There has been a rise in phishing attacks recently. Here I will share some tips about how to better secure your account.
Phishing attack is one of the simplest, oldest and hardest to eliminate hacks out there. All the attacker has to do is to send emails. There are a few ways to guard against them though:
Unique Email Addresses
Use a unique email address for Binance.com, and every other site you use. You could manually create a new email address each time, setup forwarding to your main email account. Or you could buy a random domain name, and create a catch-all email address for that domain. This costs less than 10 BNB a year (as of this writing). This way, unless you received the email through [email protected], you know it is not sent by Binance. In fact, sometimes this will let you know which site leaked your email addresses. If you receive an unsolicited email at [email protected], then you know exchange A has leaked your info or has compromised security. You should stop using that exchange immediately and tell your friends to do so as well.
Keep your email address secret. Don't tell people about your unique email address. They don't need to know it. For this reason, never use a QQ email for any crypto exchange. Your QQ email address is known to be [email protected]. And if you happen to be in any crypto related QQ group, then it’s pretty easy for phishing sites to spam you with bait.
Don’t Click Links in Emails
In general, don’t click links in emails. If you have to, say the email contains a verification link, check the domain name carefully in your browser after you click the link. Verification links are safer due to the timing. You probably just submitted a form online. If not, be very careful. Always close the browser after you open the verification link. Close the browser fully, not just the tab, then start a new one. Go to the link from a bookmark or just type in the domain. Never enter any password after following a link from an email (or instant message), even a verification email.
Don’t Open Attachments
Don’t open email attachments. If you must, make sure you have a good anti-virus software running.
Antivirus Software
Subscribe to a good antivirus software. Compared to losing coins, the small fee is very cheap. Keep it up to date.
Use Unique Passwords
Always use a unique password for Binance and every other website you use. Never use the same password twice. Why? The answer should be obvious, right? If another site gets hacked or has lower security standards, you don't want your Binance account to be at risk.
Password Manager
If you have trouble remembering many unique passwords, then use a password manager. If you want an easy option, use LastPass. It has browser plugins which makes it convenient. It's not open-source though. If you want peace-of-mind on that, then go for KeePass or other open-source choices.
Don't Tell Anyone Your Password
Binance staff never need to know your password. Your friends and family do not need to know either. In fact, if any site operator requires your password, you should stop using that site. No system should be designed that way.
Sending to Yourself
Because you have chosen a hard password, if you need to send it to yourself, to your phone, for example, don't send it in clear text. If you use LastPass, they have a mobile app. You don't need to send anything. If you use KeePass, then you should send it using a secure channel. WhatsApp comes in handy here. Save your own number as a contact, then you can send secure messages to yourself. Remember to delete the message after you have used the password. This should be sufficient for normal use. If you want to be more secure, you should PGP encrypt the password, send it, and decrypt at the destination. I won’t get into the details of PGP in this article. But PGP is definitely worth learning. The world tomorrow is going to be a heavily encrypted one. Better to learn sooner than later.
Enable 2FA
If you don’t know what this is, google it. Then use it on Binance.
Secure Your Email Account
Use a secure email provider. Gmail is pretty good, although it does not have built-in encryption. You should use PGP on top of it if you can manage it. If you don’t want to deal with PGP, Protonmail seems to be popular these days.
Don’t use emails that only provide non-encrypted access. I am surprised some email services in China still don’t offer secure options. Don't use them.
Again, enable 2FA for your email account(s), and don’t give your password to anyone.
Secure Your Phone
You need to protect your phone. It probably has full access to your email, the Binance App and your 2FA codes. Do not jailbreak your phone. Default phone OS has some security measures built-in. You don’t want to break that. Enable fingerprint and passcode lock. If you use iPhone, enable erase-phone from your Apple account, in case if you lose the phone. If you use Android, don’t store sensitive info on SD cards. Again, don't share your phone passcodes with anyone, including your kids and spouse. How you manage that is your issue, I won't get into that either. :)
Secure Your Computer
Don’t install too much software on your computer. Antivirus software is not 100% bulletproof. For a hacker, nothing beats the convenience of a trojan horse on your computer calling home to his master. For you, it’s one of the worst scenarios.
Be careful about browser plugins as well. Only install the well-known ones. Don’t install anything that’s new on the market. There have been many cases of plugins stealing passwords, private keys, or replacing the receiving address for the crypto transaction you are about to send.
I recommend using a dedicated computer, install Linux on it, the Chrome browser, a password manager plugin, and nothing else. Be sure to turn on the encrypt entire disk option during install, and turn on the firewall right afterwards. "sudo ufw enable" on Ubuntu should do the trick for most people. Use this computer for crypto trading. And that’s it. You probably could use this computer for hot wallets as well, if your crypto funds are not too large. This computer still does not meet "cold storage" requirements, though. So don't store too many coins on this computer. Cold storage requires higher security and is a different long topic.
If you have to use Mac or Windows, that’s ok too. Just follow the same rough guidelines, and don’t install too much stuff on it. I haven't used Windows for a few years now, and don't know it in detail anymore.
WiFi
WiFi is a security weak point. There are just too many variables. Older routers use weak encryption methods that are no longer secure. Many have default admin passwords that are extremely easy to guess. WiFi password is often shared with guests, and if one person has a password sharing app on their phone, then there could be millions of people having access to your wifi, including a hacker sitting outside of your window sniffing all your traffic. The list is endless. I recommend always using a wired connection if possible. If you have to use a WiFi, especially an open one like in Starbucks, route all your traffic through a VPN.
Lastly, security is a cat-and-mouse game. You have to continuously upgrade your defensives to stay secure. There is also no 100% security. If Earth gets destroyed by a comet, the above measures may not be sufficient to save your account. This is by no means a complete or exhaustive list. But if you do all of the above, your Binance trading account should be relatively secure.
If you think this article helps, please help spread the word. The more people become security conscious, the safer our community will be.
Happy trading!
amazing, can we get some new anon coins to binance? EXCL XZC etc ? i love trading there
Wow, great post! Huge usefull informations, Thanks.
I whish steemit allowed re-steemit again...
much appreciated, thank you.
Thanks CZ for stopping the "binance been hacked" FUD!
yet people continue to lose their coins
Additional tips for you crypto surfers out there, try to install Metacert (chrome extension) and MetaMask. They also provide a whole list of phising websites to avoid, and will warn you before actually opening the website. It has helped me several times now. It's not 100% anti-scam but if I may quote CZ, "Lastly, security is a cat-and-mouse game. You have to continuously upgrade your defensives to stay secure. There is also no 100% security. "
Stay safe!
Grtz Zyto
Do bookmark Binance first and always open through that bookmark only.
Thanks CZ, it is great to see the owner and founder on the frontlines like this.
i wrote also a small guide on binances trading interface.
If your are interested give it a look ;)
Hello, thank you for this guide and also i wanted to thank you for operating, in my opinion, the best crypto exchange in the world as of currently. The more i use the exchange the more i find myself not wanting to use other exchanges lol one thing i must ask is please allow away for International customers to verify their accounts with country I.D. because personally I do not have a passport and know plenty of other traders who do not as well. Thank you
Question I could REALLY use some help with regarding my Binance account: I can't use Google authenticator on my Mac and I don't live in mainland China--can I use a different 2fa?
use it from your mobile.
I tried, but I have an iPhone so I 1) can't get the Binance app and 2) they direct me to set up 2fa on my PC??
It is quite easy.
Download 'Google Authenticator' in your mobile.
Long in on your binance account from a pc.
Enable Google Auth from your binance account.
Go back to your phone. Open the Google Authenticator. Scan the barcode/Qr-code.
Can't stop being amazed by this dedicated CEO, even with all the growth and hype, his mission for 2018 is "merely" to keep on improving customer service. Glad I stumbled upon Binance in August 2017.
Awesome post and incredibly helpful. Thanks for the great info!
Sponge
I was sure CZ got this! I like the unique email idea, you can also set-up a redirect to a gmail address. Keep up the good work! :)
great bina hope the phising wont happen again on bina
Very helpful!
Neat.
"There is also no 100% security. If Earth gets destroyed by a comet, the above measures may not be sufficient to save your account"
CZ how can we secure ourselves against this?
What is API key and should/can we replace it?
If you want to start investing in cryptocurrency join Coinbase and get $10 Free Bitcoin.
Why is Steam dollars not listed in Binance? You are sharing content here, but the SBD is still not listed in Binance.