Recognizing Phishing Email Traps and Protecting Your Digital Assets
1. What Is a Phishing Email? Why Must You Stay Alert?
A phishing email is like a "wolf in sheep’s clothing"—hackers impersonate trusted institutions (such as exchanges, banks, or projects) and deceive you by fabricating email content to:
🔑 Obtain your password, verification code, or mnemonic phrase
🖱️ Trick you into clicking on malicious links or attachments
💸 Make you transfer funds to fraudulent wallet addresses
Since on-chain transactions are irreversible, once your assets are transferred, recovering them is extremely difficult.
🌰 Common phishing scenarios targeting crypto users:
1️⃣ Impersonating exchange customer service: “We detected a risk in your account, click the link to verify your identity!”
2️⃣ Fake airdrop notifications: “Claim your BTC reward, bind your wallet now!”
3️⃣ Fraudulent security alerts: “Your account was logged in from a different location, download the attachment to view records!”
2. Five Phishing Email Red Flags—Spot Them at a Glance!
1. 📩 Fake but similar email addresses
-
Hackers create sender addresses and domains that closely resemble official ones to mislead you into believing the email is legitimate.
-
Example: Hacker email: no-reply@p2p-kucoin.com; official KuCoin email should end with @kucoin.com.
2. ✅ Official Security Identifiers
-
Check whether the email includes your unique anti-phishing code. If you have set up an anti-phishing code, all official emails from us will include it. If the email lacks this code, it is 100% a scam!
-
Example: The user has set up an anti-phishing code, but the phishing email does not contain it.
3. ⚠️ Creating Panic to Force Immediate Action
Messages like “Your account will be frozen in 24 hours if you do not verify!” exploit panic psychology to lure you into clicking links. —— Official institutions never use threatening language to rush users.
4. 🔗 Hidden Links Leading to Fake Websites
-
Email buttons or links may redirect to fraudulent websites (e.g., www[.]kucoin-login[.]com). Once you enter your credentials, hackers steal your assets. Hover over the button (do not click!) to check the real link.
-
Below is an example of a phishing email containing a malicious link. Clicking "Claim Your $KCS" will direct you to a fake KuCoin login page and ask for your username and password, allowing scammers to steal your information and assets.
5. 📎 Attachments or Images Hiding Malware
Beware of .exe, .zip, and .docm file formats—they may hijack your computer.
3. Utilize KuCoin’s Security Features to Build a Protection Shield
🔐 Feature 1: KuCoin Official Verification
For any SMS, email, or website link that asks you to visit what appears to be KuCoin, you can check its legitimacy through our official verification site: https://www.kucoin.com/cert.
If you see the result “This Resource Is Not Managed by KuCoin,” the information is fake.
In addition to the website, KuCoin’s official verification can also validate emails, social media accounts, and phone numbers.
🔐 Feature 2: Set Up an "Anti-Phishing Code"
-
Purpose: Displays your unique anti-phishing code in every official email for easy verification.
-
How to set it up: Anti-phishing Safety Phrase (Email/Login/Withdrawal Safety Phrase)
-
Important Tip: Always check for your anti-phishing code in any “platform email” before taking action! If an email from “KuCoin” does not contain your anti-phishing code, avoid it at all costs.
🔐 Feature 3: Enable Mandatory Two-Factor Authentication (2FA)
-
Purpose: Even if your password is leaked, hackers cannot bypass the second layer of verification (such as mobile verification codes or Google Authenticator).
-
Recommendations:
-
Prefer Google Authenticator or hardware keys (such as YubiKey) over SMS verification (which can be SIM-swapped).
-
Regularly check "Login Device Management" and remove unfamiliar devices.
🔐 Feature 4: Enable Login/Operation Notifications
-
Activate email, SMS, and app push notifications in the "Notification Management" to stay updated on account activity and freeze your account immediately if you detect anomalies.
4. Received a Suspicious Email? Follow These Three Steps!
1. 🚫 Do not click, do not reply, save evidence, and report it
Delete the email immediately or download it as an EML file and report it through the following methods:
📌 Gmail Users:
1️⃣ Open the suspicious email → Click on the top-right "⋮" → Select "Download message."
2️⃣ The system automatically saves it as an .eml file. Send it to platform support for investigation.
📌 Outlook Users:
1️⃣ Open the suspicious email → Click on the top-right "⋯" → Select "Download."
2️⃣ The system automatically saves it as an .eml file. Send it to platform support for investigation.
2. 📝 Manually Enter the Official Website
If you need to perform account operations, always manually type the exchange’s URL instead of clicking links within emails.
3. 🔍 Check Security Settings
Regularly review your anti-phishing code, 2FA settings, and update your password promptly.
5. Remember These Rules: The Official Team Will Never…
❌ Ask for your password, SMS verification code, or mnemonic phrase
❌ Direct you to download a non-official app via email
❌ Request that you disable security settings (such as turning off 2FA)
Protecting your assets starts with every small detail!
Log in to your account now and ensure all the security features above are enabled. More protection means less risk.
If you have any questions, contact us through in-app customer support or the "Live Chat" in the lower right corner of the official website. The KuCoin Security Team will help verify the authenticity of any email. —— Remember, a legitimate customer support agent will never urge you to transfer funds!