0%

Tips on how to best secure your crypto

9 июн. 2021 г. 5 мин чтения
Изображение Баннера Новостной Статьи

When someone is able to log into one of your accounts to perform fraudulent activity, this is called an “account takeover”, or “ATO” for short. But how do these fraudsters get into your account in the first place? One common method is called a “SIM-swap.” In a SIM-swap attack, fraudsters will actually contact your wireless carrier pretending to be you, and persuade the customer service agent to redirect your cell service to a different device, by changing the SIM card number associated with your account (hence the name of the attack.) Once they succeed, they are able to receive all calls and SMS messages sent to your phone number — including any two-factor authentication codes sent to you via SMS. From there, fraudsters will frequently pair those SMS 2FA codes with stolen passwords to try and log into your email account, social media profiles, cloud storage accounts like Dropbox, or financial accounts like Coinbase.

At Coinbase, we do a lot of work behind the scenes to detect and try to stop SIM-swap ATOs targeting our customers’ accounts. We also believe that using SMS-based two-factor authentication (2FA) is better than using no 2FA at all. That said, we encourage everyone to follow the two simple steps below and apply them to all the accounts they care about — not just their Coinbase accounts.

Use a password manager

  • Your passwords should be at least 16 characters, extremely complex and unique for your accounts. That’s hard to do by yourself, but password managers like 1Password or Dashlane can be used to create and remember your passwords.

Are you currently using a password that has been exposed in a third-party data breach somewhere? You can check to see if you’re using a risky password by visiting haveibeenpwned.com/Passwords .

Use 2-factor authentication (2FA)

  • In addition to strong passwords, where available, use two-factor authentication (2FA). And always use the strongest type of 2FA the platform allows, ideally a Yubikey or similar hardware security key.

  • If a service provider doesn’t allow Yubikey, use an authentication app like Google Authenticator or Duo Security instead of SMS-based 2FA if possible.

  • If SMS-based 2FA is the only thing available, at the very least require a one-time 2FA code sent to your device every time you login so someone can’t access your account if they have stolen your password.

  • If an organization doesn’t offer any of these options, consider not using that service.

Staying vigilant in the wild

It’s not only important to play defense with the right security tools when protecting your accounts, but it’s also important to stay smart in the wild.

Some guidelines:

Don’t make yourself a target

  • Don’t brag about your cryptocurrency holdings online, just like you wouldn’t advertise inheriting $50 million.

  • Review your online presence and see how much personal information someone could learn about you to steal your identity. (The good folks at Consumer Reports put together this self assessment.)

Don’t fall for tricks

  • Hackers posing as tech support — even bad actors posing as Coinbase customer support specifically — may pressure you for account credentials. Coinbase will never ask you for passwords, 2FA codes, PIN numbers or for remote access to your computer.

  • Coinbase will never ask you to create test accounts on other platforms or provide your ID or banking information over email or social media. We do not offer Facebook support chat and we will never call you by phone.

  • If someone reaches out to you and you’re not sure if it’s a scam, you can reach out to [email protected] to confirm whether it’s legitimate. And remember, Microsoft, Google, and Apple will never call you about your computer.

Check the URL

  • Scammers create fake sites that look like real exchanges but are designed to steal account information. Double check the web address before you login into your account or input any of your credentials.

  • If we emailed you and include a link, copy the link and paste it into a text editor before entering it into your browser to make sure you know where the link is really taking you.

This phishing domain uses an Internationalized Domain Name (IDN) which closely resembles www.coinbase.com. However, looking closer will reveal that the domain is actually www.coįnbase[.]com (note the character accent below the “i”).

While Coinbase has gone to great lengths to secure our environment, it’s important that everyone understands their role in maintaining the security chain. By following some basic security steps, you can make sure your crypto stays safe. To learn more, visit our Help Center.

was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Популярные новости

How to Set Up and Use Trust Wallet for Binance Smart Chain
#Bitcoin#Bitcoins#Config+2 дополнительные теги

How to Set Up and Use Trust Wallet for Binance Smart Chain

Your Essential Guide To Binance Leveraged Tokens

Your Essential Guide To Binance Leveraged Tokens

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)
#Subscriptions

How to Sell Your Bitcoin Into Cash on Binance (2021 Update)

What is Grid Trading? (A Crypto-Futures Guide)

What is Grid Trading? (A Crypto-Futures Guide)

Начните торговать с Cryptohopper бесплатно!

Бесплатное использование (кредитная карта не требуется)

Приступим
Cryptohopper appCryptohopper app

Отказ от ответственности: Cryptohopper не является регулируемой организацией. Торговля криптовалютами с помощью ботов связана с существенными рисками, и прошлая эффективность не являются признаком такой же эффективности их применения в будущем. Прибыль, показанная на скриншотах продукта, приведена для примера и может быть преувеличена. Занимайтесь торговлей с помощью ботов только в том случае, если обладаете достаточными знаниями, или обратитесь за советом к квалифицированному финансовому консультанту. Ни при каких обстоятельствах Cryptohopper не несет ответственности перед любым физическим или юридическим лицом за (а) любые убытки или ущерб, полностью или частично, вызванные, возникшие в результате или в связи с транзакциями с использованием нашего программного обеспечения, или (б) любые прямые, косвенные, особенные, последующие или случайные убытки. Пожалуйста, обратите внимание, что контент, доступный на социальной торговой платформе Cryptohopper, создаётся членами сообщества Cryptohopper и не является советом или рекомендацией Cryptohopper или от его имени. Прибыль, показанная в Маркетплейсе (Торговой площадке), не является индикатором будущих результатов. Используя услуги Cryptohopper, вы признаёте и принимаете риски, присущие торговле криптовалютой, и соглашаетесь оградить Cryptohopper от любых обязательств или понесенных убытков. Прежде чем использовать наше программное обеспечение или участвовать в любой торговой деятельности, необходимо ознакомиться и понять наши Условия предоставления услуг и Предупреждение о рисках. Пожалуйста, обратитесь к юридическим и финансовым специалистам для получения индивидуального совета, основанного на ваших конкретных обстоятельствах.

©2017 - 2024 Copyright by Cryptohopper™ - Все права защищены.