Not all products mentioned are available in all jurisdictions.

How can you protect yourself from a phishing attack?

Published on Aug 17, 2023Updated on Nov 21, 20244 min read2,747

1. What's a phishing attack?

A phishing attack is a prevalent online scamming method where perpetrators use various techniques to mimic the URL address and webpage contents of a legitimate website. They then distribute this counterfeit URL to the mass audience via SMS, email, and various social media platforms with the intention of luring users into clicking on the link, through which the attackers defraud users of their bank account information, credit card details, passwords, and other personal data, ultimately gaining unauthorized access to users' assets.

Phishing attacks can sometimes be very difficult to distinguish. Therefore, how can investors prevent themselves from falling victim to such fraud? This article will outline several common phishing attack techniques and provide our customers with security tips. Please remain vigilant against these tricks and ensure the safety of your assets.

2. What are the common tricks of phishing attacks?

Phishing attacks mainly include email attack, pharming and so on.

Email attack: the attacker sends seductive or misleading email to the target user. The email often carries the link of phishing website or the download link of Trojan horse program. If the user does not pay attention to distinguishing it, he/she will click the link to enter the phishing website or download the Trojan horse program. Once the Trojan horse program runs, it can monitor the sensitive information entered by the user and get it.

Pharming: the attacker spots the vulnerability of the user's computer system and modify the file about DNS information stored in the user's computer with malicious code, and replaces the website address that the user would visit with the phishing website address. After entering the legitimate website address in the browser, the user will be auto-redirected to the phishing website address. If the user isn't aware of this, the attack is successful.

In short, among the common phishing scams in the crypto field, the attackers may fake themselves as platform staff, create phishing websites and publish fake information, claiming account upgrade, migration, refund, trigger risk control, capital risk, account to be closed and so on through SMS, email and other channels, and induce users to click the phishing website link or scan the phishing QR code. They're also known for sending out the phishing link via SMS, accompanied by a message that requests the targeted user to upgrade their identity verification level, which leaks their account info to the phishing link. Once the account password and other information is leaked, the assets in the user account will be quickly transferred away.

3. How can you prevent phishing attacks?

  • Don't click on unknown links and log in to unsafe websites to avoid account and password disclosure and asset losses.

  • For account security information and verification protection methods, for example, the account login name and password shouldn't be consistent with other websites as the private key and mnemonic words should be kept privately. If you detect any suspicious activity on your account, you may reach out to our Support team or here.

  • OKX will not ask for your SMS/email/GA verification code in any way. Therefore, for any email that you receive from OKX, please confirm that the email addresses are either noreply@mailer1.okx.com , noreply@mailer2.okx.com , or notifications@okx.com which are OKX official sending mailbox addresses, and there may be additional numbers after the email address.

  • Don't search the OKX website through Google or other search engines and log-in without double checking. It's recommended to input manually the official website of OKX: https://www.OKX.com.

  • Don't enter sensitive information such as an account password in an unsafe environment or disclose account information to others, especially security related information such as passwords and private keys.

  • OKX has launched anti-phishing code function. You can set the anti-phishing code in User Center > Security Center > Anti-phishing code. After setting the anti-phishing code, the email sent by OKX will contain the anti-phishing code you set. If there's no anti-phishing code in the email, it's a forged or fraudulent email.

  • Whenever you find an SMS or email is suspicious, you're always welcome to contact our support center that's available 24/7 to verify the authenticity of the message.