1. What is phishing

The phishing attack is a fraud process in which the attacker masquerades as someone else to steal identity information such as account name, passwords, assets and identification numbers, etc. Attackers often pretend to be official staff from operation or custom service divisions or to be network manager in order to gain trust from victims.

 

2. Mode of Phishing Transmission

Virus: Perpetrators clone a website identical to the trading platform and then send it to user  by using virus programs or malware, or put this malicious website on search pages to trick users into logging in to steal users’ account, password, transaction information, and assets.

SMS: By using message service, perpetrators can disguise as the trading platform and send fraud messages to users, claiming that users have won the lottery or that their accounts have been stolen. Users then will be urged to log in to the website designated in the messages to verify their identification. Since the designated site is false and is developed by perpetrators to steal user’s information in the first place, users’ account, password, and other identification information will be obtained by perpetrators once users log in to the malicious website and follow the fraudulent instructions.

Develop a false website: Perpetrators will first develop a false website and then issue false event information on social media platforms including QQ and Wechat full of hollow promises. When users log in to the malicious website, their accounts, passwords and other identification information will be obtained by perpetrators.

Use a false official email box: Perpetrators will send avalanches of fraudulent emails to trick users into logging in to the malicious website that looks identical to the official trading platform website by clicking the links attached under pretexts such as lottery winning or system upgrading. Once users follow the false instructions, the account or password information they input will get stolen.

Forward phishing website links to communities: Trick users into logging in to the malicious site.

 

3. Prevent Phishing Attack

  • Use relatively safer browsers such as chrome and upgrade it to the latest version
  • Refrain from installing random browser plug-ins
  • Refrain from open suspicious links or enter AscendEX account or password on unknown websites. Otherwise, your information might get stolen by phishing website or Trojan horse
  • Install anti-virus software and remove computer or phone viruses periodically
  • Update system on time
  • Please do not disclose the verification code you receive to anyone else
  • Please confirm that the domain name you use to log in to the official website or trade belongs to AscendEX (ascendex.com)