Pages:
Author

Topic: How to avoid getting your exchange account HaCkEd or pHiShEd - page 2. (Read 583 times)

legendary
Activity: 1288
Merit: 1926
฿ear ride on the rainbow slide
Scammers are very sly - can you spot the difference between the real https://www.cryptopia.co.nz  and the fake https://www.cryptopía.co.nz ?
Click on them and see the difference.

Often users think that their accounts are getting hacked or the exchange has been compromised. This is usually not the case. Most of the time users have been the victim of a phishing scam. Some quite basic but often quite sophisticated.


  
Some exchanges do not have a phone app - MOST advertised apps are scams
Be extremely careful clicking links from search engines - popular search engines like Google and Bing have scam sites listed.
Most exchanges do not have a support phone number - phone numbers advertised on third party sites or forums are usually scams
Official Twitter accounts are often spoofed - Make sure the twitter account is REAL and not a scammers CLONE. Differences are often very subtle.
Cryptopia does NOT have 2FA via SMS - this is a scam
Exchanges send emails using their registered domain - anything else is a scam. [email protected] is not real.
Also make sure that the email is not spoofed - it may look like the genuine sender. Don't click on links in emails.
BOTs are great but also carry risk - If you use a BOT you may get scammed. Free BOTs are often a scam.
Exchange staff will NEVER ask for your password or 2FA - if you give it to someone you will get scammed
 
The ONLY safe way to resolve a support issue is through a support ticket on the site you have the problem with.
Social media and forum help is unable to be safely verified. - You won't know for sure if they are staff or a scammer.
Social media accounts have been hacked and fake accounts have been verified by twitter.


 


People need to take more security precautions:  
Use google Authenticator or alternative DYNAMIC 2FA.
Use an email account with 2FA enabled and used the highest security settings that is not used for anything other than the exchange.  (gmail or protonmail)
Do not use apps on your phone if you use your phone for Crypto or the crypto email. Scam apps target crypto users.
Other apps on your phone can compromise the security of your phone.
Do not have Crypto wallets on the computer you use for account access.
BEWARE : Some coin personal wallets contain viruses and keystroke loggers that may steal the information from your computer.
Have a firewall, anti virus and anti malware from a reputable provider.
Do not click on links from seach engines or other sites to go to your exchange.
Always check the site security certificate.
Do not use bots unless you are 100% certain the bot is safe. Limit bot access to your funds by having multiple accounts. Most advertised bots are scams and will steal your crypto. Only get your bot from a reputable vendor.
Avoid WIFI - public wifi and unsecured WIFI is very unsafe. All WIFI is vulnerable.
Do not log onto and exchange with computers you don't own or have full control over.
NEVER EVER give your password or 2FA to someone else.
Use different email addresses and different passwords for different exchanges.



Scammers are now using DODGY security certificates. Make sure the security certificate is from the correct certifier.
 
TROJAN ALERT: https://www.bleepingcomputer.com/news/security/evrial-trojan-switches-bitcoin-addresses-copied-to-windows-clipboard/ is a trojan virus which changes any cryptocurrency address that is on your clipboard to a different address - ALWAYS take care to ensure the address that has been entered is the one you're intending to send to.


  
Using a pin for 2FA is not recommended. It is easy for a hacker to use a keystroke logger on your computer to gain access to your password and pincode.
Some recent coin wallets have had keystroke loggers and viruses built into them. For this reason you should never have coinwallets on the computer you use to access an exchange.
 

 
An exchange has no way of identifying a thief if they use valid logon credentials. It is like when your bank card AND PIN have been stolen - the ATM or bank is not at fault.
If you visit a scam site that looks like your exchange you are giving the scammer your email address, password and 2FA
That is not hacking - it is known as phishing. The exchange has no way of knowing that a scammer has all your VALID login cerdentials because YOU have accidentally given it to them.
For this reason you should take extreme care in keeping your logon credentials safe. For extra security use a unique email address that you only use for only one exchange. Have 2FA enabled on that email addres as well. SMS reset or SMS for 2FA is not particularly safe.


 
https://haveibeenpwned.com/ You can check here if your email address has been compromised by a previous hack.
Unfortunately if your account has been phished the scammers remove the funds within a few minutes. (Unless your withdrawal limit prevents them for doing this). All phishing attacks should be reported to the police.
 

https://chrome.google.com/webstore/detail/metamask/nkbihfbeogaeaoehlefnkodbefgpgknn  Metamask chrome (also available for firefox) can warn you about phishing sites.
 
IMPORTANT: If your email has been hacked or you have been phished please make a support ticket immediately. Change your password and 2FA immediately on your exchange account AND your change the email address you use for the exchange.
 
A great 'one stop shop' for everything you need to ensure your account has security wise:



EDIT: Added image:



Source:
Scammers spoofing cryptocurrency exchanges
My earlier post on another forum
Pages:
Jump to: