Pages:
Author

Topic: How to avoid getting your exchange account HaCkEd or pHiShEd (Read 597 times)

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
If you don't have referral for other users here in crypto better for you to read first their social site because there's a link about there site so for your security and assurance that their site or that's real,In 2fa i think create an account with different yahoomail and password then create again if you going in other site or use other site

Always create separate email addresses for exchanges. Also don't link your mobile phone number to the email address as it can often be used to get a password or account reset text. Phone-jacking is getting more common. Often only the ESN number of the phone is required to get the number ported to another phone.
full member
Activity: 1330
Merit: 147
Hopefully this will stop some people from getting scammed.
Well done, I like what you wrote in this article and I'm sure it will help many people to avoid scammed from every site. All we know scammed is the most feared thing for every good person who is a long time user of cryptocurrency and especially for new people and they want cryptocurrency as their investment place. And with this article will at least restore their confidence in cryptocurrency.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Hopefully this will stop some people from getting scammed.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Are any of those google ads safe to even click on even if they are the real site?
Some are legit Some are not but the best thing to do is neglect those sites which are commonly placed on the top and this is the thing ive been doing eversince even if the url link is right. I do make a habit on inputting the exact link on url bar. Google searches is only being used on my part when it do search up some things not totally being used on accessing any sites.

Avoiding on not to be hacked or phished? Then its always set out the best security among of your account 2fa, strong passwords,clean computer.

The advertisements are easier to fake than search results. So using a search result often is safer than clicking an advertisement.

I agree  - 2fa, strong passwords and a clean computer. + Current antivirus from a reputable vendor.

Use dynamic 2FA like google authenticator rather than a static 2FA method.
hero member
Activity: 3010
Merit: 794
Are any of those google ads safe to even click on even if they are the real site?
Some are legit Some are not but the best thing to do is neglect those sites which are commonly placed on the top and this is the thing ive been doing eversince even if the url link is right. I do make a habit on inputting the exact link on url bar. Google searches is only being used on my part when it do search up some things not totally being used on accessing any sites.

Avoiding on not to be hacked or phished? Then its always set out the best security among of your account 2fa, strong passwords,clean computer.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Are any of those google ads safe to even click on even if they are the real site?

Technically, you don't know beforehand if the ad you are about to click on refers to a site that doesn't contain crap that directly infects your computer or whatever other device. You'll only find out if it's safe or not after you clicked on it. It's literally Russian roulette; you'll either regret it or not. Google doesn't care about what you do with your ad space, they just want you to pay. If later turns out you are abusing their ad space they simply banish you.

Google knows that there is heavy abuse going on, but they don't care. If they were selective and strict about who they sell their ad space to, they likely wouldn't be able to sell 50% of what they today manage to sell. Their logic is that abuse can be dealt with later on, and it works for them. No one here should expect Google to protect you.

https://www.virustotal.com/ is an free online scanner that allows you to scan without loading it onto your computer. I use it for a pre-scan when I am suspicious of a site or link.
legendary
Activity: 2170
Merit: 1427
Are any of those google ads safe to even click on even if they are the real site?

Technically, you don't know beforehand if the ad you are about to click on refers to a site that doesn't contain crap that directly infects your computer or whatever other device. You'll only find out if it's safe or not after you clicked on it. It's literally Russian roulette; you'll either regret it or not. Google doesn't care about what you do with your ad space, they just want you to pay. If later turns out you are abusing their ad space they simply banish you.

Google knows that there is heavy abuse going on, but they don't care. If they were selective and strict about who they sell their ad space to, they likely wouldn't be able to sell 50% of what they today manage to sell. Their logic is that abuse can be dealt with later on, and it works for them. No one here should expect Google to protect you.
full member
Activity: 1792
Merit: 186
Are any of those google ads safe to even click on even if they are the real site?
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
I wouldn't click on any google ads, ever. Even if the link in the ad seems perfectly legit and not a phishing site, you're just a lot safer if you just avoid clicking on them altogether.

Also, I'd be very careful of registering with the email (and password, which goes without saying) that you use on exchanges on shady sites. Use a throwaway email instead. Not only will you get spam, you may get attempts at logging into your exchange accounts that may or may not succeed, if the owner of that shady site decides to do malicious things with it.

