A phishing site branding itself as Koinex has appeared on web to steal user credentials. Fortunately, Koinex acted in time to protect its users.
It’s not news that crypto industry remains on the target of hackers. Attackers targeting this space always keep looking out for opportunities to rob people of their money through different scamming techniques. Their latest targets are the users of popular cryptocurrency platform Koinex, and the technique that they’re using is phishing. Fortunately, Koinex found out about the phishing attempt in time and took the necessary steps to fix things before they’d have gone out of hands.
The phishing attempt is being made by some clever hackers with help of Google Adwords. They’ve created a Koinex-like website at a very similar domain called kqinex.in, and with help of Google ads they’ve propelled the website to front pages of Google for all Koinex-related queries. That way, the site is available for access to everyone who visits the Koinex exchange by searching in Google instead of directly entering the URL.
The domain, as you can clearly see, looks very similar to the official Koinex domain, and the hackers have also made the effort to make it look genuine by purchasing an SSL certificate. The website has got a sign-in page intended to steal the credentials of users who make the mistake of entering them. Koinex has notified Google of this scam website, and also requested users to report the site to Google using this form.
Other steps taken by Koinex to fix this issue before getting out of hand are as follows:
- On the sign-in page, the company is reminding users to check the URLs in their address bars.
- Withdrawal requests will be allowed to be placed only after 10 minutes of logging in. This will provide a window of 10 minutes to those whose account has been compromised to regain control of their accounts.
- And there’s also this thing called Single-use OTP. An OTP sent once will be valid for that particular action only, and requesting a withdrawal or doing any other security-related change to the account will require a new OTP.
While Koinex has commendably acted in time to prevent any mishaps, it’s also our own responsibility to be on alert while surfing the web (especially while dealing with websites that involve money). Every time when you try to log in to Koinex, double-check that you’re visiting the official website. Don’t open the site from any Google ads, because company has made it clear that it doesn’t run Google Ads. Finally, keep all hardcore security features (i.e. two step verification) activated for your account. Precaution will help you ward off the evils, and hopefully you won’t have to suffer from any unwanted cyberattacks.