Phishing & scam detection
Phishing attempts often mimic login pages. Check the domain, SSL indicator, and avoid clicking suspicious links — always navigate to the site from a trusted bookmark.
Warning: If an unsolicited support contact asks for your password or recovery phrase, do not comply. Official support never requests passwords or private keys.
Practical prevention tips
- Bookmark the official site and use that bookmark to log in.
- Prefer authenticator apps or hardware keys over SMS 2FA.
- Keep a separate, secured device for high-value operations where possible.
If you think you’ve been targeted
- Change your exchange password immediately from a safe device.
- Revoke sessions and API keys, and disable withdrawals if available.
- Contact official support through verified channels and provide any evidence (screenshots, timestamps).