KuCoin English Community Mini AMA Session — Be Vigilant of Phishing Attacks

2022/08/29 07:01:43

Dear KuCoin Users,

Time: August 26, 2022, 10:00 AM - 10:36 AM (UTC)

KuCoin Community Admins hosted a Mini AMA (Ask-Me-Anything) session in the KuCoin Exchange Group, tackling the different types of phishing attacks, how to avoid them, and how everyone should secure their crypto assets.


One could argue that the future of the internet is inherently secure because it is built on blockchain technology. But the truth is that people will always be susceptible to deception, which is why phishing is still one of the most common attack methods.

The new scheme also gives attackers the ability to remain anonymous, and stolen possessions are typically irrecoverable.


Melanie White — KuCoin Exchange Telegram Group Administrator

Q&A from KuCoin

Q: Kindly note some relevance of cryptocurrency investment scams to the current social market's status quo.

Melanie: Recently, many KuCoin users have been scammed through different fraudulent situations.

Several reports came from phishing sites.

Others are manipulated to unsourced information and get phished by numerous fake KuCoin Twitter pages,

There are even scammers out there acting as an Official KuCoin Admin or Support.

Anyone who claims to be a staff member initiates a private chat, even if they pass the verification, users also should go to the online customer service to confirm their identity or check with the tg group administrator. Anyone who actively seeks your listing is a liar.

We also have received countless reports of fake activity sources from the KuCoin Community.

Some perceived the opportunity to confirm the aforementioned profiles with us, and the rest are stories. The common dilemma surrounds, and from simplest actions, we can minimize this stigma.

In order to increase everyone's vigilance, enhance the ability to identify scam news, and also for the safety of your account and funds, we have prepared this AMA, hoping to help everyone avoid scams.

Q: What is a Phishing Attack?

Melanie: A phishing attack is a form of social engineering attack that aims to obtain sensitive information about your accounts, such as your private keys, username, passwords, and other details about your wallet.

According to CheckPoint research, crypto phishing attacks that use Google Ads to position themselves on top of searches could steal over $500,000 in a matter of days. In another instance, a hacker stole $55 million from bZx - all by catching just one developer in the scam.

While phishing attacks try to obtain information about all your accounts, we will focus on protecting your crypto assets from the related attacks.

Here are the different types of attacks:

Users often fall victim to phishing attacks through a variety of methods employed by scammers, such as:

➢ The use of email spoofing

➢ The creation of a fake website

➢ Sending instant messages with a fake link

➢ Social websites with fake links to exchanges and your wallet

➢ Chat with a fake support team

➢ Wi-fi phishing attacks designed to obtain information about your cryptocurrency wallet

Q: How Does KuCoin Protect its Users from Phishing Attacks?

Melanie: Luckily, when you trade through the KuCoin Exchange, there are multiple ways to prevent phishing.

1. Official Media Verification

Whenever you get contacted by social media accounts or emails providing you with a link that you should use to log in, you can verify whether this belongs to KuCoin or is simply a scam link through this link from the official KuCoin website.

This is how the page looks like.

Just simply paste the @username, email, or the link here to check if it is official and legit. For example: @MelanieWhite

2. Bookmark KuCoin Official Site

Every time you log into your account, we recommend double-checking that you are visiting the correct KuCoin website. You should bookmark it right away. Check the URL address. It should start with "https://."

3. Site Certificate

You can also check the Site Certificate to see whether a website is safe to visit. For example, if you are using Google Chrome, you can click on the security status in the left part of the web address (a lock indicates that the website is secure). If you are using a different browser, please look at how to view the Site Certificate in your browser’s settings.

4. Anti-phishing Safety Phrase

In addition, KuCoin offers a security service of Anti-phishing Safety Phrase. In order to avoid phishing emails and phishing websites, it's highly advisable to set a security anti-phishing safety phrase (such as a motto, etc.) on your KuCoin account.

That way, when you log into the website or receive an email, it will display in the email from KuCoin or the login window. If the safety phrase is not shown or incorrect, it means that you are on a phishing site or have received a phishing email, then please do not proceed any further.

These tools can only help with some cases, and the users must do their due diligence to protect themselves from attacks.

Q: Kindly share some more tips to avoid phishing attacks.

Melanie: With attackers becoming smarter and more advanced with how they carry out such attacks, it is important for you to know exactly how you can prevent yourself from becoming a target.

Some tips and advice that you must definitely follow while accessing your cryptocurrency online have been discussed below.

Tip #1: Identify and Avoid Fake Ads in Search Engine

When typing ‘KuCoin’ into a search engine (i.e. Google) or heading to any link sent to you from an external source or website, make sure to double-check if the URL is legitimate. Likewise, exercise extreme caution when clicking on Google Ads, and make sure that you check the URL is legitimate, as phishing sites have been known to place fake advertisements.

Tip #2: Create Strong Passwords

One of the most fundamental ways in which you can keep your wallet safe from malicious hackers is to create and use strong passwords for all your crypto-related accounts and wallets. This will prevent hackers from using brute force attacks to try and guess your password so that they can steal your money.

Whenever you create an account on a cryptocurrency exchange (or a wallet of any kind) in order to trade, make sure that your password and code are not something that can be easily guessed.

