Phishing is a term for a common technique of acquiring a user’s personal or account information. Scammers setup fake websites which resemble legitimate business websites in order to get you to enter your personal or account related details which will then be available to the scammers.
Phishing websites tend to look reputable (and will commonly look identical to their official counterparts) but will always have a different domain name/URL. Prior to entering your personal information to a website, please make sure you have checked the following:
How to identify and avoid phishing?
- Each time you login to your account, it is highly recommended to check that you are accessing the correct URL. The correct URL is provided below and should be bookmarked:
- Please be aware of URLs ending with .com .ws .cx
- Make sure the URL address starts with https://
- Check the Site Certificate to make sure whether the website you are accessing is safe. If using Google Chrome, the security status can be located to the left of the URL (a green lock indicates the website is secure, a red lock indicates the website is unsafe). If using a different browser, please research how to view the Site Certificate, usually located in the settings of a browser.
- When entering coinexchange into a search engine such as Google or any link which has been sent to you from an external website or source, please check that the URL is legitimate.
- Check the sent address when clicking on any email that looks like it has been officially sent from CoinExchange.io. Scammers tend to often send emails with links which appear real but will actually redirect to a fake website.
- Check that the URL is legitimate before clicking on links provided by Google Ads as phishing sites are known to place fake advertisements.
What if I suspect my account has been phished?
If you suspect that your account has been compromised, accessed and/or security settings of your account (emails, passwords or 2FA) have been leaked to an unauthorized third party, immediately change your password and 2FA settings for all services which could be accessed from that device.