account.
After that, it is necessary to change the password and security settings, for example, connect additional confirmations of your actions on the platform.
Subscribe to the Cryplogger channel at YouTube!
Found a mistake in the text? Select it and press CTRL+ENTER
In January, the operators of the LockBit ransomware exposed the data of users of the BTC-Alpha crypto exchange to the public, and in February they stole the database of the PayBito platform.
Cryptocurrency exchange CEO KuCoin Johnny Liu explains what phishing is and how to avoid such attacks.
What is phishing
Phishing (phishing from English “fishing”) is a type of Internet fraud in which an attacker tries to gain access to confidential user data using social engineering.
Most often, ransomware sends messages to users on behalf of brands or services, but they can also call on behalf of local banks.
Typically, the letters contain links to clone sites, where the user is prompted to enter a login, password, card number or CVV/CVC.
The main tools of phishing are fear and greed. Fraudsters make incredibly profitable offers or threaten to lose – funds or account. At the same time, they create an atmosphere of an urgent situation, for example, they ask you to urgently follow a link, enter a card number or wallet address.
Other signs of phishing:
- letters from colleagues and clients that are not related to your competence;
- messages about winning money or a prize in a lottery;
- recipients of the letter in the “Cc” field, which you do not know;
- the tone of the letter, inspiring fear;
- requests to transfer personal data;
- unusual investments;
- mangled links to a resource.
Phishing is still associated with “Nigerian emails”, but now the phenomenon has become widespread and has reached the cryptocurrency industry. This year alone, hackers attacked users of the Treasure, OpenSea and Binance platforms.
Countering attacks
Pay attention to everything that seems strange and unusual. Remember that banks, shops and trading platforms never ask for personal information, and crypto exchange support staff do not write first.
If this happens, close the letter or hang up, and then contact the company representative at the phone number listed on the official website.
Set complex passwords on sites and use two-factor authentication – via email, SMS or Google Authenticator.
Always check the site’s SSL certificate: its presence confirms that the domain name has been verified by the certification authority, and the transmitted data is encrypted.
If the site has a certificate, a padlock icon is displayed next to the address in the browser. You can click on it to see who issued the certificate.
Bookmark the addresses of frequently used platforms to make sure they are correct when you sign in to your account.
Never click on links in messages. If it’s really necessary, make sure the URL is correct, including on buttons like “Confirm” or “Cancel payment”.
“Due to the rise in phishing attacks, KuCoin has implemented additional security checks. For example, when receiving a letter or message, users can verify that the contact information is correct. To do this, you need to insert it on a special page Official Media Verification‘ explains Johnny Liu.
KuCoin users can check the exchange website, phone number, authentication code, WeChat, Twitter, and Skype accounts.
In addition, KuCoin allows you to set an Anti-phishing Safety Phrase in your account security settings. The exchange will add it to emails and display it when you enter the site.
The absence of the phrase means that you received a phishing email. In this case, you need to close the page and do nothing on it.
Familiarize yourself with the platform’s security system in advance. The lack of 2FA or withdrawal confirmation is a warning sign.
“KuCoin boasts cutting-edge security technology. Our team is constantly updating security systems to ensure the safety of users’ assets and personal data. We use tools that allow attackers to avoid access to sensitive information, as well as eliminate the possibility of its leakage, ”says the CEO of the crypto exchange.
Last but not least is learning new information, which is why KuCoin regularly publishes anti-scam articles in company blog.
We eliminate the consequences
What to do if the attack did occur? Johnny Liu advises you to immediately contact the service support service to freeze your account.
After that, it is necessary to change the password and security settings, for example, connect additional confirmations of your actions on the platform.
Subscribe to the Cryplogger channel at YouTube!
Found a mistake in the text? Select it and press CTRL+ENTER