Quote
Vitalik "Not giving away ETH" Buterin

Similar thing happened with the Binance founder, CZ. All of his posts and Binance updates were flooded with comments that suggested they were holding a giveaway or whatnot, which forced him to essentially change his twitter name to indicate that he's not giving away coins.

The main reason for posting this is to ensure that people who are new to Crypto don't lose their Crypto to phishing scams.

I have close ties to a number of exchanges (both centralized and DEXs). I have seen a lot of users get phished. Phishing is a multi-million dollar criminal enterprise that give crypto a bad name.
hero member
Activity: 1526
Merit: 596
I wouldn't click on any google ads, ever. Even if the link in the ad seems perfectly legit and not a phishing site, you're just a lot safer if you just avoid clicking on them altogether.

Also, I'd be very careful of registering with the email (and password, which goes without saying) that you use on exchanges on shady sites. Use a throwaway email instead. Not only will you get spam, you may get attempts at logging into your exchange accounts that may or may not succeed, if the owner of that shady site decides to do malicious things with it.

Quote
Vitalik "Not giving away ETH" Buterin

Similar thing happened with the Binance founder, CZ. All of his posts and Binance updates were flooded with comments that suggested they were holding a giveaway or whatnot, which forced him to essentially change his twitter name to indicate that he's not giving away coins.
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Great, informative post.

Hacking isn't really as prevalent today, or as damaging as phishing does to crypto exchange users, due to the sheer amount of phishing scams out there in every shape or form possible trying to get your money.

The most common scam that I see people falling for is probably the good ol' google ads phishing site, which is also mentioned in your OP. Part of the problem is that google doesn't check the legitimacy of the URL before listing it on their ad platform. That's why you should always remember the official URL of your exchange, and try to type it in every time, or even bookmark it, instead of searching for it on google. Even if you do search for it, don't click on any ads.

Also, another phishing scam would be impersonators in twitter comments posing as exchange management giving away coins. They'll use a similar name in their profile as the official exchange twitter account. These are quite obvious, but some people still fall for it - just be aware.

It's your money on an exchange, you should take an active effort to protect it.



The reason phishing is more popular than hacking is because it is relatively unsophisticated compared to hacking. Exchanges have relatively secure websites that are hard to hack and often are independently penetration tested - users are the easiest target and can get fooled into giving away their login credentials.

I've added this image - while it isn't phishing people for their account access - it is a common scam involving exchanges.

Yeah the twitter scam is a common one. So much so that Vitalik Buterin renamed his twitter account:
Quote
Vitalik "Not giving away ETH" Buterin

hero member
Activity: 1666
Merit: 753
Great, informative post.

Hacking isn't really as prevalent today, or as damaging as phishing does to crypto exchange users, due to the sheer amount of phishing scams out there in every shape or form possible trying to get your money.

The most common scam that I see people falling for is probably the good ol' google ads phishing site, which is also mentioned in your OP. Part of the problem is that google doesn't check the legitimacy of the URL before listing it on their ad platform. That's why you should always remember the official URL of your exchange, and try to type it in every time, or even bookmark it, instead of searching for it on google. Even if you do search for it, don't click on any ads.

Also, another phishing scam would be impersonators in twitter comments posing as exchange management giving away coins. They'll use a similar name in their profile as the official exchange twitter account. These are quite obvious, but some people still fall for it - just be aware.

It's your money on an exchange, you should take an active effort to protect it.
legendary
Activity: 1526
Merit: 1179
I actually did spot the minor differences pretty easily, but that's mainly due to how extremely paranoid I am. On the other hand, I can understand why newbies would and very likely regularly fall for these phishing sites.

I own a very powerful (non crypto) Twitter handle that from the looks is similar to the actual Twitter handle, but the way Twitter displays its lettering, the difference between my handle and the original one is minor.

I get follows and people actually tag my account thinking they are talking to the original one. If I had bad intentions, I could cause quite some damage, so I am actually glad that no one else can register it anymore.

I tried contracting the company to transfer it to them, but they aren't responding unfortunately.
sr. member
Activity: 2604
Merit: 338
Vave.com - Crypto Casino
Wow, man, great article! You put lot of effort to write it. I see that you detailed probably all aspects related exchanges accounts hacking/phishing attempts. But so far I haven't saw fake accounts of exchanges being verified by Twitter. Do you have some examples?
These hackers/scammers are getting really smart and they always find new ideas how to scam people. But the main problem that many people just aren't careful enough, they aren't following even basic security advises. It seems that some people will learn only when they will be scammed..