A recent study shows that more than 50% of users recycle their passwords across different accounts, which is a weak security measure that makes it easier for scammers to gain access to your details and, subsequently, your wallet.

A strong and secure password or code usually has over 10 characters, with a combination of letters, numbers, and special symbols. Most password generators on the Internet can easily provide you with such passwords that will keep your data secure and ensure a high level of security on your wallet address.

Tip #3: Use a Password Manager

When you decide to use a variety of complex private keys and passwords to keep your cryptocurrency accounts secure, it might not be easy to remember them all. This is where software such as password managers comes into play.

By using a password manager, you can ensure that you never have to remember the credentials for your wallet while still maintaining a high level of security. This will prevent malicious scammers from being able to steal your cryptocurrencies.

Tip #4: Using Autofill to Prevent Phishing

An additional advantage is that since most password managers have Autofill options to enter your credentials whenever you wish to sign in, they can help you spot fake websites with a page that may have been designed to look like your crypto exchange.

Therefore, since your manager will not Autofill your credentials on such sites, you could spot such schemes and be safe.

Tip #5: Enabling Two-Factor Authentication

At the same time, another important measure you should take is to enable two-factor authentication on your account to add another layer of security to protect your data and your digital assets.

This will ensure that no one can access your account or withdraw funds from your crypto wallet without entering a code sent to your phone or any other device of your choosing.

Doing this will require the phishing hackers to access your phone even if they somehow gain access to your key and other data.

Tip #6: Question Everything

Lastly, an important way to ensure that you do not fall victim to such scams is to simply question everything. Here's what you can pay attention to:

A. Suspicious Emails

For example, if you get an email telling you that your account has been locked, make sure that it is from the official email address of your crypto exchange.

Similarly, before clicking on any links to a page that you might receive via the site or through social media, make sure that they are legitimate.

B. Don't Provide Your Code and Login Details

The same also applies to providing your login details on any website. Usually, people who fall victim to phishing do not check to see if the website to which they provide their data is legitimate or not, which leads to them losing money.

Additionally, make sure to use a secure and trustworthy email service provider, and if you use a self-built email server, be sure to enable DKIM, DMARC, and SPF.

C. Anti-Phishing Tips - Walkthrough

Here are some tips for when you receive communication from your exchange, whether through email or through their social media:

➢ Check whether you have been contacted by the official account or email.

➢ Make sure that the URL for the page you are led to is exactly the same as your exchange's and not something similar.

➢ Ensure that the communication style and language are consistent with previous messages you may have received from the company and that it does not resemble messages from scammers and attackers.

➢ Check whether your browser remembers visiting this website in the past. If you are led to your exchange's web page, then your browser will recognize the company.

➢ Do not send any cryptocurrencies to users you do not recognize. No exchange will ever contact you to say that your account has been blocked and can be fixed in exchange for money. If you get an email like this, It is probably sent by malicious attackers who wish to steal your funds by accessing your wallets.

➢ Install good antivirus software on your device to ensure that you can easily detect any email which contains malware or leads to sites that could put your PC at risk by introducing malware.

Q: Who are the administering groups and how do you help the community fight fraudulent schemes in the KuCoin Exchange Telegram Group?

Melanie: As we all work hard in timely reminding everyone, to the extent of reiterating the prompts to our beloved telegram group members; always keep in mind that:

In our Telegram groups, there are two types of administrators — Community Admins and KuCoin Musketeers. The former will be your first-hand attendant to any of your concerns. On the other hand, the latter is our KuCoin supporters who served as volunteers in KuCoin official telegram groups. Whenever you have any questions about KuCoin and its services, you can freely ask for help from our admins in the group. For product-related inquiries, our KuCoin Musketeers will shoot you best. You are more than welcome to let them help you as many times as possible.

Official KuCoin Admins will NEVER private message you or call you on Telegram and will NEVER ask for your personal information, including KuCoin UID, password and verification codes, etc.

So, please be careful and always stay vigilant. We do not provide customer support via Telegram. Instead, please open a ticket with our official support system on the KuCoin website or in the app.

If you are approached privately by someone claiming to be a KuCoin Admin or Support, please do not respond to them as they are trying to scam you. Do not disclose any of your personal information.

Please use our Telegram Bot (@KucoinCommunityBot) or official verification website (Official Media Verification | KuCoin) to verify if the message is from an official KuCoin admin or if he is an official KuCoin admin.

📣Final tips for you:

1️⃣ Don‘t click any unknown or illegal URL

2️⃣ Never respond to any spam

3️⃣ Don’t set passwords like ABC, AAA, 123, and 111

4️⃣ Don’t disclose your personal information to any unknown person, including those claiming to be KuCoin officers

5️⃣ Don’t click on unknown links in any suspicious emails from unknown sources

6️⃣ Do not open attachments in these suspicious or strange emails

7️⃣ Don't trust anyone who asks for private information such as account passwords or SMS codes

8️⃣ Don’t send cryptocurrencies to strangers

9️⃣ Don’t download and install the KuCoin App through unknown links

🔟 Don't scan QR codes from unknown sources to prevent personal information leakage

. . .

If you haven’t got a KuCoin account yet, you can sign up here!

Follow us on Twitter, Telegram, Facebook, Instagram, and Reddit.