1. What is phishing attack?
Phishing attack is a common way of online scam, which means that someone uses various means to fake a similar URL address and similar webpage contents of a real website, and distribute the fake URL to mass audience via SMS, email and various social medias, so as to lead users to click in, and then they will defraud users' bank account, credit card account, password and other personal data, then get users' assets.
Phishing attacks can be very hard to distinguish sometimes. Therefore, how could investors prevent from such fraud? This article will summarize several common phishing attack tricks and give our customers some security tips. Please be more aware of these tricks and keep your assets safe .
2. Common tricks of phishing attack
Phishing attacks mainly include email attack, pharming and so on.
Email attack: the attacker sends seductive or misleading email to the target user. The e-mail often carries the link of phishing website or the download link of Trojan horse program. If the user does not pay attention to distinguish it, he/she will click the link to enter the phishing website or download the Trojan horse program. Once the Trojan horse program runs, it can monitor the sensitive information entered by the user and get it.
Pharming: the attacker spots the vulnerability of the user's computer system and modify the file about DNS information stored in the user's computer with malicious code, and replaces the website address that the user would visit with the phishing website address. After entering the legitimate website address in the browser, the user will be auto-redirected to the phishing website address. If the user is not aware of this, the attack is successful.
In short, among the common phishing scams in the crypto field, the attackers may fake themselves as platform staff, create phishing websites and publish fake information, claiming "account upgrade", "migration", "refund", "trigger risk control", "capital risk", "account to be closed" and so on through SMS, email and other channels, and induce users to click the phishing website link or scan the phishing QR code. Once the account password and other information is leaked, the assets in the user account will be quickly transferred away.
3. How to prevent phishing attacks
(1) Do not click into unknown links and log in to unsafe websites to avoid account and password disclosure and asset losses.
(2) For account security information and verification protection methods, for example, the account login name and password should not be consistent with other websites, and the private key and mnemonic words should be kept privately.
(3) Don't search OKX website through Google or other search engines and log-in without double check. It is recommended to input manually the official website of OKX: https://www.OKX.com
(4) Do not enter sensitive information such as account, password in a unsafe environment or disclose account information to others, especially security related information such as password and private key.
(5) OKX has launched anti-phishing code function. You can set the anti-phishing code in "User Center - Security Center - Anti-phishing code". After setting the anti-phishing code, the email sent by OKX will contain the anti-phishing code you set. If there is no anti-phishing code in the email, it is a forged or fraudulent email.
(6) Whenever you find a SMS or email is suspicious, you are always welcome to contact our support center to verify the authenticity of the message, we are here to help you 24/7.