Very detailed which do really deserves a merit on the post he made.These are indeed phishing sites which some people do get victimized due to their carelessness and i dont know why most of them do tend to make a google search which even memorizing the correct url isnt really hard to do such thing. Expect for those scammers to level up on the way they do scam because if their method becomes obvious it wont really make money anymore for them.
legendary
Activity: 2702
Merit: 4002
Many scams have occurred because of this type of site.
Unfortunately, Google ads participate in this type of scam and do not delete this sites.
Using metamask for chrome & firefox will help you or edit your HOSTS file"C:\Windows\System32\drivers\etc" to ban/unban this sites.
Also, some traditional solutions have been spared a lot "Write the site manually."
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Wow, man, great article! You put lot of effort to write it. I see that you detailed probably all aspects related exchanges accounts hacking/phishing attempts. But so far I haven't saw fake accounts of exchanges being verified by Twitter. Do you have some examples?
These hackers/scammers are getting really smart and they always find new ideas how to scam people. But the main problem that many people just aren't careful enough, they aren't following even basic security advises. It seems that some people will learn only when they will be scammed..


The verification scams run at many levels.

https://www.coindesk.com/twitter-scammers-use-verified-accounts-trick-crypto-holders/ Fake verified Tron Foundation and its founder, Justin Sun

One scam was to get verified and then change the twitter name to who-ever they wanted to impersonate. A symilar method is used to get fake site security certificates.

https://www.siliconrepublic.com/enterprise/twitter-ad-verification [FAKE]twitterverifiedapplication.com[FAKE] is phishing users wanting to become verified.

Twitter suspended the verification scheme after verification of Jason Kessler. (One of the organizers of the white supremacist rally in Charlottesville).


I've updated the original post to include this example.
legendary
Activity: 3262
Merit: 1376
Slava Ukraini!
Wow, man, great article! You put lot of effort to write it. I see that you detailed probably all aspects related exchanges accounts hacking/phishing attempts. But so far I haven't saw fake accounts of exchanges being verified by Twitter. Do you have some examples?
These hackers/scammers are getting really smart and they always find new ideas how to scam people. But the main problem that many people just aren't careful enough, they aren't following even basic security advises. It seems that some people will learn only when they will be scammed..
legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
This is very useful post and I hope it will help someone to prevent hack or get victim of phishing. It is true that is very hard sometime to recognize true from fake site, very often it is a very small and almost invisible difference which can be deceive even some more experienced users. Fortunately Google should start to ban all crypto related ads from this month, so it is realistic to expect that the number of such frauds will be much smaller.

However, hackers will probably find some other ways to target crypto users in an attempt to steal them their money. Last picture shows all steps which user should take to reduced risk to a minimum, but in my opinion language barrier is something that prevents many people from fully understanding that this problem exists. Something like this should be posted in sticky thread of all local boards (translated).

I hope they do pin it or use it as a source for a pinned post. At least two exchanges have used one of my earlier articles as a source for their anti phishing tutorial and I've provided it to a few coin devs as well. I feel really sorry for the people that have been phished and do hope that it prevents a lot of people from being victims of theft.

I bet my life on this that you were a scammer and a phisher before you can deny by i know  Cool
Now after you made money you are trying to be an angel right? just wow!  Smiley

No matter how much I deny it - you won't believe me.  Cry

I've helped a lot of people who have been scammed. It was the motivation for the first article I wrote for a different forum last year and have been updating ever since.
Prevention is much better than trying to get it back. (very low chance)
Spammers and scammers are my nemesis.
newbie
Activity: 6
Merit: 0
I bet my life on this that you were a scammer and a phisher before you can deny by i know  Cool
Now after you made money you are trying to be an angel right? just wow!  Smiley
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
This is very useful post and I hope it will help someone to prevent hack or get victim of phishing. It is true that is very hard sometime to recognize true from fake site, very often it is a very small and almost invisible difference which can be deceive even some more experienced users. Fortunately Google should start to ban all crypto related ads from this month, so it is realistic to expect that the number of such frauds will be much smaller.

However, hackers will probably find some other ways to target crypto users in an attempt to steal them their money. Last picture shows all steps which user should take to reduced risk to a minimum, but in my opinion language barrier is something that prevents many people from fully understanding that this problem exists. Something like this should be posted in sticky thread of all local boards (translated).
Pages:
Jump to: