What is phishing and how to protect yourself from it?

Modified on Wed, 29 Nov, 2023 at 12:16 PM

Bitkub Exchange places high importance on the safety of our users’ accounts. We always insist that “Security is the first priority.” Therefore, in this article, we will guide you through the necessary information and steps to safeguard yourself from phishing or cyber-attacks that have the purpose of taking over an account which can lead to the loss of your assets or personal information. These malicious attacks can occur in various forms such as emails or fake websites, so it is crucial to remain vigilant. 


Type of phishing


Phishing techniques can come in many forms, but all of them generally aim to scare the victim into responding to the attacker. For instance, an attacker may trick the user into believing that there is a problem with their account or verification system and that they must click on a link attached to their email to resolve the issue, etc.


Sometimes, attackers who have victims' information may call and provide believable details, claiming to be acquaintances or reputable companies, much like call center scams prevalent nowadays. Without being vigilant and paying attention to details, we may inadvertently give away sensitive information or click on suspicious links from the attackers.

Phishing process


Even though there are many verification features (MFA) to enhance the security of an account such as SMS OTP or 2-factor authentication (2FA), attackers can still trick users into giving away their passwords or security codes.


An example of a phishing email from an attacker


How to identify phishing


One of the most noticeable features of a phishing email is the sender's name, for instance, that is not from @bitkub.com.

  • A phishing email or URL may be longer than usual.

  • Containing spelling errors

  • The email domain may be unrelated to Bitkub.


The body and subject of a phishing email or website whether in Thai or English usually contain information about an urgent issue or other important details that make users anxious and more likely to click on the link that redirects them to a fake website or to contact fake Customer Support set up by the attackers.


An example of a phishing website

    

It's also important to be mindful of small details when identifying fake websites such as incorrect website names due to spelling errors or delimiter characters. Additionally, the buttons on these fake websites are often unclickable, including the register button and social media links. This is because attackers are primarily interested in obtaining users' passwords.


Apart from email attacks, phishing attempts can also involve tricking users into accessing a phishing website directly. Attackers may pose as Customer Support on various social media platforms to deceive users into providing sensitive and valuable information. In some cases, they may deceive users into installing a remote application to gain control of the users’ devices and attempt to transfer the MFA authentication application to the attackers.


An example of a deceiving support agent via LINE OA


Examples of attackers’ emails

  • bitkub.mail_kyc_id8459[@]eldoradotrucking[dot]com

  • mail-bitkub-kyc[@]cemap.es

  • info[@]kyc-bitkvb[dot]com

  • kyc_mail_from_bitkub_new[@]cynmod[dot]com

  • bitkub_kyc_mail_required_bitkub[@]vovror[dot]com

  • bitkub_kyc_mail_from_bitkub[@]actapy[dot]com

  • bitkub_new_kyc_mail[@]atacdi[dot]com

  • support_mail_required_from_bitkub[@]kiblip[dot]com

  • info[@]nbitkub[dot]com

  • info[@]bltkub[dot]com

  • info[@]e-bitkub[dot]com

  • new_kyc_mail_from_bitkub_com[@]pleika[dot]com

  • bitkubexchange001[@]gmail[dot]com


Examples of phishing domains

  • bit-kub[dot]web[dot]app

  • ibitkub[dot]web[dot]app

  • bikkub[dot]web[dot]app

  • kyc-bilkub[dot]web[dot]app

  • bifkub[dot]web[dot]app

  • bilkub[dot]web[dot]app/bitkub

  • firesbitkubwallet[dot]web[dot]app

  • firesbitkubwallet[dot]web[dot]app

  • bitkubswap[dot]web[dot]app


Response guidelines and tips from Bitkub Exchange


1. Bitkub has a process to respond to a fake email or website if we come across or receive reports from the customers. The information will be collected and forwarded to the legal department for further investigation. We also work in coordination with relevant partners, such as online platforms and social media, to report any abuse or misuse of the platform.

2. We utilize the Phishfort takedown service to monitor and coordinate with relevant parties in the event of phishing attempts.

3. We collaborate with government agencies such as the National Cyber Security Agency (NCSA) and Cyber Crime Investigation Bureau (CCIB) by sharing information, coordinating legal action when necessary, and notifying the relevant parties in the name of the government agency. 

How to protect yourself from phishing


  • Always follow news and activities from reputable sources accredited by various agencies.

  • Be vigilant and careful of suspicious activities such as giving away personal information to receive tokens or rewards.

  • Watch out for attackers who claim to be company staff or your acquaintances, including phishing emails that use the company name.

  • Always check the website's URL when visiting a website or making transactions (the correct URL for Bitkub Exchange is https://www.bitkub.com/).

  • The company domain email is @bitkub.com only.

  • Check every link before clicking on it, whether on social media, websites, emails, etc.

  • Install antivirus software on your devices and keep it updated.


We want to assure you that we always collaborate with the police or any legal authorities to prosecute any fraudulent activities in accordance with the law. If you experience any adverse event or have questions, please contact our Bitkub Support immediately. Also, kindly cooperate and provide all relevant details to the company regarding the adverse event so that we can take further action effectively.



Related articles


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article