Phishing attacks in crypto have been a hot topic for quite some time but with crypto going mainstream in the last two years it has become a major concern for retail as well as institutional users around the globe.
Scams and phishing attacks can take on many disguises but it is mainly the new unsuspecting retail investors that are flocking into the crypto space that are easy pickings for scam artists and fraudsters.
One of the major concerns is how to secure individual investor accounts on many of the large crypto exchanges where security of tokens and funds has become a major issue. One such exchange that has had it’s fair share of hacks and challenges is the KuCoin Exchange.
Social engineering techniques are being extensively applied by all sorts of malignant entities operating on the cryptocurrency market. One of the most common and increasingly applied types of attacks relying on social engineering is phishing.
Considering the recent reports received by KuCoin Group from users regarding attempts made by some websites to use the KuCoin trademark to conduct phishing attacks with the intent to steal the sign-in credentials of KuCoin users, we are releasing a guide aimed at informing about the potential dangers of such actions and the ways of preventing them.
Has KuCoin ever been hacked?
Phishing entails the attacker sending a specifically tailored, inherently fraudulent message to the victim in an attempt to trick them into revealing some personal or sensitive information, such as passwords, private keys, or other details. Once the information is obtained, the attacker can use it to launch an attack using malicious software onto the victim’s computer system and deploy any kind of ransomware.
Phishing is becoming a considerable threat, as it is the simplest type of attack to deploy and has the highest chance of success, given the overall low level of cybersecurity knowledge and awareness among most internet users. A recent report released by Chainalysis states that the NFT market showed performance in excess of $44.2 billion at the end of 2021, but another report by Palo Alto Networks revealed that over 90,000 of the NFTs on the market were fake, or were subject to phishing attacks. Such attacks were also used to steal over $1.7 million worth of NFTs from the OpenSea marketplace on February 19, 2022.
Can KuCoin be trusted?
The ways of protecting an account from phishing attacks start from prevention, which has always been the most effective means of protection. KuCoin urges its users to resort to both preventive and protective measures to avoid becoming the victim of phishing.
Know The Source
The abundance of spam and letters being sent to email accounts raises the issue of their authenticity and safety. We advise users to always check the source of the email or websites they visit before opening them and avoid fake ads in search engines. The only official website of the KuCoin exchange is www.kucoin.com, which has a Site Security Certificate next to it in the address bar in the form of a lock.
Even the slightest deviation in the address details, URL, its lettering or spelling can signify that the website is a phishing source. The contents of a legitimate email sent by KuCoin will never contain requests from passwords or other information of a sensitive or personal nature. The same can be said of websites, which users should always check before visiting. Effective firewalls and anti-virus packages often come with website scanning tools that prevent users from visiting known or reported phishing sources.
Check the correctness of the website address and the URL link
In case users receive an email from KuCoin informing them about device/IP changes that were not requested, there is a high chance that the account has been compromised and the only way to proceed is to contact the official support service.
Never click attachments in emails
Attachments sent in emails must be approached with extreme caution and avoided, if possible. Phishing emails rely on the immediate deployment of malware that is released once the victim opens an attachment. The same applies to websites and other sources of content that can encourage users to click on various buttons, file folders, or urge them to download “proprietary” software. We strongly recommend our users double-check a button or a link before clicking it.
Always check the link before clicking on it
Always use the KuCoin official website to sign in and trade. Make sure to add the KuCoin official website to your browser’s bookmarks to reduce your chances of encountering phishing sites.
Keep protection up to date
Though antivirus software cannot stop or prevent phishing attacks, it will protect users from malware. Though the attackers are constantly developing new types of malware and ransomware, the databases of reputable antivirus software companies are being updated in real-time once a new type of threat is identified. Setting the updates of such antivirus and protection software to automatic mode is an added layer of security that ensures the availability of real-time connection to malware databases.
Use several layers of protection
Email addresses are extremely vulnerable to attack, as are their access credentials. Should an attacker gain access to a password, the email address and all associated login details will be compromised, potentially giving the attacker access to funding repositories. Users are urged to use two-factor authentication, or multi-factor authentication via such tools as Google Authenticator.
Strong passwords are merely one step in the protection process, which must be backed by physical availability to the device containing backup or second-layer verification that the hackers cannot access. Using a password manager software package is a good means of keeping track of complex passwords. KuCoin also recommends its users to set up a safety phrase under the Security Setting for preventing access to phishing websites. Another factor is autofill for passwords, which will never be inserted on a phishing website automatically.
Back up all data
All-access details must be backed up by physical copies. Users are advised never to keep any digital copies of access credentials written down in any draft emails or text files, especially entitled “passwords”, “private keys”, or in any other fashion that can attract the attention of a potential attacker. Should a mobile device, email account, or computer be compromised via a phishing attack, the hackers will immediately gain access to all the data stored within, placing all other user accounts at risk. External hard drives that are not connected to the internet, copybooks, or cloud storage drives are the most secure means of data backup.
Steps To Undertake In Case a Phishing Attack Is Suspected
If you encounter any unverifiable information, you can find __the official customer service __through the official KuCoin APP for verification. If users suspect that they are being subjected to a phishing attack, the first step is to properly analyze the information under suspicion, in case of emergency, users could freeze their account by themselves first. Any email containing questions of a personal nature about account availability on specific websites or platforms, about password details, or with requests to open attachments is very likely a phishing scam letter.
However, if users accidentally or unknowingly answer such an email or open an attachment, the first thing to do is clear your browser’s cookies, and reset your KuCoin sign-in password, google authentication and trading password if you have clicked suspicious links. And check whether there are pending orders, withdrawals, API creation, trusted devices, etc. if those are not operated by yourself , please delete them immediately . Next, contact all banks and other potentially affected account organizations and ask them to initiate an access code change procedure. The infected device must be immediately disconnected from the internet or switched off.
KuCoin users are urged to immediately contact all managers and support staff of potentially affected accounts and request them to assist with credential change procedures, providing appropriate identification. The infected device must be scanned for malware and, in some cases, formatted.
Phishing attacks are a threat to all users of online space. There is no way of eliminating the threat, as the hackers are developing an ever-growing arsenal of instruments and preventing them from deploying such malware is both digitally and physically impossible. Considering the very real threat of phishing, KuCoin advises its users to remain vigilant and apply a series of proper protective measures to safeguard their accounts. If the users believe that they have encountered a page designed to look like another page in an attempt to steal their personal information, please click here to report phishing.