Official announcements, security

Security announcement on phishing alerts

HitBTC Team

2 min read

Dear traders,

We have been receiving a range of reports from people coming across phishing attempts lately. Secure passwords and even two-step authentication could be powerless once the attackers manage to deceive the account owner. Cautionary measures are a must.

That is the common scheme of phishing attack:

  1. User is being faced with the link, which leads to a website disguised as original HitBTC website.
  2. It asks to proceed via standard login procedure: specifying password and 2FA code.
  3. Once this personal data is retrieved, violators have the access to this particular account, which they take advantage of immediately.
  4. Funds are being stolen.

We are striving for not to let step 1 take place, by making everything possible to shut down the phishing websites once we locate them. Special gratitude goes to our traders who notice these websites and care to report them to us. But unfortunately the process of phishing website being eliminated takes time.

 

To protect yourself from phishing, you would need to be totally in control of your movements online. We would suggest these tips:

  • Whenever you’re visiting HitBTC, please make sure that the website address in the address bar is spelled correctly. The only legit HitBTC address is hitbtc.com.
  • Let your primary point of entry to HitBTC be the bookmarks section in your browser. Or just manually type the HitBTC address in the address bar. Don’t trust any links you would see online. They easily could be misleading.
  • Never disclose your personal data to anyone. Violators could try to impersonate us in order to lure or compel you to reveal your password. Remember: legit HitBTC associates  won’t ever ask you for your password or 2FA codes.
  • Malicious websites are able to steal your personal data as soon as you only visit them once. Malicious software could spy on you. Email is the most common way to spread harmful data. Please make sure that you are not opening links and attachments received in untrusted emails.

Here are some important steps to take right now.

  • Make sure that your HitBTC password is strong and unique
  • Please enable 2FA protection for login, settings and withdrawal options
  • Take care to protect your device from malicious software.

In case you’d happen to notice something suspicious: websites disguising themselves as HitBTC, or emails presumably from HitBTC team, containing questionable requests, please, don’t hesitate to report these issues to us. Our coherent joint efforts will help to keep HitBTC users safe and secure.