As the price action in crypto markets continues to intensify, so is the interest of online attackers who deploy ever-evolving tactics to steal funds and information. Whether you store your virtual assets in xCrypt Pro or on a hardware wallet, we recommend everyone to take time and understand common online threats and how to protect themselves. In this article, we will discuss one of the commonest persistent online cyber-attacks- phishing.
Phishing is a pervasive form of online attack, and once attackers trick users and obtain their private information, they can fully impersonate the victims. The xCrypt security team investigates numerous reports of phishing each day and is regularly working to neutralize these attacks as quickly as possible. Nevertheless, some hosting providers respond slowly (or not at all) to disregard reports concerning the misuse of their platforms. That is why it is essential to be able to recognize signs that you are being phished, even if you don’t see a warning from your browser.
Recent Phishing Trends
To help you establish the signs that you are on the brink of getting phished, we have outlined some examples of the most common phishing trends being employed to target crypto traders and investors.
- New Device Confirmation Phishing
When you try to log into your xCrypt account from a device and location we don’t recognize; we will send you a device verification email that bears a unique, hard-to-guess authorization link. If you don’t click that link, your login attempt will fail. As a result, some phishing sites request users to copy and paste the device verification link in a bid to bypass this security measure. The real xCrypt log in page will never ask you to copy and paste that link.
- Email Password Phishing
Here attackers try to trick potential victims into sharing the passwords to their email accounts so that they can access the email and execute new device confirmation. xCrypt will never ask you to enter the password to your email address.
- Phishing through Text Messages
Do not allow a phishing message like the one shown above drive with your emotions. Always check your deposits by going directly to https://trade.xcrypt.pro/signin, or by using the xCrypt app that will be out soon.
- Phishing via Email
If you are keen enough, you will notice the sense of urgency to entice people to click on the link. Hovering your mouse pointer over the link in this email will reveal this link is directing you to the phishing domain: https://xCryipt[.]com instead of https://trade.xcrypt.pro/signin. Again, please go directly to https://trade.xcrypt.pro/signin if you are suspicious of the email you have received.
- xCrypt Log in Clone
In this illustration, pay close attention to the URL bar at the top of your browser. xCrypt.pro-mrq[.]com is not a legitimate xCrypt domain and lacks HTTPS (the green lock) enabled. The valid xCrypt domain secures all connections over HTTPS.
- Internationalized Domain Names
This phishing domain utilizes an Internationalized Domain Name (IDM) that closely resembles www.xCrypt.com. However, a closer look reveals that the domain is actually www.xCry įpt[.]com (note the character accent below the “i”).
Besides, even though the site contains HTTPS (the green lock) enabled, that does not imply you are on a legitimate website, only that you are safely communicating with “some” website.
Protecting Your Account
Currently, the only known way to reliably avoid being phished is to utilize security keys (also known as 2FA) with your online account. Not only can you use a security key to lock down your xCrypt account, but you can also use it with any other online services that integrate with them, like Gmail, Facebook, Dropbox, Instagram, Twitter, YouTube, and many more.