How to Avoid Phishing Attacks?
Bitcoin is rarely out of the news these days, making newspaper headlines as prices rise. There’s also been corresponding surge in public interest in it, as well as cryptocurrencies in general. But before your enthusiasm runs away with you, it’s important to make yourself aware of the possible risks and what you can do to mitigate them. If you are new to BtcTurk — or are thinking of joining — here’s what you should know about cybersecurity and the most common cyber-attack strategies.
Login security
Rather than using rather than using a search engine to find and access the website, protect yourself from the threat posed by fake sites by manually typing pro.btcturk.com into your address bar. Advertisements on search engines can easily be used by cyber-attackers to redirect you to a fake site without you realising it.
When cyber-attackers mimic the site you are trying to access exactly, they used unrelated (and often hacked) proxy sites to advertise on search engines. Attackers take advantage of security vulnerabilities to seize legitimate websites, where they post ads that redirect users to a phishing site. It takes just a split second, meaning most users do not notice anything amiss in the address and continue as normal. In many cases, the fake site looks just like the real thing
Examples of fake web addresses:
btcturksite.com
sitebtcturk.com
btcturkweb.com
loginbtcturk.com
Examples of web addresses with non-Latin characters (punycode):
btctürk.com (Turkish ü character instead of u)
bt𐅁turk.com (c character not the same as letter C in the Latin alphabet)
bԵcturk.com (Ե character not the same as letter T in Latin alphabet)
btctㄩrk.com (ㄩ character not the same as letter U in Latin alphabet)
𐊡tcturk.com (𐊡 character not the same as letter B in Latin alphabet)
How are phishing attacks carried out?
If you reach one of the above addresses by following a link from an unknown source on a search engine or social media platform, you will reach a site set up by cyber-attackers to replicate BtcTurk. It is likely to be highly convincing, which is why you need to take extra care to avoid being fooled.
When you try to log in to these fake sites, your user information is immediately captured by the attackers. A warning will appear that the login information is incorrect and by re-entering it you are actually helping the criminals to verify your account details.
Always be careful
Enter your username and password correctly when logging in to your BtcTurk account and a security image will appear. It is unique to you and was set when you first joined BtcTurk. This image will be shown every time you log in. If you do not see the correct security image, something you do not recognise or no image at all then do not then enter your two-step verification code.
An attacker who has managed to capture a user’s account information will immediately use it to log in to the genuine BtcTurk site. What’s different on the fake site is that any user who tries to log in will be asked to enter their phone number to allow a verification code to be sent — the real BtcTurk will never ask for your phone number. A user who provides their phone number will be called by the attacker, passing themselves off as a caller from BtcTurk.
Cyber-attackers who reach the user by phone will try to convince them to transfer their account balance. The user’s assets will be converted into a single cryptocurrency, then a new cryptocurrency withdrawal address will be set up by obtaining a two-step verification code — with the unwitting help of the account holder. The attackers will go on to request a cryptocurrency withdrawal PIN and make a cryptocurrency withdrawal order, before asking the user to confirm the instruction sent to their email address. If, having fallen into the trap, the user approves the cryptocurrency withdrawal order, they will lose all the assets in their account.
How do BtcTurk’s security measures help me avoid phishing?
BtcTurk has additional measures in place as part of the login, withdrawal address set-up and cryptocurrency withdrawal processes to ensure the highest level of user account security.
- A security image unique to your account will appear when you enter your login details correctly.
- If you do not recognise the security image shown on screen at the point where you are asked enter the two-step verification code — or one does not appear — do not proceed any further.
- When signing in on a new device, you will be asked to verify it. You can log in from a new device only if you enter the code sent to your email address. Regardless of what you’re trying to do, never share your verification code. You can follow all the devices you have logged in to BtcTurk, as well as their IP addresses and login times on the Device Management page under the Security tab.
- A two-step verification code will be requested when setting up a cryptocurrency withdrawal address. If you are not trying to do this — or not logging in from a new device — you should be wary of any two-step verification codes that come via SMS. If your two-step verification code is requested by phone, be sure not to divulge it.
- You can make your cryptocurrency withdrawal requests more secure with a dedicated PIN code. After setting up a cryptocurrency withdrawal PIN, you can only request a cryptocurrency withdrawal if the correct sequence is entered. Provided you have a cryptocurrency PIN, cryptocurrency cannot be withdrawn from your account, even if it has been accessed without your permission. If you have not set up your PIN code yet, you can do so from the PIN Code page under the Security tab.
- When you submit a cryptocurrency withdrawal request, a confirmation email will be sent to the email address you have registered with the system. If you approve this email, where you see the reciever’s address and amount of cryptocurrency to withdraw, your request will be processed. Even if attackers request a cryptocurrency withdrawal linked to your request, it will not be actioned unless you confirm this email. If you have not knowingly and willingly requested a cryptocurrency withdrawal, you should not approve any confirmation email.
I’m a victim of phishing: what should I do?
If you suffer a phishing attack, despite all these security measures, you should contact the BtcTurk support team immediately. They will direct you to the relevant legal authorities in order to file a complaint. We recommend that you share your complaint with the judicial authorities in order to seek your legal rights
