Learn & Earn Program | Earn Crypto While Learning

What is Phishing?

1. What is Phishing?

Phishing is a common type of online scam where hackers trick users into clicking on fraudulent links or disclosing sensitive personal information, such as asset account details, security settings, and passwords. This information is then used to steal the user's assets.

Phishers often spread fake links or customer service numbers through SMS, emails, and social media, making it difficult for users to distinguish between legitimate and malicious content. As an investor, how can you protect yourself from phishing attacks? This article summarizes common phishing techniques and offers security tips to help protect your assets.

2. Common Phishing Techniques

Common forms of phishing attacks include:

Phishing Website Scams (Fake Official Websites)
Phishing Emails/SMS (Impersonating Official Notifications)
Social Media Scams (Fake Customer Service, Fake Airdrops)
Voice Phishing (Vishing) (Phone Scams)
QR Code Phishing (Fake Recharge URLs)

The goal of attackers is typically to steal your account information, funds, or to implant malware for further control.

3. How to Prevent Phishing Attacks?

Ensure You Open the Correct Website:
1. It is recommended to copy the KuCoin website URL (www.kucoin.com) directly into your browser for added security. Using the latest version of Google Chrome is also recommended.
2. If the above website cannot be opened, try downloading the official client from the iOS App Store or Google Play Store.
Avoid Clicking Suspicious Links and Visiting Unsecure Websites: Protect your account credentials and avoid financial loss by steering clear of untrustworthy sites.
Protect Account Security Information and Security Verification:
1. Ensure your login name and password are unique and not used across multiple websites.
2. Safeguard and keep your private key and mnemonic phrase secret.
Avoid Using Search Engines to Find Platform Websites: Never log into a platform website without thorough verification to prevent entering a phishing site. It's recommended to manually type the official KuCoin website URL: www.kucoin.com
Avoid Entering Sensitive Information in Unsecure Environments: Especially for passwords, private keys, and other security-related data. Never share such information with others.
Use KuCoin’s Anti-Phishing Code Feature: Enable the Anti-Phishing Code in the KuCoin App under "Personal Center" > "Security Settings" > "Anti-Phishing Code." This ensures that emails and SMS messages from the platform contain your unique anti-phishing code. If the code is absent, the message may be a fake phishing email or SMS.
Verify “Official Contact” Information: If you receive a call, email, website link, or message from someone claiming to be an "official representative," you can verify its authenticity through KuCoin's official verification channels.
Check the Real Sender's Email Address: Scammers often disguise themselves as official representatives by manipulating the email "display name". For example, an email may appear to be from "KuCoin Official Support", while the actual sending address is a spoofed domain such as support@fake-kucoin.com. Always verify the real sender's email address rather than trusting the display name alone.

How to check the sender's email address:
1. Gmail (web): Open the email → Click the dropdown arrow next to the sender's name → The full email address will be displayed directly. Alternatively, click the "More" icon (⋮) in the top-right corner → Select "Show original" to view the full email header.
2. Outlook (web): Open the email → Click on the sender's name → The real email address will appear in the pop-up card.
3. Apple Mail: Open the email → Hover your mouse over the sender's name → The real email address will be revealed. Alternatively, go to the menu bar and select View → All Headers.
4. Mobile (general): Tap on the sender's name or avatar, and the full email address will typically expand and be displayed.

Friendly Reminder:

Due to compliance requirements, some regions may not be able to access the official website. It's advised to try changing your network or access point. The platform will never provide any third-party software or tools, so always assess the risks yourself, stay alert, and avoid leaking account information.

In the digital world, phishing scams are increasingly sophisticated. Phishers may impersonate platform staff, create fake phishing websites, or send false alerts such as “account upgrade,” “migration,” “refund,” or “risk trigger” to cause panic or draw attention. Through SMS, email, and other channels, they may send fraudulent links or customer service numbers, enticing you to transfer funds or change withdrawal addresses, thus stealing your assets.

They may also try to steal your account credentials via “online guidance” or fake support, further compromising your account. Stay vigilant if you encounter such situations.